Architecture - PowerPoint

Document Sample
Architecture - PowerPoint Powered By Docstoc
					Protecting your
information assets



 Eoin Farrer
 ILP Sales Manager
 Northern Europe


 21 November 2008


    WEBSENSE CONFIDENTIAL
                 Information security is a people issue




    Once access is granted, what happens to your data?
    Are your IT systems equipped to deal with people issues?


2
            Agenda

    09:00-09:30   Registration & morning coffee

    09:30-10:30   Understanding the Information Loss problem

                  Building Best Practices & Processes
                  How can Websense Help? Introducing Intelligent Content
                  Protection
                  Discover, Monitor and Protect from Information Leakage
    10:30-10:45   Coffee break
    10:45-11:45   Data in motion

                  Data at rest
                  Data in Use
                  Product Demonstration
                  Next Steps – Risk Assessment
    11:45-12:00   Q&A

3
                      What you are telling us


      WHAT DO YOU CONSIDER THE BIGGEST THREAT TO YOUR ORGANIZATION’S OVERALL SECURITY?
                                                                            (multiple responses)
        Leakage of confidential/proprietary information                           52%
        Unpatched vulnerabilities                                                 24%
        Insider attacks                                                           18%
        Spyware                                                                   14%
        Phishing attacks                                                          10%
        Malicious Code                                                             4%
        Fraud                                                                      2%
        Keystroke loggers                                                          2%



    95% of organisations would not be confident they
    would know if a data leak occurs

    *Survey of 105 international security professionals at
      at eCrime Congress London, 2007

4
    Sensitive Information is everywhere



                                     Employee data
    Finance                 HR          Payroll                           IT
     Investor information                                  Intranets
      E-Banking records                                    Extranets
           Budgets                                      Network Designs




                                                        Confidential plans
                                       M&A                  Designs
      Client data
                            Strategic plans & designs   Client databases
      Forecasts



     Sales                  Management
                                                          Marketing


5
                     The Landscape



    Inbound                                                Outbound
      Inappropriate content                                    Confidential information
      Malcode                                                  Customer data
      Fraud                                                    Intellectual property
      Productivity inhibitors                                  Regulated information


      Channels: Exploits, HTTP/S, P2P, IM, FTP               Channels: SMTP, IM, P2P, FTP, HTTP/S, Print




                                 Fundamental Business Issues
                          Regulatory Compliance & Risk Management
                          Productivity and Corporate Governance
                          Business Continuity and Competitive Advantage




6
         People issues put content at risk



    Trojan horse captured data on 2,300 Oregon
    taxpayers
    By Todd Weiss, Computerworld, 06/15/06

    The Oregon Department of Revenue has been contacting some
    2,300 taxpayers this week to notify them that their names,
    addresses or Social Security numbers may have been stolen by a
    Trojan horse program downloaded accidentally by a former worker
    who was surfing pornographic sites while at work in January.




7
    We’ve all seen the headlines




8
    What about this one?




9
          Why is this a hot issue all of a sudden?


      We hear of information leaks every day
      Are incidents on the rise or more being
       disclosed?
        – Both!
      Regulatory Compliancy is a key driver
      As is protecting Brand and Intellectual assets
      CISO’s know the value of thier data assets
      So do the bad guys!



10                                                   EJS Ráðgjöf | Nóv. 2007
        How is Data Being Leaked?
                                       HTTP
                                       Email
                                       Networked Printer
                                       Endpoint
                                       Internal Mail
                                       Corporate Webmail
                                       IM
                                       Other


     What Type of Data is Leaked?


                                    Non Public Information
                                    Confidential Information
                                    Intellectual Property
                                    Protected Health Information




11
     Unintentional leaks:      `
     Accidental/Ignorant               Customer_Info.xls        Customer_Intel.xls




     Unintentional leaks:          `                          Spyware or
                                                             Keylogger Site
     Malicious



     Un/Intentional:                        Data in Motion
                                                                              `
                                   `         Data at Rest

     Broken Business Process


     Intentional:                  `
     Malicious

12
      How big is the malicious issue?


      Accidental or unintentional is the biggest leak
       source
      Malicious activity on the increase
        – Targeted trojans, Spyware, Greyware
                 Orsök upplýsingaleka




