data leakage presentation e crime congress091209 final pdf
DESCRIPTION
Illyas presentation on Information Leakage at e-crime congress on 9th December 2009 at Abu Dhabi Armed Officer\'s Club.TRANSCRIPT
![Page 1: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/1.jpg)
A knowledge based approach to Data
Protection
-Information Leakage Prevention-Where technology fails?
Where it can help?
ILLYAS KOOLIYANKALPMP, CISM, CISA, CISSP, ITIL, ISO 27001 LA
IT Security Officer
Abu Dhabi Securities Exchange
![Page 2: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/2.jpg)
So it is happening around U?
![Page 3: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/3.jpg)
Information Leakage
What is it? And why is it suddenly become such a hot topic?
![Page 4: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/4.jpg)
Agenda
Introduction
Cases of Data Loss
Existing Security Mechanisms?
How can you Approach the Protection? Is it Easy?
How can you Protect?
Technology – DLP
Important factors/Best Practices
ADX Approach
Summary
![Page 5: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/5.jpg)
Why Data is a Priority?
Indirect Costs$1.5M$15/record
Opportunity Costs$7.5M$75/record
Direct Costs$5.0M$50/record
Cost of Data Breaches$140/record
Source: Ponemon Institute SVB Alliant
Leakage of confidential/proprietary information
Un patched vulnerabilities
Insider attacks
Spyware
Phishing attacks
Malicious Code
Spam
Denial of Service attacks
Fraud
Keystroke loggers
52%
24%
18%
14%
10%
4%
4%
4%
2%
2%
What do you consider to pose the
biggest current threat to your
organization’s overall security?
(multiple responses)
Source: Merrill Lynch survey of 50 North American CISOs, July 2006
![Page 6: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/6.jpg)
Why DLP is so HOT?
More mobility, flexibility – Laptops, palmtops and homeworkers…data is in and out of organization.
Criminals using Leaked data for monitory gain
Business impact – Reputation, monitory, growth, …
Legal and Regulatory compliances – you can be liablefor the loss of data under your custody (credit cards,identity information, etc.)
Local (ADSIC) and international standards
Finally…. it started to affect us personally – credit cards,identity information leaks…
![Page 7: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/7.jpg)
Are you Protected?
Are you confident that the personal information of yourcustomers will not leak to the Internet?
What safeguards do you have in place to prevent thetheft or loss of your confidential documents, sourcecode, marketing data, trade secrets or other intellectualproperty?
![Page 8: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/8.jpg)
Data Leakage Incidents
In 2007, an official with the Dutch Foreign Ministryaccidentally left a USB stick containing unencryptedconfidential information—building maps, security codes,account information and more—in a rental car
A laptop stolen from the home of a U.S. Department ofVeterans’ Affairs employee contained the SocialSecurity numbers and birth dates for nearly 27 millionveterans and their spouses. None of the information wasencrypted
![Page 9: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/9.jpg)
Data Leakage Incidents
More recently, the Harris County (Texas) HospitalDistrict admitted that an administrator, eager to catch upon work over the weekend, lost an unencrypted USBflash drive containing medical and financial records of1,200 patients with AIDS, HIV, and other medicalconditions
Countrywide Financial Corporation (now part of Bank ofAmerica) is still recovering from the theft and sale ofpersonal information—including Social Securitynumbers—of nearly two million mortgage applicants, bya former employee in August, 2008
![Page 10: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/10.jpg)
Data Leakage Incidents - UAE
Corporate Data Thefts Cause Huge Losses to Firms
by Amira Agarib , 19 October 2009
DUBAI — Disclosure of confidential information causes huge losses
especially to the companies whose value and wealth are based on information related to their customers and resources. This was stated on Saturday by Major Saeed Al Hajiri, director of Anti-Cyber Crimes Department, Dubai Police.
So far 316 electronic crime cases have been recorded andinvestigated, including seven cases of breach of trust and sale ofconfidential information to competitor companies.
In one of the cases, an investment company reported to the police that it had lost clients as someone had sold information to competitors.
The investigators checked the computers and investigations led them to two suspects, who worked as collectors for the company.
![Page 11: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/11.jpg)
Incident Monitoring
![Page 12: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/12.jpg)
How Serious it is?
Every year, many companies must confess thedisclosure of their customers' credit card and SocialSecurity numbers in the media, which is not onlyenormously embarrassing and harmful in itself butinvites lawsuits.
Recession - when cash-strapped companies are goingout of business every day, a severe intellectual propertytheft can lead to lost sales or the covert transfer ofvaluable trade secrets to one's competitors
![Page 13: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/13.jpg)
How it Happens?
