1 / 14

McAfee Data Loss Prevention

2. 1. cervna 2012. Agenda. Business LandscapeData Loss is a Serious ProblemKey DLP DriversNeed for Data Loss PreventionSolution OverviewMcAfee DLP SolutionHow does it work?Use Case ScenariosMost comprehensive solutionSecurity Risk Management. 3. 1. cervna 2012. Data Loss is a Serious Everyd

ally
Télécharger la présentation

McAfee Data Loss Prevention

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. McAfee Data Loss Prevention Security and Protection of Information 2007

    2. 2 2. cervna 2012 Agenda Business Landscape Data Loss is a Serious Problem Key DLP Drivers Need for Data Loss Prevention Solution Overview McAfee DLP Solution How does it work? Use Case Scenarios Most comprehensive solution Security Risk Management For our agenda, we will cover the following topics and have a good discussion to understand specifically how data loss affects your organization. Business Landscape Data Loss is a Serious Problem Key DLP Drivers Need for Data Loss Prevention Solution Overview McAfee DLP Solution How does it work? Use Case Scenarios Most comprehensive solution Security Risk ManagementFor our agenda, we will cover the following topics and have a good discussion to understand specifically how data loss affects your organization. Business Landscape Data Loss is a Serious Problem Key DLP Drivers Need for Data Loss Prevention Solution Overview McAfee DLP Solution How does it work? Use Case Scenarios Most comprehensive solution Security Risk Management

    3. 3 2. cervna 2012 Data Loss is a Serious Everyday Issue Accidental or malicious loss of confidential data What is data loss? Data loss is the accidental or malicious loss of confidential data. It is not just about sophisticated hackers with malicious attacks. It is an everyday issue based on everyday business activities by regular employees. Data loss usually results from unintended and inadvertent misuse. What are some examples of data loss? Let me share with you a few examples Emailing of a confidential document to a competitor (or other unauthorized recipient) Printing of financial documents (and leaving in the printer tray) Copying customer record files to a USB drive (easily taken offsite) Sending an internal document via web-based email (Hotmail, Yahoo! Mail, gmail, etc.) Emailing confidential data via guest laptop on corporate net (including non-Windows systems) Sending email via Blackberry (any device sending information through the corporate network) These simple everyday tasks have escalated data loss into the limelight with tremendous impact and damage to organizations and consumers alike.What is data loss? Data loss is the accidental or malicious loss of confidential data. It is not just about sophisticated hackers with malicious attacks. It is an everyday issue based on everyday business activities by regular employees. Data loss usually results from unintended and inadvertent misuse. What are some examples of data loss? Let me share with you a few examples Emailing of a confidential document to a competitor (or other unauthorized recipient) Printing of financial documents (and leaving in the printer tray) Copying customer record files to a USB drive (easily taken offsite) Sending an internal document via web-based email (Hotmail, Yahoo! Mail, gmail, etc.) Emailing confidential data via guest laptop on corporate net (including non-Windows systems) Sending email via Blackberry (any device sending information through the corporate network) These simple everyday tasks have escalated data loss into the limelight with tremendous impact and damage to organizations and consumers alike.

    4. 4 2. cervna 2012 Business ChallengesLosing Confidential Data Today businesses are dealing with many different aspects of data loss. Organizations lose confidential data through accidental and malicious means by insiders and hackers (sometimes via modified/disguised content). Organizations lose confidential data in many different locations, whether employees and data are at work (in the office), at home (home office), or on the road (in a plane, at Starbucks) Organizations lose confidential data from all parts of the network: Servers, databases, managed and unmanaged endpoints (guest laptops, non-Windows systems, mobile email devices like Blackberry). Organizations lack the visibility and control they need to prove data security measures are in place to support compliance and corporate governance. Data loss is a significant issue on many fronts for all organizations today. Today businesses are dealing with many different aspects of data loss. Organizations lose confidential data through accidental and malicious means by insiders and hackers (sometimes via modified/disguised content). Organizations lose confidential data in many different locations, whether employees and data are at work (in the office), at home (home office), or on the road (in a plane, at Starbucks) Organizations lose confidential data from all parts of the network: Servers, databases, managed and unmanaged endpoints (guest laptops, non-Windows systems, mobile email devices like Blackberry). Organizations lack the visibility and control they need to prove data security measures are in place to support compliance and corporate governance. Data loss is a significant issue on many fronts for all organizations today.