                                      Agalausir notendur
                                      (77%)
                                      Unintentional/Accidental (77%)
                                      Illgjarn tilgangur (23%)
                                      Malicious Intent (23%)




13                                                 - Infowatch 2007
          Managing the malicious risk

      ILP solutions have not focused heavily on this
       problem, it needs IT Security and Infosec
       awareness
      Websense offer a Total Content Security
       approach
        – Brings best of breed content filtering and web
          security together
        – Full content and context awareness




14                                                     EJS Ráðgjöf | Nóv. 2007
                           Malicious activity – Destination Awareness

     •   Pro-Choice                    •   Web Chat                    •   Gay or Lesbian or Bisexual   •   Message Boards and
     •   Pro-Life                      •   General Email                   Interest                         Forums
     •   Adult Content                 •   Organizational Email        •   Hobbies                      •   Online Brokerage and
     •   Financial Data and Services   •   Text and Media Messaging    •   Personals and Dating             Trading
     •   Educational Institutions      •   Job Search                  •   Restaurants and Dining       •   Pay to Surf
     •   Educational Materials         •   Content Delivery Networks   •   Social Networking and        •   Bot Networks
                                                                           Personal                     •   Keyloggers
     •   Reference Materials           •   Dynamic Content
                                                                       •   Sport Hunting and Gun        •   Malicious Websites
     •   MP3 and Audio Download        •   File Download Servers           Clubs
         Services                      •   Image Servers                                                •   Phishing and Other Frauds
                                                                       •   Travel                       •   Potentially Unwanted
     •   Gambling                      •   Images (Media)              •   Special Events                   Software
     •   Games                         •   Alternative Journals        •   Vehicles                     •   Spyware
     •   Military                      •   Religious                   •   Violence                     •   Potentially Damaging
     •   Political Organizations       •   Internet Auctions                                                Content
                                                                       •   Weapons
     •   Health                        •   Real Estate                                                  •   Elevated Exposure
                                                                       •   Internet Radio and TV
     •   Hacking                       •   Professional and Worker                                      •   Emerging Exploits
                                                                       •   Internet Telephony
     •   Proxy Avoidance                   Organizations                                                •   User Defined
                                                                       •   Peer-to-Peer File Sharing
     •   Search Engines and Portals    •   Service and Philanthropic
                                           Organizations               •   Personal Network Storage
     •   URL Translation Sites                                             and Backup
     •   Web Hosting                   •   Social and Affiliation
                                           Organizations               •   Streaming Media
                                       •   Alcohol and Tobacco         •   Advertisements
                                                                       •   Freeware and Software
                                                                           Downloads
                                                                       •   Instant Messaging




15                                                                                                                 EJS Ráðgjöf | Nóv. 2007
     The Power of Destination Awareness

                           Destination Categories
                            Financial Data and Services

                                Forbes, CNNMoney, Bloomberg

                            Search Engines and Portals

                                Google, Yahoo, MSN, Dogpile

                            General and Organizational Email

                                Corp. Webmail, Hotmail, Gmail

                            Social Networking and Personal

                                 Wikipedia, MySpace, LinkedIn

                            Bot Nets, Spyware, Keyloggers, etc.




16
     But...

     it’s important to know that fighting determined
       intent can be very difficult...




17                                             EJS Ráðgjöf | Nóv. 2007
     Notkun ILP lausna




18                       EJS Ráðgjöf | Nóv. 2007
                        In a nutshell...

                  ILP Solutions can with high degree of certainty
                    – Stop accidental/ignorant/negligent user incidents
                    – Stop the “average” malicious user (sales guy posting
                      customer db to webmail account)
                    – Malicious information stealing trojan
                  But this could account for 90-100%* of leaks for a given
                   company
                  Also ... It is one of the most effective solutions for
                   ensuring compliance with regulations such as PCI, SOX
                   etc
                  ILP solutions do not offer 100% information security
                    – But significantly reduce the risk of data loss
                    – Are rapidly becoming a key part of information risk
                      management
     * Educated guess

19                                                                    EJS Ráðgjöf | Nóv. 2007
     So how do we go about solving the problem?




