how to secure your files with dlp and fam

Presented by,

Ash Devata, Sr. Manager, DLP Products, RSA

Raphael Reich, Director of Product Marketing, Imperva

5 Ways to Lockdown Your Sensitive Files with DLP and FAM

Agenda

Major Trends

5 Steps to Regain Control

Conclusion And Q&A

Today’s Presenter

Ash Devata, Sr. Manager, DLP Products, RSA

Expertise

+ DLP, data security, information classification

+ Presented at RSA, ISC2 sessions, EMC World, etc.

Worked at

+ RSA, EMC, Startups

+ Chaired sustainable development projects in Boston

Academics

+ Degrees in MBA and Electronics and Instrumentation Engineering

+ Co-author of books/journals on BPO

Today’s Presenter

Raphael Reich, Dir. Product Marketing, Imperva

Expertise

+ 20+ years in product marketing, product management, and software engineering

Professional Experience

+ Cisco, Check Point, Digital Equipment Corp.

Academics

+ Bachelor’s degree in Computer Science from UC Santa Cruz

+ MBA from UCLA

CONFIDENTIAL

Major Trends 5 Steps to Regain Control

Conclusion And Q&A

Data is Growing & Constantly Changing

Constant growthIDC: 11/09

0

100

200

300

400

500

1 2 3 4 5 6 7 8 9

Vo

lum

e

Time

60%

80%

20%

Unstructured (file data)

Structured (DB, Apps)

Substantial volumeIDC: 2009 File-Based Storage Taxonomy, 11/09

Enterprise data volume

• As data grows, so does the volume of user access rights• Rights are also very dynamic

• Employees, contractors, consultants, etc., join/leave the organization, start/finish projects, change job roles, etc.

Two Types of Sensitive Data

• Credit card data

• Privacy data (PII)

• Health care information

Data You

Collect

• Intellectual property

• Financial information

• Trade secrets

Data You

Create

And Companies Are Losing Data

Non-malicious end user trying to get the

job done

IT and Business managing data

without total visibility

Malicious user stealing data using

authorized tools

Three Main Threat Vectors

1 2 3

Regulation Scope Example Requirement Control measure

PCI-DSS Credit card dataRequirement 7: “Restrict access to cardholder data by business need to know”

Audit and review user rights

HIPAA Healthcare-related PIISection 164.312(b): “Implement…mechanisms that record and examine activity…”

Activity monitoring

FERC-NERC

US energy industryRequirement 5.1.2: “…create historical audit trails of individual user account access activity.”

Activity monitoring

ITAR US weapons exportSection 120.17: Restricts “Disclosing…or transferring technical data to a foreign person…”

Audit and review user rights

MA 201 CMR 17

PII of state residents

Section 17.04 (1d): “…restrict access to active users and active user accounts…" Section 17.04 (2a) "restrict access...to those who need…to perform their job duties"

Audit and review user rights, plus Activity

monitoring to identify dormant users

And There Are Regulations to Prevent Data Loss

Regulations: sensitive data must be protected

Summary

Requirements Controls

Business need-to-know access

User rights auditing and reviews

Historical audit trails Audit file access activity

Restrict access to active users Correlate file rights with file accessactivity

Personal Information Breach Notification Laws

46

3214

75%

States have PII breach notification laws

Number of notified incidents since Jan 2006

PII breaches are a result of insider actions

States with No PII Breach Notification LawsAlabama, Kentucky, New Mexico, and South Dakota

Highly Prescriptive Regulations for Managing PII

Proactive

Prescriptive

Auditable

Source: 2010, Annual Study: Cost of a Data Breach, Ponemon Institute

or $214 per record

What does a data breach

cost? US$7.2 Million

End of The Day, Data Loss is Very Expensive

The Second Type of Sensitive Data Is Import Too

“Secrets comprise two-thirds of the value of firms’ information portfolios”

Forrester 2009: Securing Sensitive IP Survey

Source Code Blue PrintsFinancial Results

Contracts M&A InitiativesStrategic Plans

Patent Filings

BiddingRoad Maps

Programming

Partnership Plans Portfolio ModelsInvestment Details Competitive IntelPartnership Plans

Research Results Raw R&D DataUn-Published Docs Business PlansProduct Docs

Competitive

Advantage

Brand

Equity

Employee

Morale

Taking Data With Them When They Go

70% of employees plan to take something with them when they leave the job

+ Intellectual Property: 27%

+ Customer data: 17%

Over 50% feel they own it

Source: November 2010 London Street Survey of 1026 people, Imperva

Insiders

Example breach: $50M+ in automotive designs

Xiang Dong Yu

• Worked at Ford 10 years• Took 4,000 design documents• Estimated $50-100 Million in value• Went to work for Beijing Automotive Co.

