Sophos / Utimaco Data Loss Prevention
Peter Szendröi, SOPHOS Nordics
Jan 20, 2010
Sophos,Simply Secure
Changing security landscape
PCI-DSSHIPAA
CSB 1386
GLBA 95/46/EC
Contractors, outsourcing
Partners, customers
Web 2.0
Mobile workers
Firewall
Corporate data
$Customer
dataIntellectual
propertyPersonally identifiableinformation
Targeted
...targeting commercial data
Complex threats....
Web-based, Invisible
Fast changing
Regulatory disclosure and reputation damage
Digital generation set loose Information theft – not graffiti
5
Headlines are the tip of the iceberg
Brand damage
Loss of customers
Incremental internal costs
Direct costs of intellectual property loss
6
How is this data exposed?
Insider theft accounts for only 5-15% of the data loss
Most data breaches are accidental
Only 2.4% were prevented by protective measures (e.g. encryption)
What data is at risk?
7
Process Work Knowledge Work
Well-defined responsibilities
Well-defined workflows
Dealing with PII
Risks:
- Non-compliance
- Criminal prosecution
- Brand / reputation damage
Changing roles / assignments
Unstructured data
Company information assets
Risks:
- Competitive damage
- Loss of partner trust
Personally identifiableinformation
Intellectual propertyCustomerdata
Business challenge Conflicting Goals!
Challenge of Data Loss Prevention
8
Enable productivity, mobility
and flexible “web 2.0” working
Comply with regulation
Avoid damaging data loss
There is no “100% DLP”
but also
9
Simply Secure Data Loss Prevention
10
Four elements of an effective DLP strategy
Control the user environment by restricting data exit points
Control devices, applications, email and web usage
Ensure security policy compliance
Protect confidential and sensitive information
Full disk, removable storage and file encryption
Email encryption
Prevent leakage of personal identifiable information
Comprehensive coverage of personally identifiable information types
Continuously assess, audit, report and enforce on endpoint and gateway
Classify intellectual property and sensitive business data
Empower knowledge workers to classify sensitive business data
Apply classification to existing documents and data sets
11
Control user environment
Data loss objective: Significantly reduce risk by managing what users can do on data exit points
Sophos solution provides granular control of: Storage devices and network interfaces
Applications
Web site access
Continuously monitor user behaviour and enforce security policies
SophosLabs provide the domain expertise: Managed application definitions (P2P, IM, Remote Access)
Managed web site categories (webmail, social networks, IM)
Indentify over 150 file formats using “True File Type” technology
12
Protect confidential and sensitive information
Data loss objective:
Data encryption is the ultimate data loss insurance policy
Sophos solution protects data where it is most exposed:
Laptops
Removable storage and optical media
Server file shares
Data protection platform:
Enterprise mangement console and key management
Integration with Active Directory
Transparent file and folder encryption
Audit compliance
13
Prevent leakage of PII
Data loss objective: Tackle the highest risk of regulatory infringement and brand damage
Sophos solution covers all critical data leakage points: Storage, web, email and IM
Fully integrated into core endpoint and gateway products
SophosLabs provide the content expertise: Over 100 expert definitions of personally identifiable information
Administrator decides appropriate enforcement action: Audit – silent background monitoring of events
Training – audited end user authorisation
Enforcement - encrypt or block transfer
14
Classify and protect documents
Data loss objective:
Protect high value intellectual property and operations data
Sophos solution is designed to empower knowledge workers:
Define classification levels within policy
Enable end user to tag and classify new documents
Embed classification within document
Scan for and classify existing documents using document context
Enforce policies for classified documents on endpoint and gateway
Integrated with enterprise encryption solution:
Leverages existing user identity and permissions
Provides workable enterprise rights management
Sophos Data Loss Prevention
15
Enterprise Security and Control SafeGuard Enterprise
Solutions designed to meet a need
16
Process Work Knowledge Work
Comply with regulations
Protect data using full disk
encryption
Prevent leakage of PII from
endpoints
Prevent leakage of PII from
email and web gateway
Data at resting scanning of PII
on endpoints
Protect company assets using
encryption and classification.
Detect leakage of IP via common
leak points.
Classify and protect IP at the
point of creation.
Persistent tagging
Identify and protect IP using
automated classification and data
at rest scanning.
SafeGuard EnterpriseYour key to data protection with encryption
SafeGuard
Device Encryption
2. Encrypt laptops, desktops
SafeGuard
FileShare*6. Secure network file
shares
SafeGuard
Management Center
1. Consistent policies, mgmt. of keys & certificates
SafeGuard
Data Exchange
3. Encrypt removable media
SafeGuard
Configuration Protection
4. PC port control & DLP
SafeGuard
Partner Connect
5. Manage external security products
(*) Future release
Safeguard Mail Gateway overview
1 2 34
5
1. Email Client sends out Email in plain text2. Email Server forwards Email to Content-Filter3. Content-Filter forwards Email to SGMG4. SGMG evaluates Email Security Policy and
cryptographically handles the Email accordingly
5. SGMG delivers Email to the Recipient
a. External Communication Partner sends an encrypted Email
b. SGMG identifies encrypted Email and decrypts this Email. The Email is now in plain-text.
c. SGMG forwards Email to AV-Scannerd. AV-Scanner checks and forwards the Email to
the Email Servere. Email Client receives Email in plain text
e d cb
a
20
Questions?
Top Related