rsa data loss prevention (dlp) suite
TRANSCRIPT
Simon K. Carvalho
Technology Solution Consulting Service Outsourcing
Data Protection Strategy
Workshop Agenda
Why data protection?
What is data protection?
Data Protection vs DLP
DLP strategy
Data Classification
Methodology
Comparison
Q&A
Data Breach - The escalation of a serious threat
3
“TJX’s $1 billion
data breach”
“DuPont scientist downloaded
22,000 sensitive documents as he
got ready to take a job with a
competitor…”
“ChoicePoint to pay $15
million over data breach—
Data broker sold info on
163,000 people”
The FSA has fined
Nationwide £980,000 for a
stolen laptop
NATO
A USB memory stick containing
classified NATO information was
found in a library in Stockholm
Is Your Data in the Wild?
Survey: Dark Reading/InformationWeek (2009)Survey: MIS Training Institute at CISO Summit (2009)
McAfee Datagate Report. Produced by DataMonitor (survey of 1400 IT professionals across UK, US, DR, DE, and Australia)
77%unable to audit or quantify loss after a data breach
73%of data breaches come from internal sources
80%of CISOs see employees as the greatest data threat
The Problem is Rapidly Escalating
CIO Weblog: Scott Wilson – Sept 30 2009
2008 - 2009Security Breach Increase
300%
Accidental Data Loss is the Biggest Threat
"Through 2010 we expect 80-90% of sensitive information leaks to be unintentional, accidental or the result of poor business
processes."
- Gartner Group
Paradigm Shift
Legitimate access to
information does not
necessarily grant the user
the right to remove it from
the enterprise
Access Control Data Loss Prevention
What data are we talking about?
April 15, 2014 8
Compliance Intellectual Property
• Customer Lists
• Price/Cost Lists
• Target Customer Lists
• New Designs
• Company Logo
• Source Code
• Formulas
• Process Advantages
• Pending Patents
High Business Impact (HBI) Information
• Board Minutes
• Financial Reports
• Merger/Acquisitions
• Product Plans
• Hiring/Firing/RIF Plans
• Salary Information
• Acceptable Use
J-SOX
Sarbanes-Oxley Basel II
PIPEDA EUDPD
GLBA
HIPAA
PCI
MITS
FISMA
DPA
DPA
DTO-93
CPCArt. 43
FFIEC
CPA
Solvency IIDPA
SA-PL
R-DPL
J-SOX
Sarbanes-Oxley Basel II
PIPEDA EUDPD
GLBA
HIPAA
PCI
MITS
FISMA
DPA
DPA
DTO-93
CPCArt. 43
FFIEC
CPA
Solvency IIDPA
SA-PL
J-SOX
Sarbanes-Oxley Basel II
PIPEDA EUDPD
GLBA
HIPAA
PCI
MITS
FISMA
DPA
DPA
DTO-93
CPCArt. 43
FFIEC
CPA
Solvency IIDPA
SA-PL
R-DPL
• SOX
• HIPAA
• PCI
• Credit Card numbers
• GLBA
• FISMA
• ITAR
• SB 1386
• Others
…and Importantly:
• Review of Key Employee actions before they announced departure
• Unreported but Important Memos/Reports
• Code names of projects not reported to Security department
What you did not know needed protection
Major Data Loss/Leak vectors
Physical loss or theft of laptops and mobile devices
1Unauthorized
transfer of data to external devices
2
Unintentional distribution via e-mail, web, etc.
3
Privileged users breach the data
4
Information escapes via print, CD-ROM,
DVD, etc.
5
User applications hacked
6
Trojans/key
loggers/malware
7
Keep security costs low and
reduce impact on end users
Employee & customer data
(PII), corporate secrets,
intellectual property
PCI, HIPAA, GLBA, PIPEDA,
EU Data Directive, etc.
