prevent data leakage using windows information protection (wip)
TRANSCRIPT
Prevent Data Leakage Using
Windows Information Protection
(WIP)
Presenter:
Russell Smith
@smithrussell
Russell Smith
Russell Smith
packtpub.com
Do you prevent users accessing personal
email and cloud storage
Image Credit: Microsoft
Windows Information Protection
versus Data Leakage Protection
• DLP solutions not integrated into the OS
• WIP provides a seamless experience
• No requirement to switch ‘modes’ or use
dedicated apps
• WIP is easy to deploy and manage
Image Credit: Microsoft
Azure Information Protection
• Based on Azure RMS
• Classify, label, and protect data
• Persistent protection
• B2B sharing
Windows Information Protection –
Data Lifecycle
• Provision policy to devices
• Data from corporate resources automatically encrypted
• Enlightened apps can automatically protect, or users can be allowed to define as business or personal
• Protection retained across devices. Azure Rights Management can be used for B2B sharing
• Wipe business data on demand or when device is unenrolled
Windows Information Protection –
Enlightened vs. Unenlightened Apps
• Microsoft Edge
• Internet Explorer 11
• Microsoft People
• Mobile Office apps
• Microsoft Photos
• Groove Music
• Notepad
• Microsoft Paint
• Microsoft Movies & TV
• Microsoft Messaging
• Microsoft Remote
Desktop
Windows Information Protection –
Technology
• Encrypting File System (EFS)
• Mobile Device Management (MDM)
• Microsoft Intune
• System Center Configuration Manager (SCCM)
• 3rd-party MDM solution
Windows Information Protection –
DEMO
• Intune WIP Policy
• Data Recovery Agent (DRA)
certificate
• WIP in action
Windows Information Protection –
Limitations
• Direct Access
• Data-in-transit not protected
• Shared workstations
• Redirected folders
• External storage
PowerBroker for
Windows
Least Privilege and Application Control
for Windows Servers and Desktops
Summary: Why PowerBroker for Windows?
• Asset discovery, application control, risk compliance, Windows event log monitoring included
• Optional: Session monitoring, file integrity monitoringDeep capability
• U.S. Patent (No. 8,850,549) for the methods and systems employed for controlling access to resources and privileges per process
Mature, patented leader
• Tightly integrated with vulnerability management
• Deep reporting and analytics insights for compliance and operations
Centralized reporting, analytics and management
• Privilege and session management on Unix, Linux and Windows
• Privileged password and session management
• Integrate Linux, Unix, and Mac OS X with Microsoft AD
• Real-time auditing of AD, File System, Exchange & SQL
Part of a broad solution family
Va
lida
ted
by c
usto
me
rs a
nd
an
aly
sts
alik
e
Your solution should:
• Elevate privileges to applications, not users, on an as-needed basis without
exposing passwords
• Enforce least-privilege access based on an application’s known vulnerabilities
• Track and control applications with known vulnerabilities or malware to further
protect endpoints
• Monitor event logs and file integrity for unauthorized changes to key files and
directories
• Capture keystrokes and screens when rules are triggered with searchable
playback
Product Demonstration
Poll
Thank you for attending
today’s webinar!