    5. 5 2. cervna 2012 How Does Data Loss Occur? So how does data loss occur and why is it becoming a mission critical issue for organizations? The life blood of every business and institution is its core information assets, such as financial documents, customer data, source code, intellectual property and more. These pieces of data are potentially just a few mouse-clicks away from being distributed to inappropriate recipients and exposing the organization to the risk of data loss. In order to minimize the risk of data loss, organizations must gain full control and retain absolute visibility of the data leaving the employees endpoints and corporate network including: emails, instant messaging, web postings, printed documents, USB drives, CD, DVD, floppy disks, etc. In addition to accidental or malicious IT security policy breaches caused by end user actions, organizations need to protect their systems from targeted Trojans, file-sharing applications and worms that use employee credentials to access sensitive information, send the data externally without the end user or organization even being aware that it is happening. In todays world, protecting the organization against these risks is an absolute necessity, and in many cases, properly installed security measures is mandated by regulations. There are many data loss channels. So, to simplify, lets group the data loss channels into three main groups. Physical--copying files from the desktop or laptop onto a storage device (USB, iPod, CD, DVD, and other removable storage; printer, fax) Network--sending sensitive data from the endpoint (LAN, WiFi, FTP, HTTP, HTTPS) Applicationsemail, webmail, IM, screenscrape, P2P, Skype or malware (Trojan horses, spyware, worms, etc.) A DLP solution must cover all of the above data loss channels. Anything less puts organizations at risk.So how does data loss occur and why is it becoming a mission critical issue for organizations? The life blood of every business and institution is its core information assets, such as financial documents, customer data, source code, intellectual property and more. These pieces of data are potentially just a few mouse-clicks away from being distributed to inappropriate recipients and exposing the organization to the risk of data loss. In order to minimize the risk of data loss, organizations must gain full control and retain absolute visibility of the data leaving the employees endpoints and corporate network including: emails, instant messaging, web postings, printed documents, USB drives, CD, DVD, floppy disks, etc. In addition to accidental or malicious IT security policy breaches caused by end user actions, organizations need to protect their systems from targeted Trojans, file-sharing applications and worms that use employee credentials to access sensitive information, send the data externally without the end user or organization even being aware that it is happening. In todays world, protecting the organization against these risks is an absolute necessity, and in many cases, properly installed security measures is mandated by regulations. There are many data loss channels. So, to simplify, lets group the data loss channels into three main groups. Physical--copying files from the desktop or laptop onto a storage device (USB, iPod, CD, DVD, and other removable storage; printer, fax) Network--sending sensitive data from the endpoint (LAN, WiFi, FTP, HTTP, HTTPS) Applicationsemail, webmail, IM, screenscrape, P2P, Skype or malware (Trojan horses, spyware, worms, etc.) A DLP solution must cover all of the above data loss channels. Anything less puts organizations at risk.

