gtb - protecting pii in the eu
DESCRIPTION
TRANSCRIPT
Protecting PII in the EUGTB Data Leak Prevention
March 27, 2012Oxford, UK
04/10/2023 Copyright GTB Technologies, Inc. 2
Price of a valid credit card w/ CVV
Price for bank account credentials
Exposed files on the network
Contain secure content
Cost per breached record
Confidential records stolen/lost
$0.10 to $25
$10 - $1,000
2 of 50 files
1 in 75 emails
Over $150
479,072,533
Sources: epic.org, Ponemon llc., Privacy Rights Clearinghouse
Security Breach Statistics - (2005 -2011):
04/10/2023 3Copyright GTB Technologies, Inc.
All time largest reported incidents
records date organizations Known Cost
130,000,000 January 20, 2009 Heartland Payment Systems $68 mill
94,000,000 January 17, 2007 TJX Companies Inc. $64 mill
90,000,000 June 1, 1984 TRW, Sears Roebuck Unknown
77,000,000 April 26, 2011 Sony Corporation $173 mill
76,000,000 October 5, 2009 National Archives and Records Administration unknown
40,000,000 June 19, 2005 CardSystems, Visa, MasterCard, American Express unknown
32,000,000 December 14, 2009 RockYou Inc. unknown
26,500,000 May 22, 2006 U.S. Department of Veterans Affairs $20 mill
25,000,000 November 20, 2007 HM Revenue and Customs, TNT unknown
24,600,000 May 2, 2011 Sony Online Entertainment, Sony Corporation unknown
Source: http://datalossdb.org/
04/10/2023 4Copyright GTB Technologies, Inc.
EU Electronic Communications GuidanceSection 16: Offences and Penalties
Failure to comply with certain provisions of the Regulations are criminal offences:
• Data Security and Data Breaches
• Unsolicited Marketing Communications
• Requirements specified in Information and Enforcement Notices issued by the
Commissioner Requirements imposed by the Commissioner’s authorised officers.
The offences attract a fine of up to €5,000 – per message in the case of unsolicited marketing – when prosecuted by the Commissioner in the District Court.
Unsolicited marketing offences may be prosecuted on indictment and attract fines of up to €250,000 in the case of a company and €50,000 in the case of an individual. A data security offence may similarly be prosecuted on indictment and attract the same level of Penalty.
Source: http://www.dataprotection.ie/documents/guidance/Electronic_Communications_Guidance.pdf
04/10/2023 Copyright GTB Technologies, Inc. 5
A DLP system performs real-time dataclassification on Data at Rest and Data in Motion and automatically enforces security policies including PREVENTION.
Defining DLP
04/10/2023 Copyright GTB Technologies, Inc. 6
2. Who is sending my data?
• Trusted users• Intruders• Spyware• Viruses
3. What data is being sent?
• PII• PHI• Source code• Intel. Property
4. Who is receiving my data?
• IP address• Email destination• Geographic
location
1. Where is my data?
• Desktops• Laptops• File shares• SharePoint
DLP answers 4 questions:
04/10/2023 Copyright GTB Technologies, Inc. 7
1. Control a broken business process
Who is sending, what data and to whom?
2. Demonstrate Compliance
I have no way of enforcing EU data loss compliance regulation
3. Automate Email Encryption
How do I automate encrypting emails which require it?
5. Severity Blocking
Some breaches are so severe that I prefer to altogether block them!
6. Visibility to SSL
I have no visibility to SSL in general and HTTPS in particular!
7. Detect/Block TCP from non-trusted users
How do I detect transmissions from non-trusted users (Malware/Viruses/Trojans)
4. Detect or Block encrypted content
Should I allow encrypted data to leave without content inspection?
My employees are not complying with the Written Information Security Policy (WISP)
8. Employees’ Education
The 8 use-cases for Network DLP
04/10/2023 Copyright GTB Technologies, Inc. 8
Where is my data?
04/10/2023 Copyright GTB Technologies, Inc. 9
Who is sending my data?
04/10/2023 Copyright GTB Technologies, Inc. 10
a
What data is being sent?
04/10/2023 Copyright GTB Technologies, Inc. 11
Who is receiving my data?
04/10/2023 Copyright GTB Technologies, Inc. 12
The problem of protecting PII – Avoid false positives
Last Name Email Phone Salary SSN Bank Account Credit Card
Abel [email protected] 9495550002 224491.19 001010003 12345678000000002 371230000000004
Abelson [email protected] 9495550003 80721.60 001010004 123000000003 6011120000000000
Abourezk [email protected] 9495550004 84170.59 001010005 123000000004 5312340000000010
Abrams [email protected] 9495550005 248851.63 001010006 12345678000000005 4123400000000014
Ace [email protected] 9495550006 81827.08 001010007 123000000006 371230000000012
Acton [email protected] 9495550007 38145.58 001010008 12000000007 6011120000000018
Adams [email protected] 9495550008 97567.90 001010009 1234000000008 5512340000000026
Adams [email protected] 9495550009 27973.57 001010010 1000000009 4123400000000022
Adams [email protected] 9495550010 168487.07 001010011 123456000000010 371230000000020
04/10/2023 Copyright GTB Technologies, Inc. 13
Solution: Fingerprint your PII
Essential Elements of DLP
1. Detection accuracy2. Resiliency to data manipulation3. Comprehensive protocol support4. File format independence5. Performance – no network degradation6. Security7. Detection of encrypted content8. User remediation
GTB DLP Suite-Confidential
Detection Engine Accuracy Would you enforce blocking if you don’t trust the event is true?
Imprecise Algorithms•Data Pattern engine•Bayesian analysis•Statistical analysis•Others
GTB DLP Suite-Confidential
Detection Accuracy (continued)Would you enforce blocking if you don’t trust the event is true?
Precise Algorithms
•Whole file hash•Cyclical hashes•Rolling hashes•Watermarking/tagging•Recursive Transitional Gaps (GTB proprietary)
GTB DLP Suite-Confidential
Un-structured Data Fingerprinting
Structured Data Fingerprinting - 100% accuracy!
Resiliency to Data Manipulation
Imprecise Algorithms
GTB DLP Suite-Confidential
•Data extracting – copy and paste
•File format conversion
•Compression
•File embedding
•File extension changes
•Re-typing – secure text is re-typed
•Data representation change (069-44-4321 –
069,44,4321)
File format and protocol independence
Imprecise Algorithms
GTB DLP Suite-Confidential
•SMTP, HTTP and FTP are most commonly
used
•HTTP Server, HTTP Tunnel, NNTP, IM, POP3,
MS Networks, SSL and unknown protocols
•Secure data may reside in any file format
Performance & Security
Imprecise Algorithms
GTB DLP Suite-Confidential
• Make sure all packets are scanned without network degradation• Make sure the solution is secure• Choose a solution that does not copy secure content in order to protect it
What data must be protected?Personal identifiable information (PII)
• Credit card number• Social security number• Customer name• Address• Telephone numbers• Account numbers/Member numbers/Tax ID’s• PIN or password• Username & password • Drivers license number• Date of birth
Enterprise class DLP
GTB DLP Suite-Confidential
04/10/2023 Copyright GTB Technologies, Inc.
Scans all TCP channels on all 65,535 ports
Enforcement Actions
Network DLP configuration - OOL
Slide 25GTB DLP Suite-Confidential
Mirror port switch
•Log
•Encrypt
•Quarantine
•Severity Block
Secure mail integration
GTB DLP Suite-Confidential
04/10/2023 Copyright GTB Technologies, Inc.
HTTPS visibility
Port 443
Slide 27GTB DLP Suite-Confidential