information leakage - a knowledge based approach
DESCRIPTION
Illyas Kooliyankal CISCO -ADC Presentation at the CIO Event for more information click here http://bit.ly/oR262iTRANSCRIPT
![Page 1: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/1.jpg)
ILLYAS KOOLIYANKALCISO - ADX
![Page 2: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/2.jpg)
Information Leakage – A Knowledge Based Approach
![Page 3: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/3.jpg)
• Introduction• Some real life examples• Existing Security Mechanisms?• Best Approach towards Protection• Protection Mechanisms• Technology behind DLP• Case Study• Summary
![Page 4: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/4.jpg)
Why Data is a Priority?
Indirect Costs$1.5M$15/record
Opportunity Costs$7.5M$75/record
Direct Costs$5.0M$50/record
Cost of Data Breaches$140/record
Source: Ponemon Institute SVB Alliant
Leakage of confidential/proprietary information Un patched vulnerabilities Insider attacks Spyware Phishing attacks Malicious Code Spam Denial of Service attacks Fraud Keystroke loggers
52%
24%18%14%10%
4%4%4%2%2%
What do you consider to pose the biggest current threat to your organization’s overall security? (multiple responses)
Source: Merrill Lynch survey of 50 North American CISOs, July 2006
![Page 5: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/5.jpg)
70% - loss caused by insiders
23% of loss is from malicious intent
92% use email to send confidential data
55% use portable devices to take confidential data out of the workplace every week
Some stats
![Page 6: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/6.jpg)
Top Leakage concerns of customers
![Page 7: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/7.jpg)
•More mobility, flexibility
•Criminals
•Business impact – Reputation,
monitory, growth, …
•Legal and Regulatory compliances
•International standards like ISO 27001
•Personally…
A serious Concern Now?
![Page 8: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/8.jpg)
• A researcher, who accidentally sends a new product formula to hundreds of partners
OR• A junior member of the finance team
who unknowingly exposes the company’s unannounced financial results to the public
![Page 9: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/9.jpg)
A Hard-working, loyal employee who takes home his laptop or a USB drive for the weekend to get work done
and
Accidentally leaves it on the subway as he runs to greet his children at the end of a long workweek
“Internal risk that can lead to data loss are real.”
![Page 10: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/10.jpg)
Data Leakage - Boundary
Employees(remote workers,mobile workers)
Business Partners(Suppliers, outsourcers,
consultants)
CompetitorsCustomers
Hackers
ContractorsTemporaries
Visitors
Digital Business
Digital Business Cyber-crime
Cyber-crime
SOURCE: FORRESTER RESEARCH
Employees
Sensitive Data
![Page 11: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/11.jpg)
Existing Security Devices/Solutions?
![Page 12: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/12.jpg)
Data - Concerns
![Page 13: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/13.jpg)
Holistic Approach
People
Process
Technology
![Page 14: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/14.jpg)
•Develop and implement fool proof processes in overall business environment (Information –at all stages/states)
•Staff Awareness and support
•Implement appropriate technology to assist the users and the organization to protect the data efficiently and without business interruption.
![Page 15: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/15.jpg)
• Information leaked by Internal/Authorized users
• Performance issues.• False Positives and False Negatives• User Resistance & Org Culture of Trust,
openness• Impact to the normal business operations?
Challenges!
![Page 16: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/16.jpg)
• Business requires information easily and seamlessly
• Existing security solutions and tools-limited capability
• Huge amount of sensitive data; unwanted/outdated data
Is it Easy?
![Page 17: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/17.jpg)
• Approach it as a business problem, not technical.
• Formulate a comprehensive strategy for Data protection
• Develop a classification policy
• Analyze various data sources and data, classify it, and conduct detailed risk assessment.
• Identify and select an appropriate technical solution for DLP
How can you protect?
![Page 18: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/18.jpg)
How can you protect?
• State of the Data– in motion, at rest, in use.
• Develop/Decide on the policies to be applied based on the sensitivity and classification
• Apply light weight policies and train the users to be more careful
• Actions – Controls (Log, Alert, Justification, block, etc)
• Monitor and Fine Tune Approach it phase by phase – Begin with log only, analyze the events and tighten
the controls slowly and steadily.
![Page 19: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/19.jpg)
Databases
Transaction
Applications
Data At Rest• Data classification• Device control• Content control• Application control
Transaction Data• Direct Database Access• Access via Applications
• Web applications• Web services
Data Storage (SAN
and NAS)Servers,Endpoints
CommunicationChannels
Data In Motion• Outgoing communications• Internal communications• Databases and documents• Monitoring and enforcement
Employees(Honest & Rogue)
Customers& Criminals
Accidental, Intentional and Malicious Leaks
Employees(Honest & Rogue)
Employees(Honest & Rogue)
Courtesy: www.PortAuthorityTech.com
The Landscape
![Page 20: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/20.jpg)
• Lets you secure the data you know you need to protect
• Automate the discovery and understanding of the data you don’t know
• By securing all your information—from the datacenter to the network endpoints—you protect it through all phases of its lifecycle—at rest, in motion, and in use—and ensure its confidentiality and integrity.
What DLP offer?
![Page 21: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/21.jpg)
• Identify and Classify data in motion, at rest, and in use
• Dynamically apply the desired type and level of control, including the ability to perform mandatory access control that can’t be circumvented by the user
• Monitors multiple channels for specific inbound and outbound content
DLP Products may differs based on these.
How Does DLP Work?
![Page 22: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/22.jpg)
Through
• Deep content inspection • Contextual security analysis of transaction
(attributes of originator, data object, medium, timing, recipient/destination, etc.)
• With a centralized management framework.
The systems are designed to detect and prevent the unauthorized use and
transmission of confidential information
How?
![Page 23: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/23.jpg)
Capabilities
![Page 24: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/24.jpg)
Data ProtectionWhat is the UserDoing With It?Read, Write, Print, Move, Burn, Copy/Paste, Upload, etc.
Where Did theData Come From?(What Classification?)
Where Is theData Going?
What is the Policy regarding Actions to be taken?
Devices
Applications
Networks
1 42 3
![Page 25: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/25.jpg)
Reduce Your Risk
Audit, Notify, Quarantine, Block
Encrypt…
Reduce Risk
• Enable enforcement policy• Quarantine suspicious
messages• Create audit trail of all
communications to substantiate compliance
• Reduce violations to required levels
EnforceLearn
Define Metrics
• Use pre-defined policies or create custom policies
• Learn critical information using information fingerprinting service
Monitor
• Monitor communication channels
• Reporting of matches against policies and information fingerprints
• Tune policies
Assess Risk
Courtesy: www.PortAuthorityTech.com
![Page 26: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/26.jpg)
• Information Leakage is a serious concern to organizations and individuals
• Approach has to be holistic addressing through People, Process and Technology
• DLP technology addresses Data in motion, rest and at use.
Summary
![Page 27: Information Leakage - A knowledge Based Approach](https://reader033.vdocuments.net/reader033/viewer/2022061205/54811ca1b379595e2b8b5c90/html5/thumbnails/27.jpg)
• Classification Policy, Information about Data and Data Source, Classify those, Select DLP Solution, Develop Policies and Test, Apply, Monitor, Fine Tune, Awareness
• Action – Log, Alert, Justify, Block etc..
• Resistance, Org Culture, Performance, huge amount of known/unknown data etc are some of the obstacles.
• Start with light weight policies and gradually tighten it once the awareness and adaptability is achieved
• Information Leakage Prevention is an ongoing process