    6. 6 2. cervna 2012 Key Drivers for Data Loss Prevention Data loss is not a new issue, but data loss prevention is a requirement in more and more organizations. So what factors are driving organizations to adopt data loss prevention? Well, today data loss is very public. Whether you catch it on the front page of the Wall Street Journal, your favorite security newsletters and websites, or industry and security magazines, theres always news about a breach. Organizations, companies, universities, government agenciesno organization is immune. Besides being public, data loss is very costly. Lets look at a few data loss examples and the main DLP adoption drivers. Breach of corporate governance Wells Fargo US$19M just in mailing costs for SB1386 (for notification) Loss of customer records and confidential data (Credit card records, Social Security #s, Financials) CardSystems Out-of-business after exposing 40M Visa/MC/Amex users ChoicePoint Fined US$26M for losing data; Market cap dropped US$800M+ (within one month) Veterans Affairs 26.5M veterans data (dating back to WWII) exposed; Sued for US$26.5B; Deputy secretary resigned Protection of intellectual property rights (Patents, Trademarks, Brand) Cisco settled with Huawei over Huawei copying and misappropriating Ciscos IOS source code Microsoft has had its source code stolen on several occasions Coca Cola employee stole new Coke formula and tried to sell to PepsiCo for US$2 million Radlan employee burned a CD-ROM with their intellectual property and tried to sell it to a Chinese competitor for $1.2M. GM insider sold design specifications to Daewoo. Data loss can have drastic consequences (brand damage, competitive disadvantage, reduced consumer confidence, lost customers, etc.) for organizations when its made publicly known, regardless if disclosure is due to regulatory requirements or by the press. Data loss is not a new issue, but data loss prevention is a requirement in more and more organizations. So what factors are driving organizations to adopt data loss prevention? Well, today data loss is very public. Whether you catch it on the front page of the Wall Street Journal, your favorite security newsletters and websites, or industry and security magazines, theres always news about a breach. Organizations, companies, universities, government agenciesno organization is immune. Besides being public, data loss is very costly. Lets look at a few data loss examples and the main DLP adoption drivers. Breach of corporate governance Wells Fargo US$19M just in mailing costs for SB1386 (for notification) Loss of customer records and confidential data (Credit card records, Social Security #s, Financials) CardSystems Out-of-business after exposing 40M Visa/MC/Amex users ChoicePoint Fined US$26M for losing data; Market cap dropped US$800M+ (within one month) Veterans Affairs 26.5M veterans data (dating back to WWII) exposed; Sued for US$26.5B; Deputy secretary resigned Protection of intellectual property rights (Patents, Trademarks, Brand) Cisco settled with Huawei over Huawei copying and misappropriating Ciscos IOS source code Microsoft has had its source code stolen on several occasions Coca Cola employee stole new Coke formula and tried to sell to PepsiCo for US$2 million Radlan employee burned a CD-ROM with their intellectual property and tried to sell it to a Chinese competitor for $1.2M. GM insider sold design specifications to Daewoo. Data loss can have drastic consequences (brand damage, competitive disadvantage, reduced consumer confidence, lost customers, etc.) for organizations when its made publicly known, regardless if disclosure is due to regulatory requirements or by the press.

    7. 7 2. cervna 2012 Paradigm Shift It is clear. Organizations need to protect their confidential data. What has been their approach? Using what security technologies? Organizations have focused on traditional security technologies, meaning access control (To ensure that only authorized persons have access to sensitive information and to restrict the types of information and resources available to those required by the employees to do their job). However, access control has proven too not enough as evidenced by many data loss examples today (even companies that have implemented access controls). Organizations need to think differentlyto think with a new paradigm. Specifically, organizations need to address this statement on the slide, Legitimate access to information does not grant the user the right to remove it from the enterprise. What does this statement mean? Heres what we know. Data loss usually happens unintentionally and usually by people authorized to access the data. Employees use the data to complete their work assignments. However, that does not mean they are authorized to transfer the data as they please. Access control does not provide visibility or control over where or to whom the information can be transferred/sent. As you can see, access controls are not enough. Access controls cannot solve this problem. Organizations need Data Loss Prevention. It is clear. Organizations need to protect their confidential data. What has been their approach? Using what security technologies? Organizations have focused on traditional security technologies, meaning access control (To ensure that only authorized persons have access to sensitive information and to restrict the types of information and resources available to those required by the employees to do their job). However, access control has proven too not enough as evidenced by many data loss examples today (even companies that have implemented access controls). Organizations need to think differentlyto think with a new paradigm. Specifically, organizations need to address this statement on the slide, Legitimate access to information does not grant the user the right to remove it from the enterprise. What does this statement mean? Heres what we know. Data loss usually happens unintentionally and usually by people authorized to access the data. Employees use the data to complete their work assignments. However, that does not mean they are authorized to transfer the data as they please. Access control does not provide visibility or control over where or to whom the information can be transferred/sent. As you can see, access controls are not enough. Access controls cannot solve this problem. Organizations need Data Loss Prevention.

