rsa 2010 kevin rowney
DESCRIPTION
Kevin Rowney's presentation at RSA 2010. Session ID: TUT-M51TRANSCRIPT
![Page 1: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/1.jpg)
Title of Presentation
Kevin Rowney
Symantec Corporation.
Session ID: TUT-M51
SECURITY BASICS BOOT CAMP: Intrusion detection and data loss prevention
![Page 2: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/2.jpg)
Agenda
What are the challenges today around data loss?
What is Data Loss Prevention (DLP)?
How does DLP address key challenges?
How does DLP work?
2
![Page 3: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/3.jpg)
• What are the challenges today around data loss?
3
![Page 4: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/4.jpg)
Data Loss Prevention is a
top 3 security project in 2010.
- Gartner Top 10 Security Priorities for 2010
285 million records were stolen
in 2008, which is more than the last 3 years combined
- PrivacyRights.org
Cyber crime has surpassed illegal drug trafficking as a criminal moneymaker.
![Page 5: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/5.jpg)
Cost of a Data Breach is Increasing
$6.75 MillionThe average cost to remediate a data breach
for US companies in 2009
5
83 MillionThe total number of consumer records in publicly
reported data breaches in 2008
Source: “Cost of a Data Breach Survey,” Ponemon Institute, 2009
$200 Billion Losses from IP theft from US companies every year
![Page 6: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/6.jpg)
Primary Threat Agents Behind Data Loss
66
Well-Meaning Insiders
Malicious Insiders Hackers
![Page 7: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/7.jpg)
DLP Risk Management Relevancy
Methods Used in Current Hacks
77
![Page 8: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/8.jpg)
Methods Used in Current Hacks
88
CAPTURE
Accesses data on unprotected systems
Installs malware to secretly acquire crucial data
3
DISCOVERY
Hacker then maps organization’s defenses from the inside
Creates a battle plan
2
INCURSION
Attacker breaks into the network by targeting vulnerable system or naïve employees
1
EXFILTRATION
Confidential data sent to back to enemy’s “home base” for exploitation and fraud
4
![Page 9: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/9.jpg)
Intrusion Detection
9
Act of detecting actions that attempt to compromise the confidentiality, integrity or
availability of a resource.
Manual
log file review
Automatic
intrusion detection
system (IDS)
intrusion prevention system (IPS)
![Page 10: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/10.jpg)
DLP Answers 3 Questions About Risk of Breach
How best toprevent its loss?
How is it being used?
Where is yourconfidential data?
10
![Page 11: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/11.jpg)
MANAGE
• Find data wherever it is stored
• Create inventory of sensitive data
• Manage data clean up
• Understand how data is being used
• Understand content and context
• Gain visibility into policy violations
• Proactively secure data
• Prevent confidential data loss
• Enforce data protection policies
DISCOVER PROTECTMONITOR
• Define unified policy across enterprise
• Detect content accurately• Remediate and report on incidents
Key DLP Capabilities
11
![Page 12: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/12.jpg)
MANAGE
MANAGE
DISCOVER
• Identify scan targets
• Run scan to find sensitive data on network & endpoint
• Enable or customize policy templates
• Remediate and report on risk reduction
MONITOR
1
2 3
PROTECT
4
5
• Inspect data being sent
• Monitor network & endpoint events
• Block, remove or encrypt
• Quarantine or copy files
• Notify employee & manager
How It Works
1
2
![Page 13: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/13.jpg)
13
SECURED CORPORATE LAN DMZDisconnected
SPAN Port or Tap
MTA or Proxy
Data Loss Prevention Architecture
![Page 14: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/14.jpg)
• Use cases: • How DLP manages risk of breach
14
![Page 15: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/15.jpg)
15
SECURED CORPORATE LAN DMZDisconnected
SPAN Port or Tap
MTA or Proxy
DLP for Storage – Use Cases
DISCOVER
PROTECT
![Page 16: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/16.jpg)
16
Fix Broken Business Processes500k Personal Records on Open Share
Find it. Fix it.Remove from open share and leave a file marker.
16
![Page 17: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/17.jpg)
17
SECURED CORPORATE LANDMZ
Disconnected
SPAN Port or Tap
MTA or Proxy
DLP for Network – Use Cases
MONITOR
PROTECT
![Page 18: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/18.jpg)
1
8
Protect Competitive Advantage Unencrypted product design documents sent to a partner
18
![Page 19: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/19.jpg)
1
9
Educate users with automated email.Protect intellectual property.
Protect Competitive Advantage Unencrypted product design documents sent to a partner
19
![Page 20: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/20.jpg)
20
SECURED CORPORATE LAN DMZDisconnected
SPAN Port or Tap
MTA or Proxy
DLP for Endpoint – Use Cases
MONITOR
DISCOVER
PROTECT
![Page 21: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/21.jpg)
2
1
Fix Exposed Data on a DesktopCall center records improperly stored on an Endpoint
21
![Page 22: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/22.jpg)
2
2
Notify user via automated email.Empower users to self remediate.
Clean Up Exposed Data on a DesktopCall center records improperly stored on an Endpoint
22
![Page 23: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/23.jpg)
Protect Competitive AdvantagePricing copied to USB
23
![Page 24: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/24.jpg)
24
Stop it from being copied to USB.Notify User. Launch investigation.
Protect Competitive AdvantagePricing copied to USB
24
![Page 25: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/25.jpg)
Prevent Breach of Customer DataSensitive data sent via personal webmail
Block the email.On or off the corporate network.
25
![Page 26: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/26.jpg)
1000
800
600
400
200
0
Inci
de
nts
Pe
r W
ee
k
Remediation
Notification
Prevention
Risk Reduction Over Time
Visibility
Continuous Risk Reduction
![Page 27: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/27.jpg)
Expected Measurable Risk Reduction
80% risk reduction in 20
days with automated notification
70% risk reduction due to employee
education
95% reduction in new
incidents within one year due to
automated protection
98% reduction in unauthorized
sharing of design specs
with fingerprinted
detection
97% risk reduction due to structured data
detection of every U.S.
citizen’s SSN and identify
information
Healthcare InsuranceFinancial Services
Business Services
Manufacturing
![Page 28: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/28.jpg)
How Most Enterprises Get Started with DLP
2
8
• In your enterprise, is exposure likely to translate to breach?
• Do these threat models make sense to the “C-level” execs?
Define your requirements: Is
DLP for you?
• DLP risk-assessments are an easy way to measure exposure
• In many cases, risk-assessments catch live breaches on site
How big is your company’s risk?
• Who’s solution is the best fit for your requirements?
Explore initial discussions with
vendors
![Page 29: RSA 2010 Kevin Rowney](https://reader033.vdocuments.mx/reader033/viewer/2022042623/5473e47fb4af9fb40a8b55f6/html5/thumbnails/29.jpg)
Title of Presentation
Kevin Rowney
Symantec Corporation.
Thank You!