Data Loss Prevention de RSA
3 likes2,836 views
The document describes RSA's Data Loss Prevention (DLP) Suite. It discusses how the RSA DLP Solution can help organizations by discovering and mitigating risks from sensitive data across endpoints, networks, applications, file systems and storage. The solution includes policies, system administration, reporting and incident workflow modules. It can enforce controls on data at rest, in motion and in use to reduce risks, costs and disruptions.
Data Loss Prevention de RSA
- 1. RSA Data Loss Prevention(DLP) Suite Discover and Mitigate Business Risk from Sensitive Data
- 2. RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors Customer Case Studies 2 2
- 3. Why is Information Security So Difficult? Endpoint Network/E-mail Apps/DB FS/CMS Storage LAN Internal Enterprise Production File Server Employees Applications Disk Arrays Backup WAN Database Tape VPN Backup Business Replica File Server Disk Arrays System Remote Analytics Employees Disk Arrays Backup Disk SharePoint and other Outsourced Staging Collaboration & Partners Dev. Content Mgmt Systems 3 Endpoint Network/E-mail Apps/DB FS/CMS Storage
- 4. We Are Exposed At Every Point Endpoint Network/E-mail Apps/DB FS/CMS Storage LAN Network Leak Endpoint Privileged User Privileged User Tapes lost or Internal Email-IM-HTTP- Enterprise File Server theft/loss FTP-etc. BreachProduction Breach stolen Backup Employees Applications Database Disk Arrays WAN Tape VPN Backup E-mail leak or Business DB or Replica App, File Server Disk Arrays System Endpoint Leak File Server / CMS Remote packets sniffed Encryption Key via print/copy in transit Analytics Hack Hack Employees Disk Arrays Backup Disk SharePoint and other Public Outsourced Staging Collaboration & (Semi) Discarded disk IP Sent to Partners Unintentional Infrastructure Dev. non trusted user Access Hack Distribution Content User Trusted Mgmt exploited Misuse Systems 4 Endpoint Network/E-mail Apps/DB FS/CMS Storage
- 5. There Are Many Point Solutions Endpoint Network/E-mail Apps/DB FS/CMS Storage Mobile Email Application File Encryption Encryption Encryption Encryption LAN Tape Internal Enterprise Production File Server Encryption Employees Applications Disk Arrays Backup WAN Database Tape Port Network Database CMS/FS Monitoring Monitoring Encryption Access Controls VPN Backup Business Replica File Server Disk Arrays System Remote File Network Activity Encryption Encryption Analytics Monitoring eDRM Employees Disk Encryption Disk Arrays Backup Disk App/DB SharePoint and other eDRM eDRM Outsourced Staging File Collaboration & Partners Discovery Discovery Dev. Content Mgmt Systems 5 Endpoint Network/E-mail Apps/DB FS/CMS Storage
- 6. The Business Case for DLP Reduce Risk | Minimize Cost | Avoid Disruption Reduce Risk 1. What data can you catch? Where? 2. What can you do about it? 3. Time to Value Minimize Cost Avoid Disruption 1. Product 1. Consider the “who” not just “what” 2. People 2. Make controls transparent to users a) Setup/Maintain b) Investigations 3. Involve the data owners c) Remediation 3. Infrastructure 6
- 7. RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors Customer Case Studies 7 7
- 8. RSA Data Loss Prevention Suite Policy System RSA DLP Reporting & Incident Management Administration Dashboard Workflow Enterprise Manager Policies Incidents DLP Datacenter DLP Network DLP Endpoint Discover sensitive data Monitor all traffic for Discover sensitive data from everywhere sensitive data and Monitor user actions Enforce controls on Enforce controls on Enforce controls on both sensitive data sensitive transmissions data and user actions Third Party Enforcement Controls 8
- 9. Reducing Your Sources of Risk: Data at Rest Discover Analyze Remediate Rescan sources to measure and manage risk File shares, Servers, Laptops 300+ File types Databases & Repositories Remediation •Windows file shares •Microsoft Office Files •SharePoint • Secure Delete •Unix file shares •PDFs, PSTs •Documentum • Manual/Auto Move •NAS / SAN storage •Zip files •Microsoft Access • Manual/Auto Quarantine •Windows 2000, 2003 •CATIA files •Oracle, SQL • Notifications •Windows XP, Vista •Content Mgmt systems • eDRM 9
- 10. Protecting Data in the Network: Data in Motion Monitor Analyze Enforce Email Instant Messages Web Traffic Remediation •SMTP email •Yahoo IM •FTP •Audit •Exchange, Lotus, etc. •MSN Messenger •HTTP •Block •Webmail •AOL Messenger •HTTPS •Encrypt •Text and attachments •TCP/IP •Log 10