    8. 8 2. cervna 2012 McAfee Data Loss Prevention Elevator Pitch Enterprises face dire consequences because they are losing confidential data without even knowing it. McAfee Data Loss Prevention is the most comprehensive solution offering complete visibility and control to instantly monitor and prevent confidential data loss at work, at home, and on the road. McAfee DLP protects enterprises from the risks of financial loss, brand damage, competitive disadvantage, lost customers and non-compliance. Absolute protection Prevent accidental or malicious data loss by insiders or hackers, even when data is disguised. Prevent data loss without disrupting legitimate day-to-day activities: For all data, formats, and derivatives Even when data is modified, copied, pasted, compressed, or encrypted. Allows organizations to focus on monitoring only the scenarios in which a user attempts on sending out sensitive data Comprehensive coverage Prevents all data loss anywhere your data goes: at work, at home, or on the road Control the way users send, access, and print sensitive data: Over the network (LAN, WiFi, SMTP, FTP, HTTP, HTTPS), Through applications (email, webmail, instant messaging, P2P), And onto storage devices (USB, iPod, CD, DVD, etc.) Multilayered protection Ensure data is protected on all servers, databases, and endpoints independent of operating system or type of device. Host and gateway protection stops data loss from all endpoints, even unmanaged devices without a DLP agent. Gateway protection stops hackers and malware from taking data from servers and databases out of the corporate network. Complete visibility Proves internal & regulatory data protection compliance to auditors, board members and other stakeholders Gather incident details such as sender, recipient, timestamp, data evidence, and more for prompt and proper response, investigation and audit. Elevator Pitch Enterprises face dire consequences because they are losing confidential data without even knowing it. McAfee Data Loss Prevention is the most comprehensive solution offering complete visibility and control to instantly monitor and prevent confidential data loss at work, at home, and on the road. McAfee DLP protects enterprises from the risks of financial loss, brand damage, competitive disadvantage, lost customers and non-compliance. Absolute protection Prevent accidental or malicious data loss by insiders or hackers, even when data is disguised. Prevent data loss without disrupting legitimate day-to-day activities: For all data, formats, and derivatives Even when data is modified, copied, pasted, compressed, or encrypted. Allows organizations to focus on monitoring only the scenarios in which a user attempts on sending out sensitive data Comprehensive coverage Prevents all data loss anywhere your data goes: at work, at home, or on the road Control the way users send, access, and print sensitive data: Over the network (LAN, WiFi, SMTP, FTP, HTTP, HTTPS), Through applications (email, webmail, instant messaging, P2P), And onto storage devices (USB, iPod, CD, DVD, etc.) Multilayered protection Ensure data is protected on all servers, databases, and endpoints independent of operating system or type of device. Host and gateway protection stops data loss from all endpoints, even unmanaged devices without a DLP agent. Gateway protection stops hackers and malware from taking data from servers and databases out of the corporate network. Complete visibility Proves internal & regulatory data protection compliance to auditors, board members and other stakeholders Gather incident details such as sender, recipient, timestamp, data evidence, and more for prompt and proper response, investigation and audit.

    9. 9 2. cervna 2012 How Does McAfee DLP Work? Here is a network topology that graphically represents how McAfee DLP works in a customer environment. 1. DLP Management console -- Located at the CSO/information officer desktop for to easily manage policy management and create reports 2. System Agent -- Located at all the corporate endpoints to monitor and prevent data loss 3. Roaming users -- Even data on mobile laptops are protected with full enforcement including physical devices (PDA, Smart phone etc.) 4. DLP Reporting Server -- Located at the corporate network and acts as data collectors from the agents 5. Data Fingerprint Server/Database -- Confidential data is fingerprinted and fingerprints are published to SIG DLP appliance 6. DLP Gateway -- Outbound SMTP and HTTP traffic is monitored for data matching fingerprints and blocked Here is a network topology that graphically represents how McAfee DLP works in a customer environment. 1. DLP Management console -- Located at the CSO/information officer desktop for to easily manage policy management and create reports 2. System Agent -- Located at all the corporate endpoints to monitor and prevent data loss 3. Roaming users -- Even data on mobile laptops are protected with full enforcement including physical devices (PDA, Smart phone etc.) 4. DLP Reporting Server -- Located at the corporate network and acts as data collectors from the agents 5. Data Fingerprint Server/Database -- Confidential data is fingerprinted and fingerprints are published to SIG DLP appliance 6. DLP Gateway -- Outbound SMTP and HTTP traffic is monitored for data matching fingerprints and blocked