Improve Operational Efficiencies (security)
Comply With Regulations
Why DLP Is Important For You
Secure Your Sensitive Data
Fines: More than $500K in fines
Burden: Quarterly audits
Legal: Lawsuits, privacy notices
Damage: Corporate brand equity
Churn: Customer & employee
Loss: Competitive advantage
Burden: More FTEs for security
Capital: Additional HW & SW
Cost: Higher TCO
A Complete Data Protection Project
5. Content aware Data
leak Prevention (Host DLP)
4. File and Folder
encryption
2. Laptop /device
encryption
1. Removable Media
Control
6. Content aware Data
leak Prevention
(Network DLP)
7. Digital Rights
Management (DRM/ERM)
Control data beforeit leaves your organization
Complexity
3. Do Data
Classification
Control data afterit has left your organization
BeyondOrganization
Data Loss Prevention Data Leak Prevention
• Credit card data
• Privacy data (PII)
• Health care information
Knowing The “D” In DLP: Sensitive Data
Regulatory
Data
• Intellectual property
• Financial information
• Trade secrets
Corporate
Secrets
Data classification tips
• Think twice about tagging and categorizing everything -the costs are high
• Consider the confidentiality ( sensitivity) and availability (criticality) of the data to be classified
• Consider its integrity, as low-quality data cannot be trusted
• Use an effective metadata strategy to tag the data well• Get the support of the management and employees who
will use the system – Involve data owners• Use Discovery tools to aid in Data classification• Monitor and maintain the data classification system over
time, tweaking as necessary
Classification Maturity Stages
• 0 - No information assets are classified or assets are randomly classified.
• 1- Assets are classified at a high level or organizational level, assets are unidentified.
• 2- Processes are developed and implemented allowing assets to be classified in detail.
• 3- New assets are classified in detail.
• 4 – Legacy assets are classified in detail.
• 5 - Assets are classified, and processes exist that allow for asset reassessment and new asset classification.
What is DLP?
DataSources
UserActions
PolicyActions
Enforced toDestination
At rest
In use
In motion
Copy todevice
Burn todisc
Cut, copy,paste
Upload
Encrypt
Educate
Monitor
Take home
Post to web
Send via net
How Does DLP Work?
PolicyApplication
Enforcement
PolicyIntelligence
AtRest
InUse
InMotion
Encrypt Block Monitor Educate Move
UserAction
Inspection/Discovery Capture
Sou
rce
An
aly
zeE
valu
ate
Pro
tect
AdminAction
Sensitive Data
DLP Methodology
DISCOVER
User Actions
MONITOR
End Users
EDUCATE
Security Controls
ENFORCE
Policy Framework Based on Governance, Risk & Compliance
?RISK
TIME
Understand Risk
Reduce Risk
Discover Your Sensitive Data
StructuredSemi-StructuredUnstructured
Credit Card DataPersonally Identifiable
Information (PII)
Personal Health
Information (PHI)Corporate Secret Data
Comply With RegulationsProtect Corporate
Competitive Advantage
Reduce uncertainty and understand risk from the data you own
Monitor Your User Actions
Regulatory Data
Corporate Secrets
Compliance
Objectives
Governance & Risk
Objectives
Understand how your user actions impact your corporate objectives
Augment Standard Policy
Education With
“Just-In-Time Education”
Emphasized Education Program
Educate End Users About Corporate Policies
Educate end users on policies and violations to reduce risk
Top Violators(Identified through
Discover and Monitor)
Rest of the users
!
user performs actions
DLP educates on violation
user acts responsibly1 2 3
Just-In-Time Education
Enforce Controls to Prevent Data Loss
BLOCK
AUDIT
ENCRYPTQUARANTINE
JUSTIFY
MOVE
DELETE
SHRED
RMS (DRM)COPY
NOTIFY
ALLOW
User Action Data Sensitivity User Identity
LOW HIGH
Enforce security controls based on the risk of a violation
Defined in DLP Policy
Manual or
Automated
RISK
Conduct a technology requirement assessment
Identify current technology you can leverage
Evaluate fit with IT roadmap (cloud, virtualization, etc.)
Do not “boil the ocean”. Deploy in phases.
Prioritize deployment phases by risk (data, group, etc.)
