DLP Blades CPU Iberia 2012
Data Loss Prevention Data breaches have happened to all of us What is DLP? John.Stevens@yahoo.com Corporate Strategy Green World Strategy Plan 2010 Company document uploaded to an external website. E-mail sent to the wrong recipient, intentionally or by mistake.
Data Breaches—Headline Examples Brand Damage Compliance Liabilities Costly Fines
It’s Not Just About Regulatory Compliance Compliance Security • Customer data • Corporate data • Patient data • Intellectual property • Strategic plans • Internal data Chief Compliance Officer Chief Security Officer
DLP Has Not Yet Been Solved! Technology IT Staff Challenge Challenge Burden of incident handling Computers can not reliably understand human content and context Exposure to sensitive data
Check Point Makes DLP Work Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue Confidential data sent to the wrong recipient! User prompted to take action User remediates ‘John’ <email@example.com> John.Stevens@yahoo.com John.Stevens@yahoo.com Corporate Strategy Green World Strategy Plan 2010 John, Let’s review the corporate strategy in our morning meeting.
Introducing Check Point Data Loss Prevention Prevent Move from detection to prevention Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue Educate Users on corporate data policies Enforce Data loss business processes Check Point Combines Technology and Processes to Make DLP Work NEW! John.Stevens@yahoo.com Corporate Strategy Green World Strategy Plan 2010 John, Let’s review the corporate strategy in our morning meeting.
How Does Check Point DLP Work? MultiSpect™ Detection Engine Simple Rule-based Policy Management Full Network Enforcement
New MultiSpect™ Technology 600+ File Formats 500+ Data Types Correlates data from multiple sources using open language Detects more than 600 file formats Over 500 pre-defined content data types Detect and recognize proprietary forms and templates MultiSpect Detection Engine
Simple Rule-based Policy Management Easily Define Policy to Detect, Prevent or Ask User
Unified Control and Deployment For Unified Control Across the Entire Security Infrastructure Centralized Management Data Loss Prevention
Ease-of-Deployment On Existing Gateways or Open Servers Be Up and Running Day-1! DLP-1 Dedicated Appliance Software Blade Network-based Inline Solution
Check Point DLP At-A-Glance Scaling from hundred to thousandsof users Supporting HTTP, SMTP and FTP protocols Move from Detection to Prevention Inline network-based Software Bladerunning on any existing Check Point gateway UserCheck notification using either thin agent or a returning email to the user Proactively block intentional and unintentional data loss
Check Point DLP in Detail Check Point DLP User Scenarios Key DLP Technologies
Check Point DLP at Work Filter communications of confidential information based on policy exception Block Web upload of proprietary information Ask user to confirm and remediate potential breach Scenario 1: Prevent Scenario 2: Enforce Scenario 3: Alert, Ask and Educate
Preemptively Prevent Data Breaches Developer uploads source code to file share to work on from home Rights to files posted to file-sharing sites transfer to host site Check Point DLP blocks upload and notifies user Web Upload of Proprietary Information http://mywebuploads.com Software Developer Jenn@gmail.com firstname.lastname@example.org Code subroutine to work on from home
Filter Based on Corporate Data Policies Data Loss Prevention Alert An email that you have just sent has been identified as containing sensitive information. An email that you have just sent has been allowed based on DLP policy exception. For additional details, please refer to the Corporate Data Security Policy email@example.com M&A letter of intent for review Corporate VP sends M&A contract to attorney Alert notifies user of data policy ProjectAtlantisLoI.pdf Policy Exception Allows Email to Pre-selected Recipients Hi James, We have revised the terms of the acquisition. Attached is the Letter of Intent for your review. Thanks,David Corporate Development VP
Alert, Ask and Educate Users Company CFO sends preliminary financial statement to external auditor Alert asks owner of sensitive data to confirm communication User provides an explanation of his request to send Check Point Brings User Remediation to DLP Greg.Smith@ernstyoung.com firstname.lastname@example.org Preliminary Financial Statement Reconsider sending this email (Preli… Preliminary_financials.pdf Preliminary Financial Statement The attached message, sent by you, is addressed to an external email address. The Check Point Data Loss Prevention System determined that it may contain confidential information. Email’s attachment Preliminary_financials.pdf appears to contain financial records. The message is being held until further action. Send, Discard, or Review Issue Greg, Sending you the Q1 preliminary financials for audit. Thanks, Matt Gerhart Chief Financial Officer ACME Corp. email@example.com Check Point Data Loss Prevention Reconsider sending this email (Prelimi… Fri 4/2/2010 3:45 PM Rachel Greene Fri 4/2/2010 1:23 PM PCI Audit Status Thu 3/2/2010 9:45 AM Tom Peters Sales Planning Meeting Preliminary Financial Statement firstname.lastname@example.org Chief Financial Officer Hi, This information is OK to send to our outside auditor. Thanks, Matt
Key Technologies UserCheck™ provides User Remediation Align DLP Rules to Your Policies and Processes MultiSpect™ Detection Engine
UserCheck Provides User Remediation Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue 2. User alert 1. Mail sent or document uploaded 3. User remediation Real-time Educational Non-disruptive
Align With Your Business Processes Suspicious Communications Examples • Spreadsheets with over 500 rows • More than 5 financial terms • External recipients in BCC • More than 10 company names • Profanity Adapts to Your Processes and Environment Identify unconventional business communication behavior
MultiSpect™ Detection Engine Multi-data Correlation Prevents Potential Violations Prevents sending sensitive data to wrong recipients Correlates a combination of data types
MultiSpect Form Detection • Forms/Partial Forms • Recognize sensitive forms and templates Detect and Recognize Your Proprietary Forms • Examples • HR forms / salary / offers • Financial docs • Patient records • Insurance forms • Bank forms Insurance claim.pdf
MultiSpect Open Scripting Language Custom Data Type • Open Scripting Language Extended Data Type Creation • Create completely new data types • Enhance existing data types • Flexibly tailor DLP to your environment
Check Point Exchange Agent Internal DLP – Use Cases • Finance Reports leaving Finance • Highly restricted documents and presentations leaving Executive Management Group • HR forms leaving HR • Source code, designs, patents sent from RND department • Investment analysts cannot talk to brokers directly
Exchange Agent Architecture Policy, Status, Statistics Check Point Agent DLP Software Blade SIC Message (copy), result TLS Transport Service Exchange Server 2007/2010 Security Gateway R75.20
Over 500 out-of-the-box data types • Even easier to get started with over 500 of the box data types, including: • PCI, HIPAA, GLBA, SEC related • Over 150 new data types.
Visibility and administrative tools • DLP status and statistics in Smart Dashboard and SmartView Monitor • Administrators can Send or Discard quarantined emails via the SmartView Tracker and SmartEvent
Shield administrators from viewing sensitive data • Granular DLP administrator permissions • Mask credit card numbers by logging only the last 4 digits
Templates & CPcode enhancements • Templates • Add option not to match on original uploaded empty template • Log % template match • Dynamically load a directory of templates into a single data type (No UI) • CPcode • Validate keyword/regular expression matches • Validate the entire data type • Accepts CSV data files as input • Mask sensitive details