- 11. Protecting Data at the Endpoint: Data in Use Monitor Analyze Enforce Print & Burn USB Copy and Save As Actions & Controls •Local printers •External hard drives •Copy to Network shares • Allow •Network printers •Memory sticks •Copy to external drives • Justify •Burn to CDs/DVDs •Removable media •Save As to external • Block drives • Audit & Log 11
- 12. How Can RSA DLP Solution Help? Identify and address sources of risk Discover Identify broken business processes Enforce data security policies for compliance Enforce Leverage third-party control solutions Educate employees on policy and risk Educate Provide insight into violations & policies Monitor and protect all egress points Protect Prevent sensitive data from leaking out 12
- 13. How Can DLP Solutions Reduce Risk? Endpoint Network Apps/DB FS/CMS Storage Customers Privileged Privileged Privileged Privileged People Users Users Users Users • Discover unsafe user behavior and educate WWW Internal Production employees on security policies Employees eCommerce Applications Database Disk Arrays Backup Tape WAN Processes Enterprise Production Backup LAN Database File Server Disk • Identify and fix broken business processes Remote Campuses Applications Arrays System VPN Technology Business Analytics Replica Portals Disk Backup Remote • Leverage technology controls more effectively Employees Arrays Disk to secure data Outsourced Staging Collaboration & Dev. Disk Content Mgmt 13 Systems Arrays Partners 13
- 14. RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors Customer Case Studies 14 14
- 15. Top 5 Success Factors for DLP E Policy & Identity Incident Enterprise Built-In vs. Classification Aware Workflow Scalability Bolt-On More policies and Identity awareness Consolidated alerts Scan more data Common policies better policies for for classification, with the right faster with lesser across the classification and controls and information to the hardware and infrastructure - risk mitigation remediation right people for the resources EMC, Cisco and right actions Microsoft 15
- 16. Policy & Classification More policies and better policies for classification and risk mitigation • Unified policy framework • Best of breed classification • 150+ built in policy templates • Information Policy and Classification team • Highest accuracy per Wipro analysis 16
- 17. Identity Awareness Identity awareness for classification, controls and remediation • Identity-based Policy E.g. Group x can send data y out • Identity-based notification E.g. Notify the persons manager • Identity-based control E.g. Lock this data so only group x can open • Integration with Microsoft Active Directory 17
- 18. Incident Workflow Consolidated alerts with the right information to the right people for the right actions • Intelligent correlation of events into incidents • Right alerts to the right people in the right order • Intuitive workflow to remediate violations • Scheduled reports sent to subscribers automatically • Integration with RSA enVision to simplify security operations 18
- 19. Enterprise Scalability E Scan more data faster with lesser hardware and resources • Support distributed deployments • Scale to 100’s of thousands of users • Unique Grid Scanning technology • Scan large amounts of data faster and cheaper 19
- 20. Built-in Vs. Bolt-on Common policies across the infrastructure – Microsoft, Cisco and EMC • Leverage your existing infrastructure • Microsoft: Integration with Microsoft RMS and will also integrate RSA DLP data classification engine and policies into Microsoft infrastructure • Cisco: Integration with IronPort • EMC: Integration with Documentum, Celerra, SourceOne, etc. 20
- 21. RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors Customer Case Studies 21 21
- 22. Customers From A Wide Range of Industries 22
- 23. How Can We Help Your Current Status We Can Help Gathering Information By Offering 1. Investigating DLP in general 1. Risk Advisor to discover current risk 2. Identifying business drivers 2. Free Scan to support business case 3. Developing a business case 3. ROI/TCO analysis for DLP 4. Identifying a Project Sponsor 4. DLP workshop Planning to Procure and Deploy By Providing 1. Have a defined DLP project 1. A framework for DLP evaluation 2. An evaluation environment 2. Developing a detailed DLP project 3. A detailed DLP proposal 3. Evaluating DLP vendors 4. Deployment architecture 23
- 24. 24