Establish a process for remediation and reporting
Gain support from executives and business managers
Make sure employee education is part of the plan
Establish SLAs and MOUs with group heads
DLP Deployment Playbook
PEOPLE
PROCESS
TECHNOLOGY
DLP Project Process & Check List
DLP champion (team)
Support from groups beyond IT
Top 3-5 drivers & corporate policies
Education process & resources
Remediation process & resources
Technology provisioning
DLP administration hours
Project Timeline and next phase
Your DLP Pre-Deployment Check List
Pre-Deployment
Discover & Monitor
Educate
Enforce
Next Phase
(New policies / groups)
A DLP solution must cover all data loss channels
IM
Peer to Peer
Hello, how are you?
Printer
Copy & Paste
USB
HTTPS
FTP
Wi-Fi
Network
ConfidentialData
Important DLP Capabilities
• Data Discovery capabilities –can it discover and identify confidential data residing on servers, databases, document management systems, Sharepoint, NAS/SAN, endpoint etc.
• Structured and unstructured data support
• Policy templates for automated identification and Protection
• Endpoint encryption – prevent data loss due to loss/theft of laptops/PDAs
• File & Folder encryption
• Centralized Management for all pieces- endpoint, network and discovery.
• Reporting and forensics
Important DLP Capabilities
• Port control/device control/application control
• Integration with existing directories (user aware) i.e. Microsoft AD
• Linux/Mac support
• Port/protocol agnostic DIM
• Monitor, Capture and protect the unknown data
• Robust inbuilt incident management and workflow capabilities
• Content-aware encryption enforcement
• Online / offline enforcement
• Integration with DRM/ERM/RMS
• Scalability
Gartner Magic Quadrant 2010
Forrester wave Q4 2010
McAfee, RSA & Websense DLP
McAfee DLP RSA DLP Websense DLP
Host DLP• Data leak prevention• Laptop / device Encryption• File and Folder encryption• Device Control (removable media)
Host DLP• Data leak prevention• Basic device control
Host DLP• Data leak prevention• Removable media encryption (USB)
Network DLP• PREVENT - Email and web DLP• Data DISCOVERY• MONITOR
Network DLP• PREVENT - Email and web DLP• Data DISCOVERY• MONITOR
Network DLPSingle server which cando Prevent, Discover and Monitor
Single appliance based centralized DISCOVERY
Grid based distributedDISCOVERY
Single server based centralized Discovery
Stronger Policy Management engine
Strong Policy Management (example: schedules)April 15, 2014 33
McAfee DLP RSA DLP Websense DLP
No (expected soon) •Discover data within databases
Discover data within databases
No Data Masking Data Masking
Four appliances and 1 server based architecture
Multiple appliances and servers based solution
Two-server architecture
Mix of Appliances and server
Mix of Appliances and servers (also as VMs)
Servers only
Endpoint DLP has application controlfeatures
Two Management consoles (DLP Manager and EPO)
Single Management console
Single management console to manage Websense Web Security as well as DLP (adv.forexisting Websense customers) April 15, 2014 34
McAfee, RSA & Websense DLP
McAfee DLP RSA DLP Websense DLP
“replay” or “historicaldata storage”
No No
Capture database No No
Discover data within Documentum
No ??
Arabic support Arabic support ??
Integration with Adobe LiveCycle RMS
Integration with Microsoft RMS
??
