selecting data security technology
DESCRIPTION
n this Security technology workshop for IT and network security practitioners, we will teach you a three step process you can use for selecting the right data security technology for your business at the best price. In this session we’ll have a free discission of the do’s and don’ts and the pros and cons of different technologies such as agent DLP, network DLP and DRM.TRANSCRIPT
![Page 1: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/1.jpg)
Licensed under the Creative Commons Attribution LicenseDanny Lieberman
[email protected] http://www.controlpolicy.com/
Selecting Data security Technology
![Page 2: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/2.jpg)
Agenda
• Introduction and welcome
• What is data security?
• Defining the problem
• Select by threat
• Building threat cases
• Three threat cases
• Data security taxonomy
• Selection process
![Page 3: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/3.jpg)
Introduction
• Our mission today– Tools to help make your work easier– Share ideas
![Page 4: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/4.jpg)
What the heck is data security?
• Security– Ensure we can survive & add value
• Physical, information, systems, people
• Data security– Protect data directly in all realms
![Page 5: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/5.jpg)
Defining the problem
• You can't improve what you can't measure(*)
– Little or no monitoring of data flows• Perimeter protection, access control
– Firewall/IPS/AV/Content/AD
– Disconnect between HR, IT
(*) Lord Kelvin
![Page 6: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/6.jpg)
We're not in Transylvania anymore
• Threat scenario circa 1993– Bad guys outside– Lots of proprietary protocols
• Threat scenario circa 2009– Bad guys inside– Everything runs on HTTP– Vendors decide threats
![Page 7: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/7.jpg)
Model of a crime
• Means– Access rights
• Opportunity– With rights, insider can exploit
vulnerabilities in people, systems
• Intent– Uncontrollable
Enterprise integrationDiscoveryRegulatorsGartner
![Page 8: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/8.jpg)
Building a threat case
MetricsAsset value, Threat damage to asset,Threat probability
Value at Risk=Threat Damage to Asset x Asset Value x Threat Probability
(*)PTA Practical threat analysis risk model
![Page 9: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/9.jpg)
M&A threat case
Asset has value, fixed over time or variablePlans to privatize, sell 50% of equity
Threat exploits vulnerabilities & damages assets. IT staff read emails and files of management board
Employee leaks plans to pressBuyer sues for breach of contract.
Vulnerability is a state of weakness mitigated by a
countermeasure.IT staff
have accessto mail/file servers
Countermeasure has a costfixed over time or recurring.
Monitor abuse of privilege & Prevent leakage of
management board documentson all channels.
![Page 10: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/10.jpg)
Service provider threat case
Asset has value, fixed over time or variableInternal pricing of service packages
Threat exploits vulnerabilities & damages assets.Outsourcing DBA has SQL access to pricing schema.
Competitor gets pricing and undercuts company.
Company loses reputation and revenue.
Vulnerability is a state of weakness mitigated by a
countermeasure.Outsource DBA
may gain accessduring end of month close
Countermeasure has a costfixed over time or recurring.Monitor abuse of privilege &
Prevent internal data leakageon Oracle database.
![Page 11: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/11.jpg)
Media threat case – Israeli Trojan
Asset has value, fixed over time or variableNew product marketing campaign
Threat exploits vulnerabilities & damages assets.Competitors distributed custom attack on a CDROM
Got terms of new productundercut company.
Company loses revenue > $20M
Vulnerability is a state of weakness mitigated by a
countermeasure.Employees
may take a CDROMand insert it in their PC
Countermeasure has a costfixed over time or recurring.
Prevent leakage of datato unauthorized channels
![Page 12: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/12.jpg)
Data Warehouse
Document Server
Session
Detection point
Decoders
Policies
Interception
Countermeasures
Received: from [172.16.1.35] (80230224 Message ID:<437C5FDE.9080>
“Send me morefiles today.
Management
Provisioning
Events
Reporting
Policies
Forensics
Data security taxonomy
![Page 13: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/13.jpg)
Selecting a data security technology
• Prove 2 hypotheses:– Data loss is currently happening.– A cost effective solution exists that
reduces risk to acceptable levels.
![Page 14: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/14.jpg)
H1: Data loss is happening
• What data types and volumes of data leave the network?
• Who is sending sensitive information out of the company?
• Where is the data going?
• What network protocols have the most events?
• What are the current violations of company AUP?
![Page 15: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/15.jpg)
H2: A cost-effective solution exists
• What keeps you awake at night?
• Value of information assets on PCs, servers & mobile devices?
• What is the value at risk?
• Are security controls supporting the information behavior you want (sensitive assets stay inside, public assets flow freely, controlled assets flow quickly)
• How much do your current security controls cost?
• How do you compare with other companies in your industry?
• How would risk change if you added, modified or dropped security controls?
![Page 16: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/16.jpg)
Match technology to threat case
Threat case Agent DLP Network DLP DRM
The Israeli Trojan
Install agent on every PC Install appliance at gateway None
Intercept Win32 calls Intercept Layer 2 traffic
Content, context and organizational policy
Content, channel and organizational policy
Monitor, block, prompt Monitor, block, quarantine
Execute policy even when PC is off network
Execute policy for endpointson network
![Page 17: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/17.jpg)
Coming attractions
• Sep 17: Selling data security technology• Sep 24: Write a 2 page procedure• Oct 1: Home(land) security• Oct 8: SME data security
http://www.controlpolicy.com/workshops
![Page 18: Selecting Data Security Technology](https://reader034.vdocuments.net/reader034/viewer/2022051817/548b3db7b47959d30c8b60fa/html5/thumbnails/18.jpg)
Learn more
• Presentation materials and resources
http://www.controlpolicy.com/data-security-workshops