Download
check point dlp technical presentation n.
Skip this Video
Loading SlideShow in 5 Seconds..
Check Point DLP Technical Presentation PowerPoint Presentation
Download Presentation
Check Point DLP Technical Presentation

Check Point DLP Technical Presentation

540 Views Download Presentation
Download Presentation

Check Point DLP Technical Presentation

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Check Point DLPTechnical Presentation

  2. Agenda 1 2 3 4 DLP and its Key Challenges Introducing Check Point DLP How Does Check Point DLP Work? Summary Check Point DLP Makes data loss prevention work

  3. Data Loss Prevention Financial data, forward-looking earnings Confidential customer data Bad media and brand damage Regulatory penalties Liability and lawsuits Why Data Loss Prevention? Company secrets and intellectual property Prevent Loss of Sensitive Data Consequences of Data Loss

  4. Data Breaches Data Breaches Have Happened to All of Us 80 to 90% of Data Breaches are Unintentional John.Stevens@yahoo.com Corporate Strategy Company document uploaded to an external website. E-mail sent to the wrong recipient, intentionally or by mistake. Green World Strategy Plan 2010

  5. DLP Challenges Technology IT Staff Challenge Challenge DLP Has Not Yet Been Solved Burden of incident handling Computers can not reliably understand human content and context Exposure to sensitive data

  6. Introducing Check Point Data Loss Prevention Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue Confidential data sent to the wrong recipient! User prompted to take action User remediates Check Point Makes DLP Work ‘John’ <john@greenworld.com> John.Stevens@yahoo.com John.Stevens@yahoo.com Green World Strategy Plan 2010 Corporate Strategy John, Let’s review the corporate strategy in our morning meeting.

  7. Introducing Check Point Data Loss Prevention Prevent Move from detection to prevention Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue Educate Users on corporate data policies Enforce Data loss business processes Check Point Combines Technology and Processes to Make DLP Work NEW! John.Stevens@yahoo.com Corporate Strategy Green World Strategy Plan 2010 John, Let’s review the corporate strategy in our morning meeting.

  8. Introducing Check Point DLP Scaling from hundreds to thousandsof users Supporting HTTP, SMTP and FTP protocols At-A-Glance Features Inline network-based Software Bladerunning on any existing Check Point gateway Alert notification using either a thin agent, an email to the user or web browser popup Proactively block intentional and unintentional data loss

  9. How Does Check Point DLP Work? UserCheck™ MultiSpect™ Detection Engine Ease of Deployment

  10. UserCheck Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue 2. User alert 1.Mail sent or document uploaded by HTTP or FTP 3. User remediation UserCheck™ Provides User Remediation by Alerting User Real-time Educational Non-disruptive

  11. UserCheck Scenarios Filter communications of confidential information based on policy exception Block Web upload of proprietary information Ask user to confirm and remediate potential breach Scenario 1: Prevent Scenario 2: Enforce Scenario 3: Alert, Ask and Educate

  12. UserCheck Scenario1 Developer uploads source code to file share to work on from home Rights to files posted to web file shares transfer to host site Check Point DLP blocks upload and notifies user UserCheck Preemptively Prevents Data Breaches http://mywebuploads.com http://mywebuploads.com src.c src2.c src3.c src4.c src5.c Software Developer Jenn@gmail.com jsimmons@dlpdemo.com src.c Code subroutine to work on from home c:\src.c

  13. UserCheck Scenario 2 Data Loss Prevention Alert An email that you have just sent has been identified as containing sensitive information. An email that you have just sent has been allowed based on DLP policy exception. For additional details, please refer to the Corporate Data Security Policy jcraicg@mylawyer.com M&A letter of intent for review Corporate VP sends M&A contract to attorney Alert notifies user of data policy ProjectAtlantisLoI.pdf 2.UserCheck Allows Filtering Based on Corporate Data Policies Hi James, We have revised the terms of the acquisition. Attached is the Letter of Intent for your review. Thanks,David Corporate Development VP

  14. UserCheck Scenario 3 Company CFO sends preliminary financial statement to external auditor User provides an explanation of his request to send User receives an email alert asking owner of sensitive data to confirm communication UserCheck Alerts, Asks and Educates Users Greg.Smith@ernstyoung.com mattg@dlpdemo.com Preliminary Financial Statement Reconsider sending this email (Preli… Preliminary_financials.pdf Preliminary Financial Statement The attached message, sent by you, is addressed to an external email address. The Check Point Data Loss Prevention System determined that it may contain confidential information. Email’s attachment Preliminary_financials.pdf appears to contain financial records. The message is being held until further action. Send, Discard, or Review Issue Greg, Sending you the Q1 preliminary financials for audit. Thanks, Matt Gerhart Chief Financial Officer ACME Corp. mattg@acmecorp.com Check Point Data Loss Prevention Reconsider sending this email (Prelimi… Fri 4/2/2010 3:45 PM Rachel Greene Fri 4/2/2010 1:23 PM PCI Audit Status Thu 3/2/2010 9:45 AM Tom Peters Sales Planning Meeting Preliminary Financial Statement mattg@acmecorp.com Chief Financial Officer Hi, This information is OK to send to our outside auditor. Thanks, Matt