20                                       EJS Ráðgjöf | Nóv. 2007
     Hvað er til ráða?




21                       EJS Ráðgjöf | Nóv. 2007
      Best Practice


      7 Steps to Success – It’s about process, people and
      technology!
       – Identify and find data
       – Classify data
       – Monitor the flow of data inside the network
       – Control who distributes data
       – Control where data is distributed to
       – Prevent leaks via non-business channels
       – Protect data at all times




22
      Best Practice


      Step 1: Identify and find data
       – Define what is actually “confidential” data
       – Discover data anywhere in your network
           Desktops
           Laptops
           File Servers
           Databases
           eVaults
           Other…
       – Automate the process
       – Review regularly
                                                       Your Data




23
      Best Practice


      Step 2: Classify data
       – Use technology to build on previous step
            watermark, signature, fingerprint, hash – whatever!
       – It has to be…
            Accurate
            Robust
            Secure
       – Automate the process - Do you see a pattern here?




24
                Best Practice


      Step 3: Monitor the flow of data inside the network
       – Inbound, Outbound, Internal
       – Which business channels are used for information flow?
           Email, HTTP, IM, FTP, Printing etc.
       – This must be Real-Time!




                                                                          Custom Channels

                                                                   IM

                                                      HTTP

                                                                        Print
                                                             FTP
                                              Email

25
      Best Practice


      Step 4: Control who distributes data
       – Who actually does what in the organisation?
          Do you have an org chart?
              Finance, Marketing, R&D, HR, Customer Services
           Do you have a directory service?
       – You must make use of this information
       – Essential for any forensics investigations
       – Remember, it’s about people!




26
                     Best Practice

      Step 5: Control where data is distributed to
         – Do you have any idea where data is sent?
             HTTP, is it a Business Partner or Web-Mail?



         Allowed Information
                                                                           Blocked Information
                                           Organization Network    Trusted Destination
                                                                                     Spyware



        Authorized User
                                                                          Phishing
                             File Server

                                                Trusted Protocol                          Hacker
     Network                                                                  Infected
      Users                                                                 Remote User

          Spyware Infected User




27
              Best Practice


      Step 6: Prevent leaks on non-business channels
       – Are you monitoring other channels?
           USB
              Removable HDDs
                 iPods
                 Cameras
           P2P
           Hosted Storage
           Evasion applications
              RealTunnel
              GhostSurf




28
      Best Practice


      Step 7: Protect data at all times
        – We all need to learn to focus on the data, not just the
          threat
            Recognise these?
               Trojans, Worms, Spyware, Bots
            What about these?
               Stupidity, Naivety, Laziness, Willingness to “work
                around” policy, Broken business process

        – Bottom line is your security will fail at some point due to
          one or more of the above!




29
                                    Gartner Magic Quadrant for M&F&DLP, 2Q07




                                                                                                  Symantec
                                                                                                                                     (PortAuthority)




                                                                                                                                                  Trend Micro / Provilla
                                                                                                                    EMC                           McAfee / Onigma




     Gartner Disclaimer: This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated In the context of the entire report.


30                                                                                                                                                                   EJS Ráðgjöf | Nóv. 2007
Coffee Break




WEBSENSE CONFIDENTIAL
         How can Websense help here?




      The leading ILP solution
      Dominating the Web Security market with 42%
       market share
      42,000 customers, solid revenues and stable
       company




32                                               EJS Ráðgjöf | Nóv. 2007
     Best Practice for Protecting Data




                       Quarantine       Remediate
          Block

                  Encrypt
                                Notify
                                                               Custom
                                                              Channels
                                            HTTP     IM

                                                   FTP    Print
                                    Email
                                                                          File Server
                                                             Laptop

                                                                      Database

                                                    Desktop




33
            Content Protection Suite Architecture


     Data Learning                           Data In Motion




                                              Data at Rest




      Data In Use




34
                                Technology Platform:- PreciseID™


                           There are multiple techniques to classify and identify
                      information, but only PreciseID™ NLP offers the most accurate
                   High          and granular information leak prevention


                                                                              3rd
                                                                           Generation
                                                                           PreciseID
     Detection Accuracy




                                                       Technology
                                                       Technology
                                                         Barrier
                                                         Barrier



                          Low                                Detection Granularity

35
             Why Accurate Identification Is Critical


         False Positives Cost
     1                            >160 false positives/day = 1 FTE
         Resources and Time


         False Positives Reduce Employee
     2
         Productivity

         False Negatives Can Damage
     3   Brand, Reputation and          $5-20 million per incident
         Competitive Advantage