DLP inserted in VirtualFabric
April 15, 2014 35
McAfee, RSA & Websense DLP
Strong
Central Auditing & compliance reporting
Port / Device control / Application Control
Central management, “all in one”
Full disk encryption
File and folderencryption
Removable Media /Mobile / Encrypted USBs
Integration to existing directories, e.g. ADS
Footprint minimization
Tokens /Smart Cards / BioMetric Support
Certifications
MAC/Linux Support
Integrated Endpoint Content Aware DLP
OEMGE
OEM Separate Product
PnP Only
Separate Product
EFS
Weak / None
Road mapped 2010
Endpoint Data Protection Average MinimalPartial
Separate Product
R72 and R73
140-1 L1140-2 L1BITSEAL4
140-2 L1EAL 3
FIPS 140-1 L1FIPS 140-2 L1BITSEAL 4
140-2 L1EAL 4+
140-1 L2140-2 L1
140-2 L1 OEM
GuardianEdge
140-2 L1140-1 L2140-2 L2EAL 4
OEM Product - GE
R72 and R73
OEMTrend DLP
Relieson Altiris
Requires separate Consoles
NO LAN Support
Planned For 6.0
Central Auditing & compliance reporting
Robust case management and workflow
Central Deployment & Management
Unified Policy definition & enforcement
Unstructured Data Discovery (Network & Endpoint)
Integrated Content aware Encryption enforcement DIU, DIM, DAR
Offline / Online Endpoint Policy Enforcement
Integration with RMS / DRM
Structured Data Discovery
Discover, Monitor and Protect the Unknown (Capture)
Native DB Support Dec 2009
Port / protocol agnostic DIM
Real-time Rule tuning DIM , DAR
Data Loss Prevention
RequiresAltiris or 3rd party
Requires3rd Party
RequiresenVision
For NDLP
SeparateSol Packrequired
Email ONLY from RSA
Email ONLY from RSA
RequiresenVision
Requires 3rd party
Requires 3rd party
Requires 3rd party
Strong Weak / NoneAverage MinimalPartial
• DLP RFP Templates
• DLP POC
• Consideration Metrics
• Risk Assessment
• DLP Workshop
• DLP Demo
• DLP Workshop
• EDLP TCO Tool
• DLP Sizing Guide
Next steps
Considering DLP Scoping DLP Project Evaluating DLP Vendors
What stage are you in today? We can help you:• Better understand DLP
• Develop a DLP project internally
• Develop a framework to evaluate and select the right DLP vendor
Summary
• Pre-deployment preparation is very important
• Data classification is critical
• Involvement of business managers and data owners
• Phased approach –
– Identify top 3 or 5 top risk areas – PCI or IP of some kind, etc
– Apply policies to top risk groups – HR or Finance
– Enterprise wide rollout
RSA DLP Product Covers all Aspects of DLP
DISCOVER
MONITOR
EDUCATE
ENFORCE
RSA DLP Network
RSA DLP Datacenter
RSA DLP Endpoint
email web datacenter laptops & PCs
RSA DLP Enterprise Manager
*
* Through a partner
RSA DLP
Suite
RSA DLP Network
April 15, 201445
RSA DLP Datacenter
April 15, 201446
Five Critical Factors For DLP Solutions: RSA’s Take
Policy &
Classification
Enterprise
Scalability
EIdentity
Aware
Incident
Workflow
Built-In vs.
Bolt-On
Policies covering a
broad range of
regulations and
topics. Developed
by an expert team
Identity awareness
for classification,
controls and
remediation
Consolidated alerts
with the right
information to the
right people for the
right actions
Scan more data
faster with lesser
hardware and
resources
Common policies
across the
infrastructure -
EMC, Cisco and
Microsoft
Policies: Broad Range of Expert Policies
Dedicated Knowledge Engineering
team develops and maintains DLP
policies
Work Exp: 12 years
Certifications: 18 regulations
Languages : Four
Background: Linguistics, artificial
intelligence, search
technologies
Education: Library sciences,
Computer science
Sample Profile of
a Knowledge
Engineer
150+ built-in policies you can use
• PCI DSS
• MA CMR 201
• CA AB 1298
Retail
• HIPAA
• Caldicott (UK)
• PIPEDA
Healthcare
• ITAR
• Patent Apps
• EAR
Manufacturing
• GLBA
• FCRA
• NASD
Financial Serv
• CPNI
• Source Code
• Design Docs
Telecom/Tech
• NERC
• Global PII
• 401k & 403b
Other
Knowledge Engineering
Classification: Flexible Framework
Detection Rules
Context Rules
Exceptions
Described Content
Full & partial match
Databases
Files
Fingerprinting
Transmission metadata
File size, type, etc.
Owner, sender, etc.
