how to secure your files with dlp and fam
DESCRIPTION
A single gigabyte of data in your data center contains thousands of folders and a massive amount of files. Which files contain sensitive data? Who owns and has access to these files? How do you protect this data? When faced with an audit or forensic investigation, most organizations are left scrambling for answers to these questions. Learn how the unique combination of File Activity Monitoring (FAM) and Data Loss Prevention (DLP) technologies simplify and accelerate these processes, reducing the time to remediate and protect sensitive data. Our five step plan includes automating processes to: 1. Discover sensitive data 2. Identify data owners 3. Communicate with business owners 4. Implement policy controls 5. Remediate excessive accessTRANSCRIPT
Presented by,
Ash Devata, Sr. Manager, DLP Products, RSA
Raphael Reich, Director of Product Marketing, Imperva
5 Ways to Lockdown Your Sensitive Files with DLP and FAM
Agenda
Major Trends
5 Steps to Regain Control
Conclusion And Q&A
Today’s Presenter
Ash Devata, Sr. Manager, DLP Products, RSA
Expertise
+ DLP, data security, information classification
+ Presented at RSA, ISC2 sessions, EMC World, etc.
Worked at
+ RSA, EMC, Startups
+ Chaired sustainable development projects in Boston
Academics
+ Degrees in MBA and Electronics and Instrumentation Engineering
+ Co-author of books/journals on BPO
Today’s Presenter
Raphael Reich, Dir. Product Marketing, Imperva
Expertise
+ 20+ years in product marketing, product management, and software engineering
Professional Experience
+ Cisco, Check Point, Digital Equipment Corp.
Academics
+ Bachelor’s degree in Computer Science from UC Santa Cruz
+ MBA from UCLA
CONFIDENTIAL
Major Trends 5 Steps to Regain Control
Conclusion And Q&A
Data is Growing & Constantly Changing
Constant growthIDC: 11/09
0
100
200
300
400
500
1 2 3 4 5 6 7 8 9
Vo
lum
e
Time
60%
80%
20%
Unstructured (file data)
Structured (DB, Apps)
Substantial volumeIDC: 2009 File-Based Storage Taxonomy, 11/09
Enterprise data volume
• As data grows, so does the volume of user access rights• Rights are also very dynamic
• Employees, contractors, consultants, etc., join/leave the organization, start/finish projects, change job roles, etc.
Two Types of Sensitive Data
• Credit card data
• Privacy data (PII)
• Health care information
Data You
Collect
• Intellectual property
• Financial information
• Trade secrets
Data You
Create
And Companies Are Losing Data
Non-malicious end user trying to get the
job done
IT and Business managing data
without total visibility
Malicious user stealing data using
authorized tools
Three Main Threat Vectors
1 2 3
Regulation Scope Example Requirement Control measure
PCI-DSS Credit card dataRequirement 7: “Restrict access to cardholder data by business need to know”
Audit and review user rights
HIPAA Healthcare-related PIISection 164.312(b): “Implement…mechanisms that record and examine activity…”
Activity monitoring
FERC-NERC
US energy industryRequirement 5.1.2: “…create historical audit trails of individual user account access activity.”
Activity monitoring
ITAR US weapons exportSection 120.17: Restricts “Disclosing…or transferring technical data to a foreign person…”
Audit and review user rights
MA 201 CMR 17
PII of state residents
Section 17.04 (1d): “…restrict access to active users and active user accounts…" Section 17.04 (2a) "restrict access...to those who need…to perform their job duties"
Audit and review user rights, plus Activity
monitoring to identify dormant users
And There Are Regulations to Prevent Data Loss
Regulations: sensitive data must be protected
Summary
Requirements Controls
Business need-to-know access
User rights auditing and reviews
Historical audit trails Audit file access activity
Restrict access to active users Correlate file rights with file accessactivity
Personal Information Breach Notification Laws
46
3214
75%
States have PII breach notification laws
Number of notified incidents since Jan 2006
PII breaches are a result of insider actions
States with No PII Breach Notification LawsAlabama, Kentucky, New Mexico, and South Dakota
Highly Prescriptive Regulations for Managing PII
Proactive
Prescriptive
Auditable
Source: 2010, Annual Study: Cost of a Data Breach, Ponemon Institute
or $214 per record
What does a data breach
cost? US$7.2 Million
End of The Day, Data Loss is Very Expensive
The Second Type of Sensitive Data Is Import Too
“Secrets comprise two-thirds of the value of firms’ information portfolios”
Forrester 2009: Securing Sensitive IP Survey
Source Code Blue PrintsFinancial Results
Contracts M&A InitiativesStrategic Plans
Patent Filings
BiddingRoad Maps
Programming
Partnership Plans Portfolio ModelsInvestment Details Competitive IntelPartnership Plans
Research Results Raw R&D DataUn-Published Docs Business PlansProduct Docs
Competitive
Advantage
Brand
Equity
Employee
Morale
Taking Data With Them When They Go
70% of employees plan to take something with them when they leave the job
+ Intellectual Property: 27%
+ Customer data: 17%
Over 50% feel they own it
Source: November 2010 London Street Survey of 1026 people, Imperva
Insiders
Example breach: $50M+ in automotive designs
Xiang Dong Yu
• Worked at Ford 10 years• Took 4,000 design documents• Estimated $50-100 Million in value• Went to work for Beijing Automotive Co.
