lions, tigers, and phi, oh my! the latest in data loss prevention in the cloud
TRANSCRIPT
Netskope RoadmapLions, Tigers, and PHI, Oh My!A webinar about the latest in data loss prevention in the cloud
John KindervagVice President & Principal Analyst
Forrester
Rajneesh ChopraVice President, Product
ManagementNetskope
2© 2015 Netskope. Company Confidential
Leader in cloud security and governance• Find, understand and secure
all cloud apps. Sanctioned by IT or not
• Surgical visibility and control + noise-cancelling DLP
• Working with Fortune 500 enterprises from financial services, healthcare and retail
About Netskope
© 2015 Forrester Research, Inc. Reproduction Prohibited 3
Yesterday’s data
© 2015 Forrester Research, Inc. Reproduction Prohibited 4
Today’s data
© 2015 Forrester Research, Inc. Reproduction Prohibited 5
And sometimes you store big data in the cloud
© 2015 Forrester Research, Inc. Reproduction Prohibited 6
Selling (Worldwide Cvvs, Worldwide Fullz, UK, Usa Logins Worldwide Dumps, UK, Usa Paypal, Ebay Accounts...)
Everything else2. . . they won’t steal it.
Two types of data
1Data that someone wants to steal
Remember the four P’s
• PCI• PHI• PII• IP
3P + IP = TD
Two Effective Metrics
1. Have your networks or systems been infiltrated by malicious actors?
2. Has your toxic data been exfiltrated from your networks or systems into the hands of malicious actors?
Intrusion
Breach
10© 2015 Netskope. All Rights Reserved.
Data access patterns have evolved – almost completely
The Perimeter is GONE!
Transactions Use Multiple Platforms
June 2014 “Three Forcing Functions That Will Extend Your Data Center’s Network Services Beyond Its Walls”
13© 2015 Netskope. All Rights Reserved.
DLP solutions have been tuned over and over again
14© 2015 Netskope. All Rights Reserved.
DLP inspection remains firmly on-premises
WE NEED A NEW WAY OF THINKING
We need a newway of thinking about trust and
DLP
Data security and control framework
DissectData intelligence Data analytics
DefineData discovery Data classification
DefendAccess Inspect Dispose KillZero Trust
© 2015 Forrester Research, Inc. Reproduction Prohibited 17
Zero Trust is . . .
A new model of information security that identifies the fundamental problem as a broken trust model where users and traffic inside the network are trusted, and those external to the network are untrusted.
Core concepts of Zero Trust
Verify and secure all resources regardless of location
Core concepts of Zero Trust
Verify and secure all resources regardless of location
Limit and strictly enforce access control
Core concepts of Zero Trust
Verify and secure all resources regardless of location
Limit and strictly enforce access control
Inspect and log all traffic
Two Effective Metrics
1. Have your networks or systems been infiltrated by malicious actors?
2. Has your toxic data been exfiltrated from your networks or systems into the hands of malicious actors?
Intrusion
Breach
Stop Data Exfil
Data security and control framework
DissectData intelligence Data analytics
DefendAccess
DefineData discovery Data classification
Inspect Dispose Kill
The DLP Maturity Grid
Discover Classify Consolidate Design Enforce
Cloud
Data security and control framework
DissectData intelligence Data analytics
DefendAccess
DefineData discovery Data classification
Inspect Dispose Kill
Killing Data = Abstracting Data via
Data Masking• Test Data
Tokenization• Credit Cards
• SSNEncryption
• Toxic Data
• Intellectual Property
CORP
SaaS
D
IaaS
DPaaS
D
D
SP
D
Private
D
INTERNET
›Use Zero Trust Network Architectural concepts in your cloud
›Stop Data Exfil›Killing Data is Effective DLP
Zero Trust Cloud Protection
© 2015 Forrester Research, Inc. Reproduction Prohibited 27
Purpose-built apps
Most cloudapps
© 2015 Netskope. All Rights Reserved. Confidential 28
All cloud apps (800+ per enterprise)
All users have access
Any content
Data Loss Any activity
• Restrict to risky apps• Restrict to app category
• Restrict to users/groups• Restrict to location• Restrict to device
• Restrict to certain activities
• Restrict to content type• Restrict to fingerprinted
or exact match
Take a layered approach to address problem
© 2015 Netskope. All Rights Reserved. Confidential 29
All cloud apps (800+ per enterprise)
All users have access
Any content
Data Loss Any activity
Result: Much lower surface area for risk
Reduced content footprint
Reduced app
footprint
Reduced user
footprint
Reduced activity footprint‘Quarantine
PII data uploadedby finance team in NYC to risky cloud
storage apps’
Result• Fewer false positives • Improved accuracy• More reliable Cloud DLP
© 2015 Netskope. All Rights Reserved. 30
Fingerprinting and Exact Match
Benefits• Full coverage. Apply policies for data in motion or data at rest
• Improved accuracy. Detect even if excerpts of the sensitive data leaks with minimal misclassifications.
• Easy policy enforcement. No policy tuning needed – use the original content to translate into the policy.
Organize sensitive data in a CSV
Generate an Exact Match
hash
Augment any DLP Rule with Exact
match
Fingerprinting
Exact Match
Identify sensitive documents
Fingerprint the assets
Apply Fingerprint
policy
© 2015 Netskope. All Rights Reserved. 31
Fingerprinting Use Case
1. Bob wants to steal a company confidential design document
2. So, Bob copy pastes parts of this
design document into Gmail and sends it out.
© 2015 Netskope. All Rights Reserved. 32
Through DLP file fingerprinting organizations can detect confidential information leak even if it is copy pasted.
• Can be applied to any file type: • Zip files• Encrypted files• Password protected• Renamed files• Extension changes • ... It doesn’t matter
© 2014 Netskope. All Rights Reserved. 33
Exact Match Use Case
• General DLP rule looking for SSNs is generating a large number of false positives
• Apply an Exact Match to ensure coupon codes as defined are not detected
• Result is more accurate detection with fewer false positives
SSN# 578049324Coupon Code 123456789
© 2015 Netskope. All Rights Reserved. 34
Fingerprinting and Exact Match - DLP landscape
• All enterprise class DLP vendors boast fingerprinting and exact match capabilities. But they do not see cloud application context
• Only CASB vendors see cloud application context – most often for sanctioned apps only
• Netskope is the only CASB vendor that supports Fingerprinting and Exact Match across all cloud applications complete with deep, contextual data
35© 2015 Netskope. Company Confidential
Summary
• Much has changed since we started doing DLP
• The cloud is the perhaps the most disruptive change
• DLP in the cloud requires a different approach, but many of our previous learnings still apply
• Use of contextual information and techniques like fingerprinting and exact match make DLP for cloud targeted and less onerous from an administrative point of view.
Questions? Thank you!