Attributes
A classification framework to suit your unique needs
Highly accurate results in identifying sensitive data
User Identity Analysis
Name
Title
Business group
Organization hierarchy
Special privileges
What policies to apply
Define the risk of actions
What controls to enforce
Who to notify
Real-time data from your Windows Active Directory
Used across all phases of DLP
Incident Workflow to Effectively Manage Violations
HIGH
MEDIUM
LOW
Security Incident
Alert Manager
Alert Security
Officer
No Alerts. Audit
Only
Violation Event 1
Violation Event 2
Violation Event 3
Violation Event 4
Violation
Event “n”
Policy Based
Logical Grouping
Security Incident
DLP + enVision = More intelligent alerts and prioritization
Consolidate Violations Send Alerts Based on Risk
Reduce noise, prioritize incidents and manage workflow
Amount of data
Sources of data
Number of office sites
Types of office sites
Number of users
Types of users
Scalability For Enterprise Deployments
PEOPLE PLACES DATA
Flexible “policy framework” to
support a million plus users
and 100’s of user types
Expandable “site” and “agent”
architecture to support 1000s
of sites
Unique “grid” technology to
scan large amounts of data
most cost effectively
Built-in DLP for the Infrastructure: DLP Ecosystem
Your DLP
Strategy
Leverage your current
infrastructure for DLP
Faster and cost
effective deployments
Centralize policies and
management
What’s in it for you
RSA DLP Technology
McAfee DLP solution
54 April 15, 2014
Confidential McAfee Internal Use Only55 Confidential McAfee Internal Use Only
Evolution of McAfee Data Loss Prevention
• October 2006: McAfee acquires Onigma, early stage endpoint DLP company
• September 2007: McAfee launches Host DLP with ePO management
• Throughout 2008: McAfee Host DLP selected as enterprise wide DLP solution
for hundreds of customers, including Bank of America, Wal-Mart, Merrill
Lynch, Visa, Dept of Defense, Israel Defense Forces, etc.
• August 2008: McAfee acquires Reconnex, industry analyst recognized
technology leader in Network DLP and Forensics
• April 2009: Network DLP v8.5 launched with integrated incident reporting and
workflow between Network DLP, Host DLP and ePO. Discovery remediation
and other enhancements.
• June 2009: Host DLP v3.0 launched with data discovery, integrated File &
Folder Encryption, improved content classification and Lotus Notes support
• Sept 2009: Further enterprise enhancements to Network DLP
• Early 2010: Unified DLP with joint policy creation for all elements; further
enhancements to Network & Host DLP
• 2010: Embedding of DLP engine into Web Gateway & Email Gateway
• 2010: Final infrastructure updates for Unified DLP
Confidential McAfee Internal Use Only56
The McAfee Data Protection platform
Data-at-
Rest
Data-in-
Motion
Data-in-
Use
Monitor, Notify,
Prevent
Enforce, Audit
and RespondIdentify, Classify
and Protect
Incident and case management
Workflow and reporting
DLP Manager
McAfee ePO
Full endpoint management
and deployment
DLP
Discover
Endpoint
Encryption
Encrypted
Media
Network DLP
Monitor
Network DLP
Prevent
DLP Host
DLP Host
Device
Control
Encrypted
Media
Confidential McAfee Internal Use Only
Data at Rest
ProblemWhere is all the data?
ChallengeNeed to find the data and categorize it to enable the organization to apply protections
Best Practice
• Data-at-rest products crawl the organization based on taxonomy of content and can provide analysis of what servers, endpoints and repositories have what content
• Use inventory scans to discover what is available and delegate reviews of materials (where possible)
• Once the data distribution model is understood, automated remediation can be used (move, delete, encrypt, quarantine, etc.)
Confidential McAfee Internal Use Only
Data in Motion
ProblemWho is sending what to whom?
ChallengeAll information leaving must be analyzed
from both managed and unmanaged
machines. Solution must be transparent.
Best Practice
• Network-based data-in-motion products passively analyze all communications: webmail, IM, blogs, email, etc.
• Pre-built rules can be run to determine what information violates policy
• Rules and policies are mapped to business stakeholders to ensure incident review and remediation are not an information security challenge
• Mining of incidents allows for rule tuning and refinement
Confidential McAfee Internal Use Only
Data in Use
ProblemHow are employees using my data? What is
being printed, copied and removed from my
organization?
ChallengeUsers interact with data while connected and
disconnected from my network. Authorized
users have access to sensitive information.