    10. 10 2. cervna 2012 How McAfee DLP Works? Step I Data classification Host (Tags) Gateway (Fingerprint) Step II Reaction rules Monitor Prevent Quarantine Encrypt Step III One click deployment Step IV Real time monitoring Logs Events Reports Step I: The system administrator must configure the system definitions (applications, tags, network object, text patterns etc.) for use in the policy creation process. Classifying data is a crucial step for system accuracy and hassle free operation. By defining the needed classification rules based on the corporate policies and procedures, sensitive information is safeguarded against any attempt to transfer this information to unauthorized recipients. (1) Tags mark, track and control sensitive information. (2) Tagging rules classify information on arrival. (3) Tags stay attached to the content throughout its lifecycle. Three tagging methods: Location based tagging this option can be used to classify sensitive content based on its location on the corporate network by setting a specific host, network share or folder containing the same type of content to be classified (e.g. a shared drive on the Finance server) Application based tagging this option can be used to classify sensitive content produced by a specific application (CRM, ERP etc.). Content based tagging this option can be used to classify sensitive content by a specific keywords (e.g. Company confidential) or expression (data patterns such as credit card numbers, social security numbers, etc.) Step II: Based on the classification rules, the system administrator would create reaction rules. (1) MonitorObserve the sensitive data flow (2) PreventBlock sensitive data flow (3) QuarantineHold for security team approval (4) EncryptSend to encryption service before leaving the corporate network To efficiently handle all possible information leakages, there are various types of reaction rules. Email protection, Clipboard blocking, Screen capture prevention, Printing protection, Web posts protectionand more. Policy exceptions can be set to ensure that legitimate transfer of confidential information can happen to prevent disruption to business activities Step III: After defining all the needed rules and definitions, one-click deployment mechanism enables a flexible policy distribution Definitions and rules are distributed to agents residing on desktops Uses the active directory infrastructure. After policy has been distributed, it is applied on the corporate desktop. Step IV: The system agent will monitor and control all sensitive content transfer on the desktop. Active even when the endpoint is disconnected from the corporate network (user working off-line). Agent also logs confidential data transfer in real-time (even when working off-line). All the events and evidence are logged locally and remotely and sent to a central logging server. If agent is working off-line, all events will be stored locally and sent to the logging server upon reconnecting to the corporate network. The system real-time monitor enables the system administrator to: Monitor and sensitive corporate information. Observe all system alerts and violations in real time using the event monitor Generate comprehensive executive-level reporting. The detailed information available in the system monitor introduce comprehensive capabilities including: Risk-assessment Incident handling Forensic research (sender, recipient, timestamp, captured evidenceactual file/content of data that triggered the policy--etc. for audit trails and investigations) Communications to user Real time alert (pop-up reminder)The good news about non-malicious incidents is that they are fairly straight forward to correct through data security policies once you know they are happening. The alert on the endpoint allows the security team to provide real-time education and training about proper data security practices. Bypass optionThis option allows users to request approval in real-time for sending confidential data when it has been flagged as a policy violation. The bypass option ensures that data security policies governing data flow are enforced and legitimate day-to-day business operations are not negatively impacted. Otherwise are flagged as a policy violation. Step I: The system administrator must configure the system definitions (applications, tags, network object, text patterns etc.) for use in the policy creation process. Classifying data is a crucial step for system accuracy and hassle free operation. By defining the needed classification rules based on the corporate policies and procedures, sensitive information is safeguarded against any attempt to transfer this information to unauthorized recipients. (1) Tags mark, track and control sensitive information. (2) Tagging rules classify information on arrival. (3) Tags stay attached to the content throughout its lifecycle. Three tagging methods: Location based tagging this option can be used to classify sensitive content based on its location on the corporate network by setting a specific host, network share or folder containing the same type of content to be classified (e.g. a shared drive on the Finance server) Application based tagging this option can be used to classify sensitive content produced by a specific application (CRM, ERP etc.). Content based tagging this option can be used to classify sensitive content by a specific keywords (e.g. Company confidential) or expression (data patterns such as credit card numbers, social security numbers, etc.) Step II: Based on the classification rules, the system administrator would create reaction rules. (1) MonitorObserve the sensitive data flow (2) PreventBlock sensitive data flow (3) QuarantineHold for security team approval (4) EncryptSend to encryption service before leaving the corporate network To efficiently handle all possible information leakages, there are various types of reaction rules. Email protection, Clipboard blocking, Screen capture prevention, Printing protection, Web posts protectionand more. Policy exceptions can be set to ensure that legitimate transfer of confidential information can happen to prevent disruption to business activities Step III: After defining all the needed rules and definitions, one-click deployment mechanism enables a flexible policy distribution Definitions and rules are distributed to agents residing on desktops Uses the active directory infrastructure. After policy has been distributed, it is applied on the corporate desktop. Step IV: The system agent will monitor and control all sensitive content transfer on the desktop. Active even when the endpoint is disconnected from the corporate network (user working off-line). Agent also logs confidential data transfer in real-time (even when working off-line). All the events and evidence are logged locally and remotely and sent to a central logging server. If agent is working off-line, all events will be stored locally and sent to the logging server upon reconnecting to the corporate network. The system real-time monitor enables the system administrator to: Monitor and sensitive corporate information. Observe all system alerts and violations in real time using the event monitor Generate comprehensive executive-level reporting. The detailed information available in the system monitor introduce comprehensive capabilities including: Risk-assessment Incident handling Forensic research (sender, recipient, timestamp, captured evidenceactual file/content of data that triggered the policy--etc. for audit trails and investigations) Communications to user Real time alert (pop-up reminder)The good news about non-malicious incidents is that they are fairly straight forward to correct through data security policies once you know they are happening. The alert on the endpoint allows the security team to provide real-time education and training about proper data security practices. Bypass optionThis option allows users to request approval in real-time for sending confidential data when it has been flagged as a policy violation. The bypass option ensures that data security policies governing data flow are enforced and legitimate day-to-day business operations are not negatively impacted. Otherwise are flagged as a policy violation.

