Information Leakage - A knowledge Based Approach
-
Upload
global-business-events-the-heart-of-your-network -
Category
Technology
-
view
1.035 -
download
2
description
Transcript of Information Leakage - A knowledge Based Approach
ILLYAS KOOLIYANKALCISO - ADX
Information Leakage – A Knowledge Based Approach
• Introduction• Some real life examples• Existing Security Mechanisms?• Best Approach towards Protection• Protection Mechanisms• Technology behind DLP• Case Study• Summary
Why Data is a Priority?
Indirect Costs$1.5M$15/record
Opportunity Costs$7.5M$75/record
Direct Costs$5.0M$50/record
Cost of Data Breaches$140/record
Source: Ponemon Institute SVB Alliant
Leakage of confidential/proprietary information Un patched vulnerabilities Insider attacks Spyware Phishing attacks Malicious Code Spam Denial of Service attacks Fraud Keystroke loggers
52%
24%18%14%10%
4%4%4%2%2%
What do you consider to pose the biggest current threat to your organization’s overall security? (multiple responses)
Source: Merrill Lynch survey of 50 North American CISOs, July 2006
70% - loss caused by insiders
23% of loss is from malicious intent
92% use email to send confidential data
55% use portable devices to take confidential data out of the workplace every week
Some stats
Top Leakage concerns of customers
•More mobility, flexibility
•Criminals
•Business impact – Reputation,
monitory, growth, …
•Legal and Regulatory compliances
•International standards like ISO 27001
•Personally…
A serious Concern Now?
• A researcher, who accidentally sends a new product formula to hundreds of partners
OR• A junior member of the finance team
who unknowingly exposes the company’s unannounced financial results to the public
A Hard-working, loyal employee who takes home his laptop or a USB drive for the weekend to get work done
and
Accidentally leaves it on the subway as he runs to greet his children at the end of a long workweek
“Internal risk that can lead to data loss are real.”
Data Leakage - Boundary
Employees(remote workers,mobile workers)
Business Partners(Suppliers, outsourcers,
consultants)
CompetitorsCustomers
Hackers
ContractorsTemporaries
Visitors
Digital Business
Digital Business Cyber-crime
Cyber-crime
SOURCE: FORRESTER RESEARCH
Employees
Sensitive Data
Existing Security Devices/Solutions?
Data - Concerns
Holistic Approach
People
Process
Technology
•Develop and implement fool proof processes in overall business environment (Information –at all stages/states)
•Staff Awareness and support
•Implement appropriate technology to assist the users and the organization to protect the data efficiently and without business interruption.
• Information leaked by Internal/Authorized users
• Performance issues.• False Positives and False Negatives• User Resistance & Org Culture of Trust,
openness• Impact to the normal business operations?
Challenges!
• Business requires information easily and seamlessly
• Existing security solutions and tools-limited capability
• Huge amount of sensitive data; unwanted/outdated data
Is it Easy?
• Approach it as a business problem, not technical.
• Formulate a comprehensive strategy for Data protection
• Develop a classification policy
• Analyze various data sources and data, classify it, and conduct detailed risk assessment.
• Identify and select an appropriate technical solution for DLP
How can you protect?
How can you protect?
• State of the Data– in motion, at rest, in use.
• Develop/Decide on the policies to be applied based on the sensitivity and classification
• Apply light weight policies and train the users to be more careful
• Actions – Controls (Log, Alert, Justification, block, etc)
• Monitor and Fine Tune Approach it phase by phase – Begin with log only, analyze the events and tighten
the controls slowly and steadily.
Databases
Transaction
Applications
Data At Rest• Data classification• Device control• Content control• Application control
Transaction Data• Direct Database Access• Access via Applications
• Web applications• Web services
Data Storage (SAN
and NAS)Servers,Endpoints
CommunicationChannels
Data In Motion• Outgoing communications• Internal communications• Databases and documents• Monitoring and enforcement
Employees(Honest & Rogue)
Customers& Criminals
Accidental, Intentional and Malicious Leaks
Employees(Honest & Rogue)
Employees(Honest & Rogue)
Courtesy: www.PortAuthorityTech.com
The Landscape
• Lets you secure the data you know you need to protect
• Automate the discovery and understanding of the data you don’t know
• By securing all your information—from the datacenter to the network endpoints—you protect it through all phases of its lifecycle—at rest, in motion, and in use—and ensure its confidentiality and integrity.
What DLP offer?
• Identify and Classify data in motion, at rest, and in use
• Dynamically apply the desired type and level of control, including the ability to perform mandatory access control that can’t be circumvented by the user
• Monitors multiple channels for specific inbound and outbound content
DLP Products may differs based on these.
How Does DLP Work?
Through
• Deep content inspection • Contextual security analysis of transaction
(attributes of originator, data object, medium, timing, recipient/destination, etc.)
• With a centralized management framework.
The systems are designed to detect and prevent the unauthorized use and
transmission of confidential information
How?
Capabilities
Data ProtectionWhat is the UserDoing With It?Read, Write, Print, Move, Burn, Copy/Paste, Upload, etc.
Where Did theData Come From?(What Classification?)
Where Is theData Going?
What is the Policy regarding Actions to be taken?
Devices
Applications
Networks
1 42 3
Reduce Your Risk
Audit, Notify, Quarantine, Block
Encrypt…
Reduce Risk
• Enable enforcement policy• Quarantine suspicious
messages• Create audit trail of all
communications to substantiate compliance
• Reduce violations to required levels
EnforceLearn
Define Metrics
• Use pre-defined policies or create custom policies
• Learn critical information using information fingerprinting service
Monitor
• Monitor communication channels
• Reporting of matches against policies and information fingerprints
• Tune policies
Assess Risk
Courtesy: www.PortAuthorityTech.com
• Information Leakage is a serious concern to organizations and individuals
• Approach has to be holistic addressing through People, Process and Technology
• DLP technology addresses Data in motion, rest and at use.
Summary
• Classification Policy, Information about Data and Data Source, Classify those, Select DLP Solution, Develop Policies and Test, Apply, Monitor, Fine Tune, Awareness
• Action – Log, Alert, Justify, Block etc..
• Resistance, Org Culture, Performance, huge amount of known/unknown data etc are some of the obstacles.
• Start with light weight policies and gradually tighten it once the awareness and adaptability is achieved
• Information Leakage Prevention is an ongoing process