Best Practice
• Identify high-risk machines for sensitive information disclosure, such as Legal, HR, Management, Sales, Engineering and Development
• Deploy monitoring capabilities initially to identify the use of removable media
• Define rules and policies by department and group requirements
• Use automated protection mechanisms (block, monitor, log, store evidence, encrypt, etc)
• Notify users to increase security awareness
Confidential McAfee Internal Use Only60 February 10, 2009Title of presentation Confidential McAfee Internal Use Only
From the Network…
60
Perimeter
PREVENT - Protect against email & web
data leaks
Admin & Management
MANAGE - Centralized administration
Incident/case management
Network Layers
DISCOVER - Identify sensitive
information in storage repositories
MONITOR - Protect data as it
moves across the network
Data Storage & Management
Confidential McAfee Internal Use Only
Network Based Protection from the endpoint
Application Based Protection
Device Based Protection
…to the Host
Send
over Email
Extract using
the clipboard
Send to
a printer
Post to
the web
Extract using
screen capture
Transmit
over to network
General
application file-access
Send to a
removable storage device
Copy to a
network file share
Confidential McAfee Internal Use Only
McAfee Data Loss Prevention (Today)
McAfee ePO
McAfee DLP
Manager
Switch
Databases or Repositories
Data-in-Use
McAfee NDLP
PreventMcAfee Firewall
McAfee IPS
McAfee
HDLP
ICAP integrated
McAfee NDLP
Prevent
McAfee NDLP Monitor
w/ Capture Database
Disconnected & Mobile Unified incident
reporting and case mgmt workflow
Data-in-Motion
Data-at-Rest
Data-in-Motion
Data-in-Motion
McAfee Web Gateway
SMTP integrated
McAfee Email Gateway
McAfee
HDLP
McAfee NDLP
Discover
Data-at-Rest
Confidential McAfee Internal Use Only
McAfee Data Protection Solution Architecture
Secured Corporate LAN Network Egress/DMZ
MTA or Proxy
SPAN Port or Tap
Disconnected
• DLP Monitor
• DLP Prevent
• DLP Discover• DLP Endpoint
• Device Control
• DLP Endpoint
• Device Control
Central Management
• ePolicy Orchestrator (ePO)
• DLP Manager
Confidential McAfee Internal Use Only
McAfee DLP Topology
PREVENTProtect against email
& web data leaks
DISCOVERFind sensitive information in
storage repositories
MONITORProtect data as it
moves on the network
MANAGEFlexible and scalable administration
& case management
ePO Agent
Host DLP
Plug’n’play appliances Pre-integrated & hardened
components
Single, integrated ePO
desktop agent
Confidential McAfee Internal Use OnlyApril 15, 201465
McAfee DLP Core Differentiators
• Industry’s most comprehensive Data Protection portfolio
– Eliminates point product and multi-vendor fatigue
– Provides integrated management and intelligent data sharing capabilities
• “Capture”
– Facilitates accurate-first-time policies and comprehensive forensics investigation
• Time to Value
– See value in days, Capture removes the need for months of rule tuning
– Deploys in days not months, easy “drop in” appliances, no servers to build
• Industry’s most widely deployed endpoint DLP agent
– Proven scalability and ease of deployment
– Full security functionality whether on the LAN or offline
• Custom built classification engine allows for high flexibility
– Unique capabilities for environments where non-standard file formats are prevalent
– Intellectual Property protection
Confidential McAfee Internal Use OnlyApril 15, 201466 66April 15, 201466
McAfee
ePO
So
lid
co
re
SIA
Pa
rtn
ers
Secure McAfee Communication
Channel
Total Protection for Data
Ho
st
Co
mp
lia
nc
e
An
ti-V
iru
s
An
ti-S
pyw
are
De
sk
top
FW
Ho
st
IPS
NA
C
Re
me
dia
tio
n
ePO Agent (MA) Framework
DL
P
En
dp
oin
t E
ncry
pti
on
for
PC
En
dp
oin
t E
ncry
pti
on
for
Fil
es
an
d F
old
er
One Client Manager (MA – McAfee Agent) handling
multiple Endpoint Security products.
The McAfee DLP Difference – Comprehensive and
Integrated
Confidential McAfee Internal Use Only67 February 10, 2009Title of presentation Confidential McAfee Internal Use Only
The McAfee DLP Difference - Learning and Data
Mining
67
Let the technology do the heavy lifting
Google changed the way we use the web. Nobody remembers URLs anymore,
they “Google” what they need. Like Google, we index and file everything away so
you don’t have to know where it all is! Then you use our indexes to build policy.
