1 / 53

DLP Blades

DLP Blades. CPU Iberia 2012. Data Loss Prevention. Data breaches have happened to all of us. What is DLP?. John.Stevens@yahoo.com. Corporate Strategy. Green World Strategy Plan 2010. Company document uploaded to an external website. E-mail sent to the wrong

hope
Télécharger la présentation

DLP Blades

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DLP Blades CPU Iberia 2012

  2. Data Loss Prevention Data breaches have happened to all of us What is DLP? John.Stevens@yahoo.com Corporate Strategy Green World Strategy Plan 2010 Company document uploaded to an external website. E-mail sent to the wrong recipient, intentionally or by mistake.

  3. Data Breaches—Headline Examples Brand Damage Compliance Liabilities Costly Fines

  4. It’s Not Just About Regulatory Compliance Compliance Security • Customer data • Corporate data • Patient data • Intellectual property • Strategic plans • Internal data Chief Compliance Officer Chief Security Officer

  5. DLP Has Not Yet Been Solved! Technology IT Staff Challenge Challenge Burden of incident handling Computers can not reliably understand human content and context Exposure to sensitive data

  6. Check Point Makes DLP Work Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue Confidential data sent to the wrong recipient! User prompted to take action User remediates ‘John’ <john@greenworld.com> John.Stevens@yahoo.com John.Stevens@yahoo.com Corporate Strategy Green World Strategy Plan 2010 John, Let’s review the corporate strategy in our morning meeting.

  7. Introducing Check Point Data Loss Prevention Prevent Move from detection to prevention Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue Educate Users on corporate data policies Enforce Data loss business processes Check Point Combines Technology and Processes to Make DLP Work NEW! John.Stevens@yahoo.com Corporate Strategy Green World Strategy Plan 2010 John, Let’s review the corporate strategy in our morning meeting.

  8. How Does Check Point DLP Work? MultiSpect™ Detection Engine Simple Rule-based Policy Management Full Network Enforcement

  9. New MultiSpect™ Technology 600+ File Formats 500+ Data Types Correlates data from multiple sources using open language Detects more than 600 file formats Over 500 pre-defined content data types Detect and recognize proprietary forms and templates MultiSpect Detection Engine

  10. Simple Rule-based Policy Management Easily Define Policy to Detect, Prevent or Ask User

  11. Unified Control and Deployment For Unified Control Across the Entire Security Infrastructure Centralized Management Data Loss Prevention

  12. Ease-of-Deployment On Existing Gateways or Open Servers Be Up and Running Day-1! DLP-1 Dedicated Appliance Software Blade Network-based Inline Solution

  13. Check Point DLP At-A-Glance Scaling from hundred to thousandsof users Supporting HTTP, SMTP and FTP protocols Move from Detection to Prevention Inline network-based Software Bladerunning on any existing Check Point gateway UserCheck notification using either thin agent or a returning email to the user Proactively block intentional and unintentional data loss

  14. Check Point DLP in Detail Check Point DLP User Scenarios Key DLP Technologies

  15. Check Point DLP at Work Filter communications of confidential information based on policy exception Block Web upload of proprietary information Ask user to confirm and remediate potential breach Scenario 1: Prevent Scenario 2: Enforce Scenario 3: Alert, Ask and Educate

  16. Preemptively Prevent Data Breaches Developer uploads source code to file share to work on from home Rights to files posted to file-sharing sites transfer to host site Check Point DLP blocks upload and notifies user Web Upload of Proprietary Information http://mywebuploads.com Software Developer Jenn@gmail.com jsimmons@dlpdemo.com Code subroutine to work on from home

  17. Filter Based on Corporate Data Policies Data Loss Prevention Alert An email that you have just sent has been identified as containing sensitive information. An email that you have just sent has been allowed based on DLP policy exception. For additional details, please refer to the Corporate Data Security Policy jcraicg@mylawyer.com M&A letter of intent for review Corporate VP sends M&A contract to attorney Alert notifies user of data policy ProjectAtlantisLoI.pdf Policy Exception Allows Email to Pre-selected Recipients Hi James, We have revised the terms of the acquisition. Attached is the Letter of Intent for your review. Thanks,David Corporate Development VP

