Information Leakage - A knowledge Based Approach
Download as PPT, PDF1 like665 views
The document discusses the critical issue of information leakage, highlighting various threats such as insider attacks, and the costs associated with data breaches. It emphasizes the need for a holistic approach to data protection that integrates people, processes, and technology, including the implementation of Data Loss Prevention (DLP) solutions. The document outlines the steps required to develop a data protection strategy, classify sensitive data, and continuously monitor and refine security measures.
Information Leakage - A knowledge Based Approach
- 1. ILLYAS KOOLIYANKAL CISO - ADX
- 2. Information Leakage – A Knowledge Based Approach
- 3. Introduction Some real life examples Existing Security Mechanisms? Best Approach towards Protection Protection Mechanisms Technology behind DLP Case Study Summary
- 4. Why Data is a Priority? Indirect Costs $1.5M $15/record Opportunity Costs $7.5M $75/record Direct Costs $5.0M $50/record Cost of Data Breaches $140/record Source: Ponemon Institute SVB Alliant Leakage of confidential/ proprietary information Un patched vulnerabilities Insider attacks Spyware Phishing attacks Malicious Code Spam Denial of Service attacks Fraud Keystroke loggers 52% 24% 18% 14% 10% 4% 4% 4% 2% 2% What do you consider to pose the biggest current threat to your organization’s overall security? (multiple responses) Source: Merrill Lynch survey of 50 North American CISOs, July 2006
- 5. 70% - loss caused by insiders 23% of loss is from malicious intent 92% use email to send confidential data 55% use portable devices to take confidential data out of the workplace every week Some stats
- 6. Top Leakage concerns of customers
- 7. A serious Concern Now? More mobility, flexibility Criminals Business impact – Reputation, monitory, growth, … Legal and Regulatory compliances International standards like ISO 27001 Personally…
- 8. A researcher, who accidentally sends a new product formula to hundreds of partners OR A junior member of the finance team who unknowingly exposes the company’s unannounced financial results to the public
- 9. A Hard-working, loyal employee who takes home his laptop or a USB drive for the weekend to get work done and Accidentally leaves it on the subway as he runs to greet his children at the end of a long workweek “ Internal risk that can lead to data loss are real.”
- 10. Data Leakage - Boundary Employees (remote workers, mobile workers) Business Partners (Suppliers, outsourcers, consultants) Customers Hackers Contractors Temporaries Visitors Digital Business Cyber-crime SOURCE: FORRESTER RESEARCH Employees Sensitive Data Competitors
- 12. Data - Concerns
- 13. Holistic Approach People Process Technology
- 14. Develop and implement fool proof processes in overall business environment (Information –at all stages/states) Staff Awareness and support Implement appropriate technology to assist the users and the organization to protect the data efficiently and without business interruption.
- 15. Information leaked by Internal/Authorized users Performance issues. False Positives and False Negatives User Resistance & Org Culture of Trust, openness Impact to the normal business operations? Challenges!
- 16. Business requires information easily and seamlessly Existing security solutions and tools-limited capability Huge amount of sensitive data; unwanted/outdated data Is it Easy?
- 17. Approach it as a business problem, not technical. Formulate a comprehensive strategy for Data protection Develop a classification policy Analyze various data sources and data, classify it, and conduct detailed risk assessment. Identify and select an appropriate technical solution for DLP How can you protect?
- 18. How can you protect? State of the Data– in motion, at rest, in use. Develop/Decide on the policies to be applied based on the sensitivity and classification Apply light weight policies and train the users to be more careful Actions – Controls (Log, Alert, Justification, block, etc) Monitor and Fine Tune Approach it phase by phase – Begin with log only, analyze the events and tighten the controls slowly and steadily.
- 19. Data At Rest Data classification Device control Content control Application control Transaction Data Direct Database Access Access via Applications Web applications Web services Communication Channels Data In Motion Outgoing communications Internal communications Databases and documents Monitoring and enforcement Courtesy: www.PortAuthorityTech.com The Landscape Databases Transaction Applications Data Storage (SAN and NAS) Servers, Endpoints Employees (Honest & Rogue ) Customers & Criminals Accidental, Intentional and Malicious Leaks Employees (Honest & Rogue) Employees (Honest & Rogue)
- 20. Lets you secure the data you know you need to protect Automate the discovery and understanding of the data you don’t know By securing all your information—from the datacenter to the network endpoints—you protect it through all phases of its lifecycle—at rest, in motion, and in use—and ensure its confidentiality and integrity. What DLP offer?
- 21. Identify and Classify data in motion, at rest, and in use Dynamically apply the desired type and level of control, including the ability to perform mandatory access control that can’t be circumvented by the user Monitors multiple channels for specific inbound and outbound content DLP Products may differs based on these . How Does DLP Work?
- 22. Through Deep content inspection Contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.) With a centralized management framework. The systems are designed to detect and prevent the unauthorized use and transmission of confidential information How?
- 23. Capabilities
- 24. Data Protection What is the User Doing With It? Read, Write, Print, Move, Burn, Copy/Paste, Upload, etc . Where Did the Data Come From? (What Classification?) Where Is the Data Going? What is the Policy regarding Actions to be taken? Devices Applications Networks 1 4 2 3
- 25. Reduce Your Risk Audit, Notify, Quarantine, Block Encrypt … Reduce Risk Enable enforcement policy Quarantine suspicious messages Create audit trail of all communications to substantiate compliance Reduce violations to required levels Enforce Learn Define Metrics Use pre-defined policies or create custom policies Learn critical information using information fingerprinting service Monitor Monitor communication channels Reporting of matches against policies and information fingerprints Tune policies Assess Risk Courtesy: www.PortAuthorityTech.com
- 26. Information Leakage is a serious concern to organizations and individuals Approach has to be holistic addressing through People, Process and Technology DLP technology addresses Data in motion, rest and at use. Summary
- 27. Classification Policy, Information about Data and Data Source, Classify those, Select DLP Solution, Develop Policies and Test, Apply, Monitor, Fine Tune, Awareness Action – Log, Alert, Justify, Block etc.. Resistance, Org Culture, Performance, huge amount of known/unknown data etc are some of the obstacles. Start with light weight policies and gradually tighten it once the awareness and adaptability is achieved Information Leakage Prevention is an ongoing process
Editor's Notes
- #21: to create a comprehensive solution that guards against the risk posed by insiders.