Simple, effective and fast!
vs
Confidential McAfee Internal Use OnlyApril 15, 201468
Egress Out
The McAfee DLP difference: Capture all leakage!
McAfee
CaptureDB
Legacy Vendors
Trash Bin
• False negatives destroyed
• Can’t LEARN and adjust policies
• Assumes you know what to protect
• Everything captured
• “Information gap” Solved
• Able to LEARN from the past
POLICY FILTER
PCI
HIPPA
Appropriate Use
Trigger Words
Other Policies
ViolationsDB
All Matches
• Pre-set Policies
• Dashboard reports
• Distributed notification of violations and reports
• Define policies
• Tune rules
• Mine data with Google-like search capabilities
• Forensic search of historical data
Confidential McAfee Internal Use OnlyApril 15, 201469
Create
Policy
Implement
Policy on
Live Data
Impact
users,
Help-Desk
Calls, etc.
The McAfee DLP difference
DLP Policy creation with traditional vendors…
Actual outgoing email, IM, web traffic, etc.
6-12 monthsTweak/Edit
Policy
Eventually
Effective
Protection
Confidential McAfee Internal Use Only
Create
Policies
Capture and
index all
network data
The McAfee DLP difference - DLP policy creation
with McAfee “Capture”
Actual outgoing email, IM, web traffic, etc.
1-3 weeks
Effective
Protection
Offline data
Tweak /
Edit Policy
Offline
fast-
forward
testing
Bonus = Forensics!
Help catch theft of critical data by employees
Confidential McAfee Internal Use Only
McAfee DLP Advantages
1• Platform Integration
2• Deployment Velocity
3• Data Analytics
Confidential McAfee Internal Use Only
McAfee DLP Advantages
1• Platform Integration
2
3
Confidential McAfee Internal Use Only
McAfee DLP Coordinates Data Protection
• McAfee data protection solutions
deliver additional value through DLP
– DLP coordinates enforcement
– DLP enforces consistent policies
– DLP provides actionable insight
McAfee DLP provides integrated workflows, simplified processes, lower costs and
consistent protection for all data
Removable Media
Device Control
USBEncryption
Web
DLP
Confidential McAfee Internal Use Only
DLP Increases Control
Content aware enforcement delivers greater control & reduces costs,
only applying protection where it’s needed
Without DLP With DLP
Encryption
Removable
Media
Device
Control
Encrypt everything
Selectively encrypt
Encrypt on-demand
Block USB devices
Content based coaching
Block based on origin
Block Cut, Copy, Paste
Content aware blocking
Content based coaching
Confidential McAfee Internal Use Only
ePO Integrates All Enterprise Security
McAfee ePolicy Orchestrator
Improved
AgilityReduced
CostsIncreased
Protection
Fast – Flexible – Efficient
Confidential McAfee Internal Use Only
McAfee DLP Advantages
1
2• Deployment Velocity
3
Confidential McAfee Internal Use Only
McAfee DLP vs. Traditional DLP
Compliance AchievedThe longer deployment takes,
the longer your data and your
company is at risk
McAfee DLP delivers rapid & effective protection for your data – why wait?
Confidential McAfee Internal Use Only
McAfee DLP Product Line
DLP Manager + ePO = Central & Delegated Management
Perimeter
• Web
• IM
• P2P
• FTP
DLP Prevent
Host
• Encrypt
• Device control
• Discover
• Cut, copy
Host DLP
Network
• Capture
• Data mining
• Monitor
• Alert
• Report
DLP Monitor
Storage
• Discovery
• Inventory
• Tagging
• Scanning
• Mitigation
DLP Discover
Inside Outside
Confidential McAfee Internal Use Only
Use Case: Sensitive Data Leak
79
Scenario
• An internal audit shows signs
of data leaking from your
organization
• Management have given you
the job of quantifying and fixing
the problem - fast
McAfee DLP gives you speed
• Pre-integrated, hardened appliances are up and running in days
• Capture data lets you quickly identify issues and build effective
policies to address them
Confidential McAfee Internal Use Only
McAfee DLP Advantages
1
2
3• Data Analytics
Confidential McAfee Internal Use Only
Traditional DLP Leaks Data
81
Violations
Bit Bucket
Data
Violations
Data Intelligence
Data
Capture
Fast, accurate policy creation and rapid, in-
depth investigations
McAfee DLP Leverages Data
Confidential McAfee Internal Use Only
Use Case: Disgruntled Employee
82
Scenario
• A top sales rep leaves the company
• 2 weeks later your customers are
getting called by a competitor
• Has someone leaked your customer
list?