Whether it’s a researcher, who accidentally sends a new product formula to hundreds of partners,
OR
A junior member of the finance team who unknowingly exposes the company’s unannounced financial results to the public
OR
Even a hard-working, loyal employee who takes home his laptop or a USB drive for the weekend to get work done—and accidentally leaves it on the subway as he runs to greet his children at the end of a long workweek
“Internal risk that can lead to data loss are real.”
![Page 14: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/14.jpg)
Data Leakage - Boundary
Employees(remote workers,
mobile workers)
Business Partners(Suppliers, outsourcers,
consultants)
CompetitorsCustomers
Hackers
Contractors
Temporaries
Visitors
SOURCE: FORRESTER RESEARCH
Employees
Sensitive Data
![Page 15: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/15.jpg)
Existing Security Devices/Solutions?
Stop incoming threats; miss outgoing
sensitive information
Courtesy: www.PortAuthorityTech.com
![Page 16: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/16.jpg)
Protected from Outsiders –Is it Enough?
Over the years, organizations have spent tremendousamount of resources in hopes of protecting theirinformation.
However, their efforts have been focused on preventingoutsiders from hacking into the organization, educatingemployees, and securing data at rest
![Page 17: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/17.jpg)
Data - Concerns
As organizations invest millions in business
Systems, increasing the availability of information to
build or maintain a competitive edge, there remain a
slew of security-related considerations, including:
Where is the organization’s confidential & sensitive data?
How, where, and when is the data transmitted and by whom?
How can the data be controlled and protected?
What is my organization’s financial risk (from a leak)?
![Page 18: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/18.jpg)
Most effective Approach
Holistic Approach
People, Process, Technology
Develop and implement fool proof processes in overallbusiness environment (Information –at all stages/states)
Staff Awareness and support
Implement appropriate technology to assist the usersand the organization to protect the data efficiently andwithout business interruption.
![Page 19: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/19.jpg)
Is it Easy?Issues
Information is required for the business easily andseamlessly.
Existing security solutions and tools are with limitedcapability
Huge amount of sensitive data and alsounwanted/outdated data
Information leaked by Internal/Authorized users
Performance issues.
False Positives and False Negatives
User Resistance & Org Culture of Trust, openness
Impact to the normal business operations?
![Page 20: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/20.jpg)
How can you protect?
Approach it as a business problem rather than atechnical one.
Formulate a comprehensive strategy for Data protection,by addressing information leakage also.
Develop a classification policy after thorough businessstudy and based on industry best practices.
Analyze various data sources and data, classify it, andconduct detailed risk assessment.
Identify and select an appropriate technical solution forDLP
![Page 21: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/21.jpg)
How can you protect?
State of the Data– in motion, at rest, in use.
Develop/Decide on the policies to be applied based onthe sensitivity and classification
Apply light weight policies and train the users to be morecareful
Actions – Controls (Log, Alert, Justification, block, etc)
Monitor and Fine Tune
Approach it phase by phase – Begin with log only, analyze the events and tighten the controls slowly and steadily.
![Page 22: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/22.jpg)
Where to Start?
Where is my confidential data?
Where is my data going?
Who is using data?
How can I protect it?
What is the business and resource impact?
How do I get started?
What Technology Available to support?
How much does it cost?
![Page 23: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/23.jpg)
What is DLP?
To detect and prevent the unauthorized transmission of information from the
computer systems of an organization to outsiders.
Information Leak Detection & Prevention (ILDP), Information Leak
Prevention (ILP) or Content Monitoring and Filtering (CMF).
![Page 24: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/24.jpg)
DLP Technology ?
With Data Protection solutions, you can quickly and comprehensively determine
What data needs to be secured?
When you need to protect it?
Who is sending it out of the company?
How sensitive is the data? And
Where it is stored/moved/used?
![Page 25: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/25.jpg)
What DLP offer?
Let you secure the data you know you need to protect
Automate the discovery and understanding of the datayou don’t know—to create a comprehensive solutionthat guards against the risk posed by insiders.
By securing all your information—from the datacenter tothe network endpoints—you protect it through all phasesof its lifecycle—at rest, in motion, and in use—andensure its confidentiality and integrity.
![Page 26: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/26.jpg)
Where to apply protection?
Protect Data In Motion & Use▫ Monitor outbound and internal communications to identify data policy
violations
▫ Automated selective blocking/enforcement of information reaching unauthorized recipients
▫ Automated selective enforcement (eg; encryption) of sensitive information for authorized recipients
Protect Data at Rest▫ Discover sensitive data that violates regulatory or internal security policies
▫ Automated selective enforcement of unauthorized transfer of files/documents
▫ Automated encryption of critical information assets
![Page 27: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/27.jpg)
The Landscape
Data At Rest
• Data classification
• Device control
• Content control
• Application control
Transaction Data
• Direct Database Access
• Access via Applications
• Web applications
• Web services
Data In Motion
• Outgoing communications
• Internal communications
• Databases and documents
• Monitoring and enforcement
Employees(Honest & Rogue)
Customers& Criminals
Accidental,
Intentional and
Malicious Leaks
Employees(Honest & Rogue)
Employees(Honest & Rogue)
Courtesy: www.PortAuthorityTech.com
![Page 28: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/28.jpg)
How is it different?