    11. 11 2. cervna 2012 Most Comprehensive Data Loss Prevention DLP is an emerging market with McAfee being the largest vendor with several young point product providers. There are two primary approaches to DLP. Gateway solutions Gateway appliances analyze content sent via the network (mainly email and web transactions) and monitor unauthorized transmissions. When the endpoint is not connected to the corporate network (e.g. laptop user sitting at Starbucks, at home, on the plane, etc.), there is no protection from unauthorized transfer of data. Although gateway-based DLP products provide much needed protection, you can see it is only a subset of the many data loss channels. Agent-based solutions Offer a much wider range of data protection capabilities. These solutions allow enterprises to monitor, control and audit the use of data on physical devices, servers, printers and network resources at all times, even when users are not connected to the company's network. However, when the endpoint does not have the agent (e.g. guest laptops, non-Windows systems, other mobile devices like Blackberry), there is no data loss visibility. Therefore, the most complete protection must combine the strength and protections of both the gateway and host-based DLP. McAfee is the answer.DLP is an emerging market with McAfee being the largest vendor with several young point product providers. There are two primary approaches to DLP. Gateway solutions Gateway appliances analyze content sent via the network (mainly email and web transactions) and monitor unauthorized transmissions. When the endpoint is not connected to the corporate network (e.g. laptop user sitting at Starbucks, at home, on the plane, etc.), there is no protection from unauthorized transfer of data. Although gateway-based DLP products provide much needed protection, you can see it is only a subset of the many data loss channels. Agent-based solutions Offer a much wider range of data protection capabilities. These solutions allow enterprises to monitor, control and audit the use of data on physical devices, servers, printers and network resources at all times, even when users are not connected to the company's network. However, when the endpoint does not have the agent (e.g. guest laptops, non-Windows systems, other mobile devices like Blackberry), there is no data loss visibility. Therefore, the most complete protection must combine the strength and protections of both the gateway and host-based DLP. McAfee is the answer.