         Accurate Identification Enables Smooth
     4
         Workflow and Incident Remediation
36
              PreciseID™ Fingerprinting: Learn Data
                                                                          Fingerprints
                                                                            database
     Phase I: Fingerprint data at rest
                                                                            0x59A06
                                              01011100      0xB6751         0x66A1A
                                              11010011      0xB61C1         0x1678A
                                              00001011      0x37CB2         0x461BD
                                              00 100100
                                                            0x5BD41         0x6678A
                                              1000111
                                              011           0x190C1         0x4D181
                   Extract                    0110011       0x93005         0xB678A
                                              0111101       0x590A9         0x9678A
                                                            0xA0001         0xB6751
       Database                                                             0xB61C1
       Record or             Algorithmic     One-way        Fingerprint     0x37CB2
       Document              Conversion    Mathematical     Storage &       0x5BD41
                                           Representation    Indexing       0x190C1
                                                                            0x93005
                                                                            0x590A9
                                                                            0xA0001
     Example:                                 01011100      0xB6751
                                              11010011      0xB61C1
                                              00001011      0x37CB2
                                              00 100100
                                                            0x5BD41
                                              1000111
                                              011           0x190C1
                                              0110011       0x93005
                                              0111101       0x590A9
                                                            0xA0001

                             Algorithmic     One-way        Fingerprint
                             Conversion    Mathematical     Storage &
                                           Representation    Indexing
37
                PreciseID™ Technology at Work: Detection
                                                                       Fingerprint
                                                                        database
     Real Time Data Detection
                                                                        0x59A06
                                                                        0x66A1A
                                                                        0x1678A
                                                                        0x461BD
                                          010111001                     0x6678A
                                          101001100       0x5BD41       0x4D181
                                                          0x190C1
                                          00101100                      0xB678A
                                          100100          0x93005
                                                                        0x9678A
                                                                        0xB6751
                          Algorithmic     One-way        Fingerprint    0xB61C1
     Outbound Content     Conversion    Mathematical      Creation      0x37CB2
                                        Representation                  0x5BD41
     (E-mail, Web, Fax,
                                                                        0x190C1
         Print, etc.)
                                                                        0x93005
                                                                        0x590A9
                                                                        0xA0001




                                                                        Real-Time
                                                                       Fingerprint
                                                                       Comparison


                                        Action                Policy


38
                      Using Websense PreciseID™

                                 Database Server       Document      File Server
                                                   Management System
                                                                                           Policy
                                                                                        Enforcement




              1
     Data location defined
     using easy-to-use GUI
                                            Websense Appliance

                             2                         3                      4                    5
                   Database and DMS            PreciseID engine       Original data is not Audit and reporting
                  crawlers read only the        generates data         altered or copied
                   data to be protected     fingerprints and stores
                                                  in database
39
              Protecting Data



      Websense protects any data: Structured and
      unstructured, maintained in any container
       – 370 file formats
           Content based detection
           File content is always inspected
           CAD/CAM
       – Any database
           Automatic or manual learning of data
            including database content updates
       – Document Management Systems




40
             Websense Use Cases


      Pattern Policies
        – PCI, SEC, HIPAA etc
      Customer data protection
        – Data fields in a record in a
          database
      Confidential information
       protection
        – Unstructured data in different
          file formats




41
     Start with Pre-defined policies..




42
                         Use Case: Customer Data Protection

        Records management: built to protect structured data
        Example: Database with credit cards data

         Card Number                 PIN                                          CVC
         15 or 16 Digits Long        4 to 12 Digits            Expiration         3 or 4 Digits         Other Data

          1234567891234567                  1234                  0207                  123             John Hancock

          1234567891234568                 1234567                0307                 1234            Samuel Adams

          1234567891234569                  0207                  0207                  124              John Adams


        Content filters can easily identify credit card numbers and point to probable leaks
          – But for prevention purposes it is not enough to identify a credit card number, it is also
            critical to get the relevant data elements correlated



         Please check activity w/ credit        Please check activity w/ credit      Please check activity w/ credit
         card number                            card number                          card number
         1234567891234567                       1234567891234567                     1234567891234567
                                                                                     belongs to Mr. John Hancock
                                                David Flinter, manager               David Flinter, manager

43
                  Use Case: Confidential Data Protection




                                           File Server 1        File Server N




     Policy                                          Crawlers
     properties


                                           Multi selection folders for
                                            unstructured document
                                            fingerprinting
                                              – Unlimited number
                                                of policies
                                              – Any file system