Various products are available and they are differ based on
Channels
Method of analysis
Performance & resources requirements
etc…
![Page 29: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/29.jpg)
How Does DLP Work?
Identify and Classify data in motion, at rest, and in use
Dynamically apply the desired type and level of control, including the ability to perform mandatory access control that can’t be circumvented by the user
Monitors multiple channels for specific inbound and outbound content
![Page 30: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/30.jpg)
What it provides?
Track complete sessions for analysis, not individual packets, with full understanding of application semantics
Use linguistics analysis techniques beyond simple keyword matching for detection (i.e. advanced regular expressions, partial document matching, etc.)
Detect (or filter) content that is based on policy-based rules
Block/Alert/Log/Justify (at a minimum) policy-based violations
![Page 31: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/31.jpg)
Reduce Your Risk
Audit, Notify,
Quarantine, Block
Encrypt
…
Reduce Risk
• Enable enforcement policy
• Quarantine suspicious
messages
• Create audit trail of all
communications to
substantiate compliance
• Reduce violations to
required levels
EnforceLearn
Define Metrics
• Use pre-defined policies
or create custom policies
• Learn critical information
using information
fingerprinting service
Monitor
• Monitor communication
channels
• Reporting of matches
against policies and
information fingerprints
• Tune policies
Assess Risk
Courtesy: www.PortAuthorityTech.com
![Page 32: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/32.jpg)
How to select the vendor?
Monitoring Vs Prevention
Centralized Management
Performance Impact
Market Presence – Experience in Policy development and problems faced will be beneficial
Ease of Integration – should not be overlooked
Staff need – Operate and manage?
![Page 33: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/33.jpg)
Important factors
Clear definition of the ―need for DLP‖ should be in place
Try Proof of concept from the vendors
Phase by phase approach – start with data in use/motion
Adequate and comprehensive testing (functionality and performance) should be ensured.
Apply the policy of Prevention/Block once it is tested and confident to avoid any business interruption
![Page 34: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/34.jpg)
Important Factors
Take time to have a comprehensive understanding and inventory of the types of sensitive data and what policies are need to control and enforce how the data can be shared.
For this, analyze the regulatory requirement, enforcement and intellectual property protection
Analyze the impact of DLP on the workflow – solution should be dynamic and flexible to support the business process and the changes in it.
Comprehensive and effective
Unobtrusive – Non Intrusive
Look for reporting, administration
Combine best of breed solutions
![Page 35: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/35.jpg)
Additional Features to look for
Data Discovery scanning and moving the sensitive files to a secure location.
Integration with Active Directory
Incident remediation process
![Page 36: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/36.jpg)
ADX – How we approached
Built a Data protection strategy in consideration with Information Leakage
Developed an information classification policy
Identified all the information assets and sources of it with sensitivity
Analyzed and identified the prospective channels of information leakage
![Page 37: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/37.jpg)
ADX – How we approached
Went through a process of selecting the DLP solution
Analyzed the business needs and how the DLP solution can be integrated with Operations
C-level buy in and support
Developed proposed policies and discussed with the information owners and got their buy in.
Customized based on operational requirements
Tested the policies
Implement it across with management inputs and requirements
![Page 38: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/38.jpg)
DLP – Ongoing Process
Information Leakage Prevention – is an ongoing processand a huge learning curve exists.
Recommended to be in Monitoring mode for 6 monthsbefore applying any blocking feature, unless you aretotally sure.
![Page 39: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/39.jpg)
Summary
Information Leakage is a serious concern to organizations and individuals
Approach has to be holistic addressing through People, Process and Technology
DLP technology addresses Data in motion, rest and at use.
![Page 40: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/40.jpg)
Summary
Classification Policy, Information about Data and Data Source, Classify those, Select DLP Solution, Develop Policies and Test, Apply, Monitor, Fine Tune, Awareness
Action – Log, Alert, Justify, Block etc..
Resistance, Org Culture, Performance, huge amount of known/unknown data etc are some of the obstacles.
Start with light weight policies and gradually tighten it once the awareness and adaptability is achieved
Information Leakage Prevention is an ongoing process
![Page 41: Data Leakage Presentation E Crime Congress091209 Final Pdf](https://reader030.vdocuments.us/reader030/viewer/2022020122/546c26f8af79596c298b4e90/html5/thumbnails/41.jpg)
Thank You!
Illyas Kooliyankal
IT Security Officer
Abu Dhabi Securities Exchange
Contacts: 0504442878/026128994
Any Questions ?