  15. UserCheck Scenario 3 Company CFO sends preliminary financial statement to external auditor User provides an explanation of his request to send User receives an email alert asking owner of sensitive data to confirm communication UserCheck Alerts, Asks and Educates Users Greg.Smith@ernstyoung.com mattg@dlpdemo.com Preliminary Financial Statement Reconsider sending this email (Preli… Preliminary_financials.pdf Preliminary Financial Statement The attached message, sent by you, is addressed to an external email address. The Check Point Data Loss Prevention System determined that it may contain confidential information. Email’s attachment Preliminary_financials.pdf appears to contain financial records. The message is being held until further action. Send, Discard, or Review Issue Greg, Sending you the Q1 preliminary financials for audit. Thanks, Matt Gerhart Chief Financial Officer ACME Corp. mattg@acmecorp.com Check Point Data Loss Prevention Reconsider sending this email (Prelimi… Fri 4/2/2010 3:45 PM Rachel Greene Fri 4/2/2010 1:23 PM PCI Audit Status Thu 3/2/2010 9:45 AM Tom Peters Sales Planning Meeting Preliminary Financial Statement mattg@acmecorp.com Chief Financial Officer Hi, This information is OK to send to our outside auditor. Thanks, Matt

  16. Check Point DLP UserCheck—How it Works Employee sends file attachment to personal email to work from home Company confidential spreadsheet containing customer data

  17. Check Point DLP UserCheck—How it Works Message intercepted by Check Point DLP Message decomposed into its constituent parts by DLP engine SMTP Envelope Sender:employee2@company.com Recipients: me@gmail.com Subject: “Some homework” Check Point DLP Body: “Doc to work on …”

  18. Check Point DLP UserCheck—How it Works Apply DLP Policy per message part SMTP Envelope Sender:employee2@company.com Recipients: me@gmail.com Subject: “Some homework” Body: “Doc to work on …”

  19. Check Point DLP Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue UserCheck—How it Works Sensitive file detected User alerted—policy enforced

  20. How Does Check Point DLP Work? UserCheck™ MultiSpect™ Detection Engine Ease of Deployment

  21. New MultiSpect™ Technology 600+ File Formats 250+ Data Types Correlates data from multiple sources using open language Detects more than 600 file formats Over 250 pre-defined content data types Detect and recognize proprietary forms and templates MultiSpect Detection Engine

  22. MultiSpect: Self-Learning Technology 1.First occurrence 2. Additional occurrences Self-Learning Technology Improves Accuracy No further action No Burden on User! Doc Sent Doc Sent User remediated Systemhas learned User alerted

  23. MultiSpect Open Scripting Language Example: Use Open scripting language to create Australian Business Number data type Upload the script to DLP engine using Data Type wizard • Create completely new data types • Enhance existing data types • Unmatched flexibility in customizing DLP

  24. How Does Check Point DLP Work? UserCheck™ MultiSpect™ Detection Engine Ease of Deployment

  25. Centralized Management For Unified Control Across the Entire Security Infrastructure Quick links to priority data and actions to perform Enforcing gateways’ data Quick scan of Data Loss Prevention incidents Ratio of incidents to data inspected

  26. Controlling Your DLP Policy DLP Policy Created and Enabled DLP policy rule base Install policy Enable rules and apply policy Compliance rules for PCI and HIPAA

  27. Changing Policy Actions Action on rule now changed Quickly change action to be taken for a rule

  28. Exhaustive Out-of-the-Box Data Types With Powerful Search Functionality Easily find the data types you need Search results displayed immediately

  29. DLP Event Management • Incident Tracking: • by timeline, • by remediation, • by organization Incident Details: Look up the user name and machine info Managing Incidents with SmartEvent for DLP

  30. DLP Event Management Timeline Severity Map Powerful Tools to Manage DLP Incidents

  31. DLP Deployment • Bypass option • Bridge mode (L2) support • Integrated into Gateway • Manageability • Lower TCO • Lower carbon footprint DLP Solution Options Dedicated Appliance Software Blade

  32. DLP-1 Appliance Specifications

  33. Check Point DLP Software Blade

  34. Competitive pricing after 3 years – 1000 users Year 1: DLP-1 2571 Year 2,3: 2x DLP blade

  35. Competitive pricing after 3 years – 5000 users Year 1: DLP-1 9571 Year 2,3: 2x DLP blade

  36. DLP-1 9571 Appliances—Accessories

  37. Flexible Deployment Options Deployment Modes L2 Dedicated Deployment Options WWW Mail Server AD/LDAP server Check Point DLP Software Blade • Check Point Security Gateway Security Management and Logs • Behind perimeter gateway • Integrated Software Blade • L2 bridge mode with fail-open option • L3 routing • Behind perimeter gateway • Protect outgoing mail traffic • Behind perimeter gateway • Protect outgoing mail traffic • Directly protect user subnet Internet

  38. DLP Deployment Activating DLP: Quickly set up DLP Specify the FQDN which will be used for the DLP portal DLP Blade Wizard quickly gets DLP up and running Configure a mail server for notification emails Under Gateway General Properties, check Data Loss Prevention This starts the DLP Blade Wizard Basic DLP setup completed

  39. Differentiate Check Point DLP

  40. Summary Enforce Data PoliciesAcross the entire network Educate and Alert UsersWithout involving IT staff Prevent Data BreachesMove from detection to prevention Check Point combines technology and processes to make DLP work

  41. Thank You!