gtb - protecting pii in the eu

Protecting PII in the EUGTB Data Leak Prevention

March 27, 2012Oxford, UK

04/10/2023 Copyright GTB Technologies, Inc. 2

Price of a valid credit card w/ CVV

Price for bank account credentials

Exposed files on the network

Contain secure content

Cost per breached record

Confidential records stolen/lost

$0.10 to $25

$10 - $1,000

2 of 50 files

1 in 75 emails

Over $150

479,072,533

Sources: epic.org, Ponemon llc., Privacy Rights Clearinghouse

Security Breach Statistics - (2005 -2011):

04/10/2023 3Copyright GTB Technologies, Inc.

All time largest reported incidents

records date organizations Known Cost

130,000,000 January 20, 2009 Heartland Payment Systems $68 mill

94,000,000 January 17, 2007 TJX Companies Inc. $64 mill

90,000,000 June 1, 1984 TRW, Sears Roebuck Unknown

77,000,000 April 26, 2011 Sony Corporation $173 mill

76,000,000 October 5, 2009 National Archives and Records Administration unknown

40,000,000 June 19, 2005 CardSystems, Visa, MasterCard, American Express unknown

32,000,000 December 14, 2009 RockYou Inc. unknown

26,500,000 May 22, 2006 U.S. Department of Veterans Affairs $20 mill

25,000,000 November 20, 2007 HM Revenue and Customs, TNT unknown

24,600,000 May 2, 2011 Sony Online Entertainment, Sony Corporation unknown

Source: http://datalossdb.org/

04/10/2023 4Copyright GTB Technologies, Inc.

EU Electronic Communications GuidanceSection 16: Offences and Penalties

Failure to comply with certain provisions of the Regulations are criminal offences:

• Data Security and Data Breaches

• Unsolicited Marketing Communications

• Requirements specified in Information and Enforcement Notices issued by the

Commissioner Requirements imposed by the Commissioner’s authorised officers.

The offences attract a fine of up to €5,000 – per message in the case of unsolicited marketing – when prosecuted by the Commissioner in the District Court.

Unsolicited marketing offences may be prosecuted on indictment and attract fines of up to €250,000 in the case of a company and €50,000 in the case of an individual. A data security offence may similarly be prosecuted on indictment and attract the same level of Penalty.

Source: http://www.dataprotection.ie/documents/guidance/Electronic_Communications_Guidance.pdf

http://www.dataprotection.ie/documents/guidance/Electronic_Communications_Guidance.pdf


A DLP system performs real-time dataclassification on Data at Rest and Data in Motion and automatically enforces security policies including PREVENTION.

Defining DLP


2. Who is sending my data?

• Trusted users• Intruders• Spyware• Viruses

3. What data is being sent?

• PII• PHI• Source code• Intel. Property

4. Who is receiving my data?

• IP address• Email destination• Geographic

location

1. Where is my data?

• Desktops• Laptops• File shares• SharePoint

DLP answers 4 questions:


1. Control a broken business process

Who is sending, what data and to whom?

2. Demonstrate Compliance

I have no way of enforcing EU data loss compliance regulation

3. Automate Email Encryption

How do I automate encrypting emails which require it?

5. Severity Blocking

Some breaches are so severe that I prefer to altogether block them!

6. Visibility to SSL

I have no visibility to SSL in general and HTTPS in particular!

7. Detect/Block TCP from non-trusted users

How do I detect transmissions from non-trusted users (Malware/Viruses/Trojans)

4. Detect or Block encrypted content

Should I allow encrypted data to leave without content inspection?

My employees are not complying with the Written Information Security Policy (WISP)

8. Employees’ Education

The 8 use-cases for Network DLP


Where is my data?


Who is sending my data?


a

What data is being sent?


Who is receiving my data?


The problem of protecting PII – Avoid false positives

Last Name Email Phone Salary SSN Bank Account Credit Card

Abel [email protected] 9495550002 224491.19 001010003 12345678000000002 371230000000004

Abelson [email protected] 9495550003 80721.60 001010004 123000000003 6011120000000000

Abourezk [email protected] 9495550004 84170.59 001010005 123000000004 5312340000000010

Abrams [email protected] 9495550005 248851.63 001010006 12345678000000005 4123400000000014

Ace [email protected] 9495550006 81827.08 001010007 123000000006 371230000000012

Acton [email protected] 9495550007 38145.58 001010008 12000000007 6011120000000018

Adams [email protected] 9495550008 97567.90 001010009 1234000000008 5512340000000026




Solution: Fingerprint your PII

www.gttb.com

GTB DLP Suite-Confidential

GTB DLP Live Demo

http://www.gttb.com/

Essential Elements of DLP

1. Detection accuracy2. Resiliency to data manipulation3. Comprehensive protocol support4. File format independence5. Performance – no network degradation6. Security7. Detection of encrypted content8. User remediation


Detection Engine Accuracy Would you enforce blocking if you don’t trust the event is true?

Imprecise Algorithms•Data Pattern engine•Bayesian analysis•Statistical analysis•Others


Detection Accuracy (continued)Would you enforce blocking if you don’t trust the event is true?

Precise Algorithms

•Whole file hash•Cyclical hashes•Rolling hashes•Watermarking/tagging•Recursive Transitional Gaps (GTB proprietary)


Un-structured Data Fingerprinting

Structured Data Fingerprinting - 100% accuracy!

Resiliency to Data Manipulation

Imprecise Algorithms


•Data extracting – copy and paste

•File format conversion

•Compression

•File embedding

•File extension changes

•Re-typing – secure text is re-typed

•Data representation change (069-44-4321 –

069,44,4321)

File format and protocol independence



•SMTP, HTTP and FTP are most commonly

used

•HTTP Server, HTTP Tunnel, NNTP, IM, POP3,

MS Networks, SSL and unknown protocols

•Secure data may reside in any file format

Performance & Security



• Make sure all packets are scanned without network degradation• Make sure the solution is secure• Choose a solution that does not copy secure content in order to protect it

What data must be protected?Personal identifiable information (PII)

• Credit card number• Social security number• Customer name• Address• Telephone numbers• Account numbers/Member numbers/Tax ID’s• PIN or password• Username & password • Drivers license number• Date of birth

Enterprise class DLP


04/10/2023 Copyright GTB Technologies, Inc.

Scans all TCP channels on all 65,535 ports

Enforcement Actions

Network DLP configuration - OOL

Slide 25GTB DLP Suite-Confidential

Mirror port switch

•Log

•Encrypt

•Quarantine

•Severity Block

Secure mail integration


04/10/2023 Copyright GTB Technologies, Inc.

HTTPS visibility

Port 443

Slide 27GTB DLP Suite-Confidential

gtb - protecting pii in the eu

Technology

data manipulation3

data securityoffence

gtb dlplive demo

eugtb data leak prevention

network dlp

unsolicited marketing

case of unsolicited

dlp answers