44
  Product
Demonstration




  WEBSENSE CONFIDENTIAL
                    4 STEPS TO GETTING STARTED


     Step 1: Configure monitoring on network
             • Setup: 2 hours




                                                                                       Fingerprinting                                            0xB6751
                                                                                                                                  01011100
                                                                                                                                  11010011       0xB61C1



     Step 2: Select the policies that reflect the crown
                                                                                                                                  00001011       0x37CB2
                                                                                                                                  00 100100      0x5BD41
                                                                                                                                  1000111        0x190C1
                                                                                                        Extract                   011            0x93005
                                                                                                                                  0110011
                                                                                                                                                 0x590A9
                                                                                                                                  0111101


              jewels you want to protect                                                  Database
                                                                                          Record or
                                                                                          Document
                                                                                                                  Algorithmic
                                                                                                                  Conversion
                                                                                                                                  One-way
                                                                                                                                Mathematical
                                                                                                                                                 0xA0001

                                                                                                                                                 Fingerprint
                                                                                                                                                 Storage &
                                                                                                                                Representation    Indexing




     Step 3: Wait a week and find out who is                        `


                                                                                                       Spyware or
              sending what information where                        `                                 Keylogger Site



                                                                 Data                  Data                               Data
                                                                  at                    in                                 in
     Step 4: Create a monitoring and enforcement                 Rest                  Use                               Motion

              policy based on results                                                                                                            1
                                                                                                                                                     a1        b1
                                                                                                                                                                    2




                                                          SMTP                                                    Internal        Print           Custom
                                                                        HTTP/S   FTP            IM
                                                                                                                    Mail                         Channels


46
            Summary

      Information Leaks are happening every day,
       ILP solutions are the way to combat the
       problem.
      Integrated with Web Security provides the
       highest level of inbound and outbound control
      ILP solutions are easy to deploy and cheaper
       than you might think.
      If you are responsible for highly sensitive data,
       losing that data is going to have a major
       impact on your business and your job.



47                                                     EJS Ráðgjöf | Nóv. 2007
     PROTECT YOUR DATA
     PROTECT YOUR CUSTOMERS
     PROTECT YOUR BUSINESS



      Register for a free risk
         assessment at:
      websense.com/CPS

48
Questions?




WEBSENSE CONFIDENTIAL
Thank You!




WEBSENSE CONFIDENTIAL
 Spare Slides




WEBSENSE CONFIDENTIAL
                            Integration Options

                  Database crawler


                                                                       Microsoft ISA
                                                                                                   Lotus          Microsoft            Print Encryption
                                        Customized
                                                                                                   Notes          Exchange             Server Gateway
                                        Applications




                                                                           Agent API
                                                                           Websense
                  DMS API




                  Files crawler                        Websense
                                                       Agent API



     Protected
       Data                                              Enterprise Management Appliance

                                                                                       Discovery


                                              LDAP                  Users Network


                    Active Directory / LDAP                                                 Protector Appliance
                                                                                                                              Protector Appliance




                                                                                                                   ICAP
         Legend
        Optional data connectors
        Websense management
                                                                         Network Tap       Mirror/SPAN Port                    Proxy
        Optional DATASEC
        Optional Websense Server agent
                                                                                                   Enterprise network


52
                           Flexible Deployment Options


                                                       Network C                                                          Network E
                                                                                     Proxy
           TAP                                TAP                                                              TAP
                       Network A                        Network B                                                         Network D




     Protector Appliance                 Protector Appliance                                                Protector Appliance
     In Passive mode                     In hybrid mode :                                                   In hybrid mode :
                                         In-line, Passive and Proxy                                         In-line, Passive and Proxy




                                                                                       Desktops   Laptops       Servers
                 Management Appliance/
                 Content Server                                     Agent based                                    Protector Appliance
                                                                    Real time protection                           In Discovery mode




53
         Data Classification Methodology



     The 3P methodology
      Principal
          – Top 5%, crown jewels, use
            PreciseID Fingerprinting
        Pareto
          – Continue fingerprinting,       Principal
            use smart NLP policies
        Progressive                       Pareto
          – Ongoing tuning and new
            data policies

                                        Progressive




54

				
DOCUMENT INFO