how to lock down data in motionmedia.techtarget.com/searchsecurity/downloads/dp_tombowers.pdf ·...
TRANSCRIPT
![Page 1: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/1.jpg)
How to Lock Down Data in Motion
Tom BowersManaging DirectorSecurity Constructs LLC
Technical EditorInformation Security MagazineSearchSecurity.com
![Page 2: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/2.jpg)
Contents
• Business drivers• The strategic architecture• The content protection layers• Evaluating technologies• Active protections• Enabling technology• Passive protections• Conclusions
![Page 3: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/3.jpg)
Business Drivers
•Intellectual property
•Information leakage egress points
•Forensics
•Regulations
•eDiscovery
Steptoe and Johnson International AttorneyseCommerce Law Weekly Newsletterwww.steptoe.com/publications-signup.html
![Page 4: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/4.jpg)
eDiscovery – The Framework• New Rules December 2006
• Amendment to the Federal Rules for Civil Procedure
• Prior rules were based on paper evidence which was not a good fit for electronic data
• Four Major Components
• Document Retention Policies and Requirements
• Electronic Discovery
• Cost allocation of electronic discovery
• Spoiling evidence and consequences
• Guidance Software – Encase Forensics
![Page 5: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/5.jpg)
eDiscovery - Data Sources
• LAN• WAN• Active Data• Stored Data• Metadata***
• Now legally searchable• Likely to a huge area of legal vulnerability
• Legacy Data• Stored on outdated hardware or software
• Residual data***• Deleted data that may be retrieved via an undelete
command
![Page 6: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/6.jpg)
Strategic Architecture
1. Policies: Practical and legal framework.2. Procedures: Meet policy guidelines operationally.3. Contracts: Legal framework for using corporate intellectual
property.4. Vendor selection: Standard testing protocol for vendor /
product selection.5. Auditing: Ensures that all stated policies and procedures
are being followed. 6. Active protections: Those technologies and business
processes that dynamically protect content (encryption, port control…).
7. Passive protections: Technologies and business process that provide monitoring, investigation or auditing of content usage.
![Page 7: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/7.jpg)
The Technologies
•Evaluating technology
•Active Protections
•Enabling Technologies
•Passive Protections
![Page 8: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/8.jpg)
Evaluating Technology/Evaluation Criteria• Installation• Initial configuration• Scalability• Management/ Administration
• Usability, Adjustments, Helpdesk, Admin time required to operate, Training
• Reporting• Documentation• Integration into other security or networking
systems• Security of the device
![Page 9: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/9.jpg)
Active Protection• Encryption (Utimaco, Safeboot, GuardianEdge)
• Full disk• PCMCIA encryption cards• TPM encryption chips
• Digital Rights Management (Authentica, Liquid Machines, Sealed Media)
• Secure Storage Devices (RedCannon, Kanguru, Kingston)
•Port Control (Safend, SecureWave)•Mobile Device (Nokia, Credant)
![Page 10: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/10.jpg)
Enabling TechnologyIdentity Management
• User identity across devices• Framework for use with outsourced partners• Easier auditing• Better reporting
![Page 11: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/11.jpg)
Passive ProtectionContent Monitoring – What to Evaluate
• Percentage of internet traffic monitored
• Internal versus external network
• Ports agnostic
• Linguistics analysis
• Forensic capability
• Policies and filters
• Reports
• Ease of use
Vendors to watch:ReconnexCode GreenGTTBTablus (now RSA)Vericept
Where it all began:Vontu (Symantec?)
![Page 12: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/12.jpg)
The SpecificsThe Specifics
Capture data
Rebuild data
Linguistics analysis
Filters tripped
Content Monitoring Overview
![Page 13: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/13.jpg)
Content Monitoring OverviewProtocols and Data TypesProtocols and Data Types
HTTP DOCHTTPS PPTTelnet PDFSSH XLSSMTP ASCIIPOP3 JPEGWebmail GIFPCAnywhere BMPVNC MPEG…IMCitrixFTP…
![Page 14: How to Lock Down Data in Motionmedia.techtarget.com/searchSecurity/downloads/DP_TomBowers.pdf · Reconnex Code Green GTTB Tablus (now RSA) Vericept Where it all began: Vontu (Symantec?)](https://reader033.vdocuments.mx/reader033/viewer/2022052013/602a633fe5719259e73ea953/html5/thumbnails/14.jpg)
Conclusions
• Wide range of business drivers
• Review the new eDiscovery rules
• Build your architecture
• Use both innovative and mature technologies
• Technologies covers both information security and
regulatory needs