CONFIDENTIAL
Major Trends
5 Steps to Regain Control Conclusion And Q&A
5-Steps To Regain Control
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy
controls
Remediate
Discover Sensitive Data
SharePoint
Databases
Endpoints
NAS/SAN
File Servers
RSA DLP Datacenter
Agents
Temp Agents
Grid
Virtual Grid
• File extension
• File type, size, etc.
Attributes & Identity Analysis
• General keywords
• Specialized keywords
• Patterns and strings
• Proximity analysis
• “negative” rules
Content in File
Data Discovery Is Part of RSA Data Loss Prevention
RSA DLP Network
RSA DLP Endpoint
Email WebConnected
PCs
RSA DLP Enterprise Manager
Disconnected PCs
RSA DLP Datacenter
File shares SharePoint Databases
When You Find Sensitive Data…
• Who to contact?• What to ask?• How to track responses?• How to follow up?• How to orchestrate?• How to manage the process?
ResultSensitive files discovered by DLP
IT decides on remediation
Involve end-user in remediation
• IT does not have business context• Potential of disruption to business
Step 2 In Regaining Control
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy
controls
Remediate
How Owners Are Identified Today
See who created the file/folder
Examine ACLs
Mass e-mails
Phone calls
Keep notes
22
Finding an owner: 1 hour per folder on average
Who Owns It? Ask The People Who Know Best…
23
?
Step 3 In Regaining Control
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy
controls
Remediate
Communicate With Data Owners
RSA DLP Datacenter
SharePoint
Databases
Endpoints
NAS/SAN
Agents
Temp Agents
Grid
Virtual Grid
File Servers
RSA DLPRisk Remediation Manager
Imperva FAM
Business Users
Discover Sensitive DataManage Remediation
Workflow
Step 4 In Regaining Control
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy
controls
Protect files
Real Time Policy Enforcement Through FAM
Block and alert when users outside Finance access Finance data
Drill down for details on “who, what , when, where”
See triggered alerts
Leverage DLP Data Discovery in FAM
Click to import CSV
Leverage DLP Data Discovery in FAM
-29
View classification in SecureSphere and
use in policy building
Step 5 In Regaining Control
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy
controls
Remediate
Apply Controls to Protect Data
RSA DLP Datacenter
SharePoint
Databases
Endpoints
NAS/SAN
Agents
Temp Agents
Grid
Virtual Grid
File Servers
RSA DLPRisk Remediation Manager
Imperva FAM
Apply DRM
Encrypt
Delete / Shred
Change Permissions
Policy Exception
Business Users
Discover Sensitive DataManage Remediation
WorkflowApply
Controls
Remediate Excessive Access
Are there dormant users?• May want to revoke rights of inactive users
What rights are not used?• Users with access they appear not to need
Should “Everyone” have access to sensitive data?• “Everyone” group in Active Directory literally means all users
Understand Access Rights And Their Origins
See what a user can access
…and how they got access to data
Traditional Approach – The Old Way
Day 130K files discovered
by DLP
Day 150Spreadsheet consolidation
into an access database -
Attempt to deliver metrics
Day 180No consistent data.
Contractor funding extensions have ended.
Internal resources left with no repeatable process.
Day 4Minimal context
for file
ownership.
Let the e-mail
exchange begin.
With The Solution: Reduce Time Up To 85%
Day T30K files discovered by RSA DLP
Day T + 15DLP RRM sends initial questionnaire to data owners
Data owners and IT agree on remediation controls
Day T + 6090% of files remediated
Repeatable and continuously monitored
Analyst work space and executive metrics in DLP RRM.
Day T + 5 1200 Owners in 10 Countries Identified by RSA DLP
Imperva identifies file owners based on access to files
CONFIDENTIAL
Major Trends
5 Steps to Regain Control
Conclusion And Q&A
To Wrap Up…
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy controls
Protect files
• Data protection is essential
• Data protection goes beyond IT
• Focus on people & process
• Look for more complete solutions
• Involve all stake holders in planning
About RSA, The Security Division of EMC
Prove Compliance Secure Virtualization
& Cloud
Secure AccessManage Risk and Threats
SIEM DLPNetwork
MonitoringAuthentication
Web Fraud
DetectioneGRC IT GRC Encryption
Usage
Audit
Access
Control
Rights
Management
Attack
Protection
Reputation
Controls
Virtual
Patching
Imperva: Our Story in 60 Seconds
Webinar Materials
Post-Webinar Discussions
Answers to Attendee Questions
Webinar Recording Link
Much more…
Get LinkedIn to Imperva Data Security Direct for…
Questions and AnswersQuestions and Answers