  18. Alert, Ask and Educate Users Company CFO sends preliminary financial statement to external auditor Alert asks owner of sensitive data to confirm communication User provides an explanation of his request to send Check Point Brings User Remediation to DLP Greg.Smith@ernstyoung.com mattg@dlpdemo.com Preliminary Financial Statement Reconsider sending this email (Preli… Preliminary_financials.pdf Preliminary Financial Statement The attached message, sent by you, is addressed to an external email address. The Check Point Data Loss Prevention System determined that it may contain confidential information. Email’s attachment Preliminary_financials.pdf appears to contain financial records. The message is being held until further action. Send, Discard, or Review Issue Greg, Sending you the Q1 preliminary financials for audit. Thanks, Matt Gerhart Chief Financial Officer ACME Corp. mattg@acmecorp.com Check Point Data Loss Prevention Reconsider sending this email (Prelimi… Fri 4/2/2010 3:45 PM Rachel Greene Fri 4/2/2010 1:23 PM PCI Audit Status Thu 3/2/2010 9:45 AM Tom Peters Sales Planning Meeting Preliminary Financial Statement mattg@acmecorp.com Chief Financial Officer Hi, This information is OK to send to our outside auditor. Thanks, Matt

  19. Key Technologies UserCheck™ provides User Remediation Align DLP Rules to Your Policies and Processes MultiSpect™ Detection Engine

  20. UserCheck Provides User Remediation Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue 2. User alert 1. Mail sent or document uploaded 3. User remediation Real-time Educational Non-disruptive

  21. Align With Your Business Processes Suspicious Communications Examples • Spreadsheets with over 500 rows • More than 5 financial terms • External recipients in BCC • More than 10 company names • Profanity Adapts to Your Processes and Environment Identify unconventional business communication behavior

  22. MultiSpect™ Detection Engine Multi-data Correlation Prevents Potential Violations Prevents sending sensitive data to wrong recipients Correlates a combination of data types

  23. MultiSpect Form Detection • Forms/Partial Forms • Recognize sensitive forms and templates Detect and Recognize Your Proprietary Forms • Examples • HR forms / salary / offers • Financial docs • Patient records • Insurance forms • Bank forms Insurance claim.pdf

  24. MultiSpect Open Scripting Language Custom Data Type • Open Scripting Language Extended Data Type Creation • Create completely new data types • Enhance existing data types • Flexibly tailor DLP to your environment

  25. AdvancedFeatures

  26. Check Point Exchange Agent Internal DLP – Use Cases • Finance Reports leaving Finance • Highly restricted documents and presentations leaving Executive Management Group • HR forms leaving HR • Source code, designs, patents sent from RND department • Investment analysts cannot talk to brokers directly

  27. Exchange Agent Architecture Policy, Status, Statistics Check Point Agent DLP Software Blade SIC Message (copy), result TLS Transport Service Exchange Server 2007/2010 Security Gateway R75.20

  28. Check Point Exchange Agent

  29. Check Point Exchange Agent

  30. Check Point Exchange Agent

  31. Check Point Exchange Agent

  32. Check Point Exchange Agent

  33. Check Point Exchange Agent

  34. Internal DLP policy examples

  35. HTTPS Inspection

  36. HTTP on non standard ports

  37. User Decision Learning

  38. Domain at Destination

  39. Extreme conditions and High CPU

  40. Over 500 out-of-the-box data types • Even easier to get started with over 500 of the box data types, including: • PCI, HIPAA, GLBA, SEC related • Over 150 new data types.

  41. Examples – new data types

  42. Visibility and administrative tools • DLP status and statistics in Smart Dashboard and SmartView Monitor • Administrators can Send or Discard quarantined emails via the SmartView Tracker and SmartEvent

  43. DLP status and statistics

  44. Administrators Send/Discard

  45. Shield administrators from viewing sensitive data • Granular DLP administrator permissions • Mask credit card numbers by logging only the last 4 digits

  46. DLP permissions

  47. Mask credit card numbers

  48. Templates & CPcode enhancements • Templates • Add option not to match on original uploaded empty template • Log % template match • Dynamically load a directory of templates into a single data type (No UI) • CPcode • Validate keyword/regular expression matches • Validate the entire data type • Accepts CSV data files as input • Mask sensitive details

  49. Templates

  50. CPcode examples

More Related