NetJets Information Security “Preventing Data Leakage”

Presenters: Information Risk Team

Agenda

• What is Data Leakage• What is Data Loss Prevention• Identified Gaps • Vendors and Options• Products to meet the Gaps• Final Thoughts

What is Data Leakage

• Data Leakage (DL) is how information advertently or inadvertently reaches unintended recipients in a competitive environment.

• Sensitive information in databases, spreadsheets, email archives and documents spread throughout the network can be lost in many different ways: by employees e-mailing unencrypted documents; through infection by a virus or worm; by malicious insiders taking advantage of lax security measures; and via stolen laptops and storage devices.

• Recent Data Losses and Breaches:• TJ Max – Largest Loss of Sensitive Financial Data in US History• Veteran Affairs – Although the hard drive was recovered, the incident caused

great distrust by former and active military personnel about trust• State of Ohio – Tape Loss resulted in a complete embarrassment for the State

Government and a loss of consumer confidence

What is Data Loss Prevention

• Data Leakage Protection (DLP) is a common security primitive with the objective of detecting and preventing confidential content from being "leaked" out of an organizations' boundaries, that is when confidential or sensitive content has escaped out of the pre-defined restricted area. Boundaries and content can be thought of as physical or logical.

• A leakage might or might not cause immediate damage, but generally means that a lack of security controls exist. Leakage can occur due to an attack or can be caused by a simple mistake or a lack of awareness.

Identified Gaps

Per the Network Security Audit completed June 25th, 2007:• It was identified that NetJets has no mechanism to capture sensitive

data• The firewalls, IPS, Anti-Virus cannot determine which data is

sensitive, confidential, internal, or public• Examples of Sensitive data is:

• Social Identification Numbers (SSN, TIN)• Birthdates• Financial Account Details (Bank Records, Credit Card)• Domicile Information (Address, Phone)• Employee Profiling (Gender, Race, Ethnicity, Origin)• Government Issued Identification (Passport, DL)• Aircraft Incidents; FAA, NTSB, TSA• Legal Proceedings

Vendors and Options

• To meet the Gap of ‘No mechanism to capture Sensitive Information’• The Information Security Team has identified several key

vendors:• Vontu• WebSense• Vericept

Products to meet the Gap of Data in Motion

• The Vendor of Choice is Vontu:• Vontu is the single most trusted vendor for addressing the

problem of data loss. By an order of magnitude, Vontu leads all DLP vendors in market share, leading by wide margins for both "in use" and "in pilot/evaluation," according to a new survey by TheInfoPro of 150 information security professionals at Fortune 1000 companies

• Vontu currently maintains approximately 60 percent market share, as well as by far the greatest number of enterprise-wide, multi-product DLP deployments. One key to customer success is the Vontu solution's proven ability to scale well beyond the limits of competing products, resulting in more large enterprise deployments than all other vendors combined. Vontu deployments now protect the data of more than four million employees, including 14 deployments of more than 100,000 employees. Small and medium-size companies also deployed Vontu software in record numbers.

Products to meet the Gap of Data in Motion

• The Vendor of Choice is Vontu:• Retail Pricing for 7000 employees to protect data in

motion would be $249,452 (which includes maintenance)

• 2009 costs for 7000 employee to protect data in motion would be $38,052 for MX (at Retail Pricing)

Data in Motion

Email

IM/Chat

Web

Secure HTTP

FTP

P2P

Generic TCP

VontuNetworkMonitor

VontuNetworkPrevent

Additional Thoughts

• The placement of the Vontu product at the edge of the Network Perimeter demands a solid proxy product• Our Recommendation for this has been:

• The Blue Coat Proxy • The BCP has the throughput to handle not

only the network load, but also provide enhanced URL filtering and is the recommended product by Vontu for this purpose.

Blue Coat Proxy Server

• The BCP would fulfill the current needs of the St. Bernard iPrism Server and provide URL filtering at a scale that is unmatched by iPrism.

Costs associated with BCP (Retail):

Year 1 w/o URL Filter$138,120Year 1 w/ URL Filter$186,000Year 2 w/o URL Filter$19,120Year 2 w/ URL Filter$25,000