McAfee DLP gives you the evidence
• See the timeline of employee activities and data use
• Discover what data the employee downloaded before they quit
Confidential McAfee Internal Use Only
Data Loss Happens Beyond the Organization
CustomersEquity research reports
Risk: Uncontrolled
distribution of research
dilutes value
Field techniciansService manuals
Risks: Gets printed offsite,
unable to revoke/update
older/inaccurate versions
PartnersEngineering documents
Risk: No control after it is
sent to third parties
InsurersPatient health information
(PHI) records
Risk: PHI record sent to
the wrong patient
April 15, 201483 Extending Data Protection Beyond the Organization
Confidential McAfee Internal Use Only
McAfee and Adobe to Deliver Joint Solutions
Central Management (McAfee® ePolicy Orchestrator®)
Document audit trackingDisconnected access
Version control Access controls
Revoke/change rights
Organization Beyond
Adobe LiveCycle Rights
Management
Document Security Management
Network DLP
Host Data Loss Prevention
Encryption
Device Control
April 15, 201484 Extending Data Protection Beyond the Organization
Confidential McAfee Internal Use Only
85Confidential McAfee Internal Use Only
Adobe DRM Complements McAfee Data Protection
Data Loss
Prevention Device
Control
Encrypted
USB
Endpoint
Encryption
McAfee Endpoint Encryption
Full-disk, mobile device, and file
and folder encryption coupled
with strong authentication
McAfee® Data Loss PreventionFull control and absolute visibility over
user behavior
Adobe LiveCycle Rights
Mangement Persistent enforcement
anywhere, anytime
McAfee Encrypted USB
Secure, portable external
storage devices
McAfee Device Control
Prevent unauthorized use
of removable media devices
McAfee Data
Protection Suite
for Rights
Management
Proactive, Automated
Data Protection
Enterprise
Rights
Management
April 15, 201485 Extending Data Protection Beyond the Organization
Confidential McAfee Internal Use Only
Protection of Data-at-Rest
Adobe LiveCycle
Rights Management ES2
McAfee ePolicy
Orchestrator 4.5
Server-side Client-side
Adobe LiveCycle
RM clients
Step 1: IT defines RM enforcement policies specifying authorization
Step 2: IT defines DLP rules, specifying which documents need RM
Step 3: DLP searches disk, finds sensitive data and protects that with RM
Step 4: End user conducts business normally, however, documents
are protected with RM, seamlessly preventing unauthorized use
Corporate IT
Administrator
End User
McAfee Host DLP
(with LiveCycle libraries)
1
2
4
3
Confidential McAfee Internal Use Only
Step 4: DLP software examines if file is protected with RM
Step 5: DLP software blocks action until user protects document with RM
Protection of Data-in-Use/Data-in-Motion
Adobe LiveCycle
Rights Management ES2
McAfee ePolicy
Orchestrator 4.5
Server-side Client-side
Step 1: IT defines RM enforcement policies specifying authorization
Step 2: IT defines DLP rules, specifying which documents need RM
Step 3: End user attempts to send a file (via e.g. email, web, USB)
Corporate IT
Administrator
End User
McAfee Host DLP
(with LiveCycle libraries)
Email, Web,
USB
1
2
5
4
3
Confidential McAfee Internal Use Only
Comprehensive Alliance: Enterprise and
Consumer
•Consumer– Adobe offers McAfee consumer AV as part of Adobe Reader
Windows downloads
– Adobe Reader– 500m+ copies distributed in the past 2 years alone
•Enterprise– McAfee integrates Adobe DRM in to data protection solution
– ePO installed-base – 65m+ endpoints
Significant commitment from both sides
April 15, 201488 Extending Data Protection Beyond the Organization