    12. 12 2. cervna 2012 McAfee DLP Use Cases There are many data loss scenarios. Here are some key sample scenarios and how McAfee DLP can respond (monitor and block): Copy/Paste Action: McAfee DLP will block the email because it is a violation of internal security policies. A customized message will pop-up on the assistants desktop with a suitable explanation about the violation. The system administrator will receive an alert about this violation including details about the suspect computer name, user name, email recipient, date, time of violation and a copy of the attached file and email content as evidence. Document Printing Action: McAfee DLP will block the printing activity. A customized message will pop-up on the salesperson computer. The system administrator will receive an alert about this violation including details about the suspect computer name, printer name and a copy of the violated content as evidence. External storage device, such as USB Action: McAfee DLP will monitor this action. A customized message will pop-up on the visitors computer with an explanation about the company policy regarding intellectual property. The system administrator will receive an alert about this violation including details about the suspect computer name, physical device name and a copy of the violated content as evidence. Malicious Webmail Action: McAfee DLP will block the message and the attachment containing private information. A customized message will pop-up on the end users laptop, with a suitable explanation about the violation. The system administrator will receive an alert about the violation with all the relevant details including the webmail URL and copy of the violated content as evidence. Guest laptop emailing confidential data on corporate network Action: McAfee DLP will block the message containing sensitive information. The end user will receive a customized notification alert. The system administrator will receive a notification alert about the violation with all the relevant details. Sending email via Blackberry Action: McAfee DLP will block the message containing sensitive information. The end user will receive a customized notification alert. The system administrator will receive an alert about the violation with all the relevant details.There are many data loss scenarios. Here are some key sample scenarios and how McAfee DLP can respond (monitor and block): Copy/Paste Action: McAfee DLP will block the email because it is a violation of internal security policies. A customized message will pop-up on the assistants desktop with a suitable explanation about the violation. The system administrator will receive an alert about this violation including details about the suspect computer name, user name, email recipient, date, time of violation and a copy of the attached file and email content as evidence. Document Printing Action: McAfee DLP will block the printing activity. A customized message will pop-up on the salesperson computer. The system administrator will receive an alert about this violation including details about the suspect computer name, printer name and a copy of the violated content as evidence. External storage device, such as USB Action: McAfee DLP will monitor this action. A customized message will pop-up on the visitors computer with an explanation about the company policy regarding intellectual property. The system administrator will receive an alert about this violation including details about the suspect computer name, physical device name and a copy of the violated content as evidence. Malicious Webmail Action: McAfee DLP will block the message and the attachment containing private information. A customized message will pop-up on the end users laptop, with a suitable explanation about the violation. The system administrator will receive an alert about the violation with all the relevant details including the webmail URL and copy of the violated content as evidence. Guest laptop emailing confidential data on corporate network Action: McAfee DLP will block the message containing sensitive information. The end user will receive a customized notification alert. The system administrator will receive a notification alert about the violation with all the relevant details. Sending email via Blackberry Action: McAfee DLP will block the message containing sensitive information. The end user will receive a customized notification alert. The system administrator will receive an alert about the violation with all the relevant details.

    13. 13 2. cervna 2012 McAfee Security Risk Management How does DLP fit in the SRM portfolio? There are 4 principles of SRM assets, risk, protection, and compliance that are carried out by the 10 steps of the SRM lifecycle framework policy, assets, priorities, vulnerabilities, threats, risk, protection, enforcement, measurement, and compliance McAfee solutions span the 5 SRM solution segments displayed in the diagram find, evaluate, enforce, protect and fix. Specifically, how does Data Loss Prevention fit? In the five product segment categories, DLP fits in the enforce category. DLP safeguards sensitive data to prevent data loss by enforcing data security policy with McAfee Data Loss Prevention Solution How does DLP fit in the SRM portfolio? There are 4 principles of SRM assets, risk, protection, and compliance that are carried out by the 10 steps of the SRM lifecycle framework policy, assets, priorities, vulnerabilities, threats, risk, protection, enforcement, measurement, and compliance McAfee solutions span the 5 SRM solution segments displayed in the diagram find, evaluate, enforce, protect and fix. Specifically, how does Data Loss Prevention fit? In the five product segment categories, DLP fits in the enforce category. DLP safeguards sensitive data to prevent data loss by enforcing data security policy with McAfee Data Loss Prevention Solution

    14. 14 2. cervna 2012 Case Study "Data loss prevention is a top priority for Orange Communications Our purpose is to protect company information assets from as many directions as possible. McAfee's technology was superior to all the alternatives we examined, such as gateway-only solutions that do not protect from client based leakage like offline work using laptops or data leakage to removable storage devices. - Micky Belhassen, Information Security Manager Customers endorse McAfee DLP too. Orange tested many competitive alternatives and after extensive review, determined that McAfees solution is the best choice on the market.Customers endorse McAfee DLP too. Orange tested many competitive alternatives and after extensive review, determined that McAfees solution is the best choice on the market.

    15. Summary Q&A McAfee Data Loss Prevention (DLP) Prevent accidental and malicious loss of confidential data

More Related