CONFIDENTIAL

Major Trends

5 Steps to Regain Control Conclusion And Q&A

5-Steps To Regain Control

Discover sensitive data

Identify data owners

Communicate with data owners

Implement policy

controls

Remediate

Discover Sensitive Data

SharePoint

Databases

Endpoints

NAS/SAN

File Servers

RSA DLP Datacenter

Agents

Temp Agents

Grid

Virtual Grid

• File extension

• File type, size, etc.

Attributes & Identity Analysis

• General keywords

• Specialized keywords

• Patterns and strings

• Proximity analysis

• “negative” rules

Content in File

Data Discovery Is Part of RSA Data Loss Prevention

RSA DLP Network

RSA DLP Endpoint

Email WebConnected

PCs

RSA DLP Enterprise Manager

Disconnected PCs

RSA DLP Datacenter

File shares SharePoint Databases

When You Find Sensitive Data…

• Who to contact?• What to ask?• How to track responses?• How to follow up?• How to orchestrate?• How to manage the process?

ResultSensitive files discovered by DLP

IT decides on remediation

Involve end-user in remediation

• IT does not have business context• Potential of disruption to business

Step 2 In Regaining Control




Implement policy

controls

Remediate

How Owners Are Identified Today

See who created the file/folder

Examine ACLs

Mass e-mails

Phone calls

Keep notes

22

Finding an owner: 1 hour per folder on average

Who Owns It? Ask The People Who Know Best…

23

?





Implement policy

controls

Remediate

Communicate With Data Owners

RSA DLP Datacenter

SharePoint

Databases

Endpoints

NAS/SAN

Agents

Temp Agents

Grid

Virtual Grid

File Servers

RSA DLPRisk Remediation Manager

Imperva FAM

Business Users

Discover Sensitive DataManage Remediation

Workflow





Implement policy

controls

Protect files

Real Time Policy Enforcement Through FAM

Block and alert when users outside Finance access Finance data

Drill down for details on “who, what , when, where”

See triggered alerts

Leverage DLP Data Discovery in FAM

Click to import CSV

Leverage DLP Data Discovery in FAM

-29

View classification in SecureSphere and

use in policy building





Implement policy

controls

Remediate

Apply Controls to Protect Data

RSA DLP Datacenter

SharePoint

Databases

Endpoints

NAS/SAN

Agents

Temp Agents

Grid

Virtual Grid

File Servers

RSA DLPRisk Remediation Manager

Imperva FAM

Apply DRM

Encrypt

Delete / Shred

Change Permissions

Policy Exception

Business Users

Discover Sensitive DataManage Remediation

WorkflowApply

Controls

Remediate Excessive Access

Are there dormant users?• May want to revoke rights of inactive users

What rights are not used?• Users with access they appear not to need

Should “Everyone” have access to sensitive data?• “Everyone” group in Active Directory literally means all users

Understand Access Rights And Their Origins

See what a user can access

…and how they got access to data

Traditional Approach – The Old Way

Day 130K files discovered

by DLP

Day 150Spreadsheet consolidation

into an access database -

Attempt to deliver metrics

Day 180No consistent data.

Contractor funding extensions have ended.

Internal resources left with no repeatable process.

Day 4Minimal context

for file

ownership.

Let the e-mail

exchange begin.

With The Solution: Reduce Time Up To 85%

Day T30K files discovered by RSA DLP

Day T + 15DLP RRM sends initial questionnaire to data owners

Data owners and IT agree on remediation controls

Day T + 6090% of files remediated

Repeatable and continuously monitored

Analyst work space and executive metrics in DLP RRM.

Day T + 5 1200 Owners in 10 Countries Identified by RSA DLP

Imperva identifies file owners based on access to files

CONFIDENTIAL

Major Trends

5 Steps to Regain Control

Conclusion And Q&A

To Wrap Up…




Implement policy controls

Protect files

• Data protection is essential

• Data protection goes beyond IT

• Focus on people & process

• Look for more complete solutions

• Involve all stake holders in planning

About RSA, The Security Division of EMC

Prove Compliance Secure Virtualization

& Cloud

Secure AccessManage Risk and Threats

SIEM DLPNetwork

MonitoringAuthentication

Web Fraud

DetectioneGRC IT GRC Encryption

Usage

Audit

Access

Control

Rights

Management

Attack

Protection

Reputation

Controls

Virtual

Patching

Imperva: Our Story in 60 Seconds

Webinar Materials

Post-Webinar Discussions

Answers to Attendee Questions

Webinar Recording Link

Much more…

Get LinkedIn to Imperva Data Security Direct for…

http://www.linkedin.com/groups/Imperva-Data-Security-Direct-3849609

Questions and AnswersQuestions and Answers

how to secure your files with dlp and fam

Technology

data breach

technical data

data security

controldiscoversensitive

data discovery

customer data

type of sensitive data

data loss regulations