quick wins with data loss prevention€¦ · – mcafee dlp solution overview . quick wins with...
TRANSCRIPT
![Page 1: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/1.jpg)
Quick Wins with Data Loss Prevention How to Make DLP Work for You Rich Mogull, CEO & Analyst Securosis, L.L.C.
John Dasher, Senior Director, Data Protection, McAfee
Mark Moroses, Assistant CIO, Continuum Health Partners
![Page 2: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/2.jpg)
2
Agenda
• Rich Mogull, CEO & Analyst, Securosis, L.L.C. – Low-Hanging Fruit: Quick Wins with DLP
• Mark Moroses, Assistant CIO, Continuum Health Partners – How Continuum uses McAfee DLP to protect sensitive patient data
• John Dasher, Senior Director, Data Protection, McAfee – McAfee DLP solution overview
![Page 3: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/3.jpg)
Quick Wins with Data Loss Prevention!
Rich Mogull!Securosis, LLC!
![Page 4: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/4.jpg)
DLP Fears!
• Too complex to deploy.!
• Too many false positives.!
![Page 5: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/5.jpg)
The Quick Wins Process!
![Page 6: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/6.jpg)
"Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis."!
-Rich Mogull!
![Page 7: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/7.jpg)
What DLP Provides!• Helps you identify where you store
sensitive information.!
• Helps you understand how that information is used and moved throughout your organization.!
• Proactively protects your information, while limiting impact on legitimate business processes.!
![Page 8: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/8.jpg)
Defining Process!
![Page 9: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/9.jpg)
Process Workflow!
![Page 10: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/10.jpg)
Prepare Directory Servers!
• Why? DLP policies are typically user and group based.!
• Need to correlate activities back to warm bodies.!
• Poor directories are a leading obstacle to DLP deployments.!
• Email vs. Web vs. Endpoint!
![Page 11: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/11.jpg)
Integrate with Infrastructure!
• Passive sniffer (SPAN/Mirror)!
• Email (MTA)!
Network!
• Software deployment!
Endpoint!
• Admin credentials!
Storage!
![Page 12: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/12.jpg)
Integration Recap!
• For all deployments: Directory services (usually your Active Directory and DHCP servers).!
• Network deployments: Network gateways and mail servers.!
• Endpoint deployments: Software distribution tools.!
• Discovery/storage deployments: File shares on the key storage repositories (you generally only need a username/password pair to connect).!
![Page 13: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/13.jpg)
Choose Flavor!Single Data Type! Information Usage!
![Page 14: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/14.jpg)
Choose Deployment Type!
Network! Storage! Endpoint!
![Page 15: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/15.jpg)
Define Policies!Single Type!
• Leverage an existing category when possible.!
• Tune later.!
• False positives are good!!
Information Usage!
• Turn on (nearly) everything.!
• Collect as much as possible to identify usage patterns.!
![Page 16: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/16.jpg)
Monitor!ID! Time! Policy! Channel! Severity! User! Action! Status!1138! 1625! PII! Email! 1.2 M! rmogull! Blocked! Open!1139! 1632! HIPAA! IM! 2! jsmith! Notified!Assigned!1140! 1702! PII! HTTP! 1! 192.168.0.213! None! Closed!1141! 1712! R&D/Product X! USB! 4! bgates! Notified!Assigned!1142! 1730! Financials! Storage! 4! 192.168.1.94! Encrypt! Escalated!
1143! 12/1/08! Source Code! Cut/Paste! 12! sjobs! Confirm! Open!
![Page 17: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/17.jpg)
Analyze!• Top violations by data type.!
• Top violations by business unit.!
• Top violations by volume.!
• False positive patterns.!
• Different violations from same source.!
• Unusual origins.!
![Page 18: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/18.jpg)
What Did We Accomplish?!
• Established a flexible incident management process.!
• Integrated with major infrastructure components.!
• Assessed broad information usage.!
• Set foundation for later.!
![Page 19: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/19.jpg)
Deployment Best Practices!
Evaluate results!
Tune policy!
Add protection!
Expand scan scope!
Baseline scan!Integrate with Infrastructure!
Define Initial Policy!
![Page 20: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/20.jpg)
Rich Mogull!
[email protected]!http://securosis.com!
AIM: securosis!Skype: rmogull!
Twitter: rmogull!
Securosis, L.L.C.!
![Page 21: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/21.jpg)
Continuum Health Partners Deploying Data Loss Prevention
Mark Moroses, Assistant CIO, Continuum Health Partners
![Page 22: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/22.jpg)
22
Background
• Who is Continuum Health Partners? • Drivers
– Regulations - HIPAA – Joint commissions to certify best practices – Regular audits
• Failure not an option • Policy
– Must be able to ensure enforcement – Need to prove policies are being followed
![Page 23: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/23.jpg)
Solution
• Business Enablement – IT supporting physician’s needs
• Allow liberal web access while still having monitoring capabilities • Data Risk Assessment
– Documented inappropriate data leakage, which helped secure budget • Investigative Support
– McAfee DLP has become the starting point for investigations – Investigations now able to occur much faster
• Passing Audits – Proving compliance with policies and demonstrating working controls – Predictable technology and process speed future audits, reduce
manpower requirements
23
![Page 24: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/24.jpg)
Lessons Learned
• Executive sponsorship – Physician with prior first-hand experience
• Deployment – “Soft opening” – Communicated roll-out plan
• Response Plan – No “ready, fire, aim” – Work closely with HR & Legal stakeholders
24
![Page 25: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/25.jpg)
McAfee Data Loss Prevention
John Dasher, Senior Director, Data Protection, McAfee
![Page 26: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/26.jpg)
McAfee Data Protection 26
Static DLP Leaks Data
Violations
Data
![Page 27: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/27.jpg)
McAfee Data Protection 27
Static DLP Leaks Data
Violations
Bit Bucket
Data
![Page 28: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/28.jpg)
McAfee Data Protection 28
McAfee DLP Leverages Data
Violations
Data
![Page 29: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/29.jpg)
McAfee Data Protection 29
McAfee DLP Leverages Data
Violations
Capture Data Intelligence
Data
Fast, accurate policy creation and rapid, in-depth investigations
![Page 30: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/30.jpg)
McAfee DLP 9 Advantages
Tight Product Integration • Integrated technologies provide superior protection • Optimized oversight and control
Deployment Velocity • Protected sensitive data more quickly • Drive down deployment and ongoing costs
Data Analytics • Build better policy, conduct fast investigations • Anticipate risks before they become problems
![Page 31: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/31.jpg)
31
McAfee DLP Solution – What Others Say
SC Magazine finds McAfee Host DLP “to be a good value for customers looking for a lot of features and a lot of flexibility in both data leakage control and enterprise rights management.”
NetworkWorld found that McAfee has a “very practical understanding of the role of DLP in a modern organization” with “innovative features, excellent user interfaces, and a clear vision for the future of DLP.”
![Page 32: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/32.jpg)
32
McAfee DLP Resources
• Optimized Security Architecture for Data Protection http://www.mcafee.com/us/enterprise/optimize/data_protection.html
– 10 Steps to Protecting Your Data – Low Hanging Fruit: Quick Wins with DLP – Forrester Research Total Economic Impact of McAfee DLP – McAfee 48-hour Data Risk Assessment
• http://dataprotection.mcafee.com/forms/RiskAssessment
• Data Protection section of McAfee.com http://www.mcafee.com/us/enterprise/products/data_protection/data_loss_prevention/index.html
– Continuum and BCI customer case studies
• Data Protection Blogs http://siblog.mcafee.com/category/data-protection/
![Page 33: Quick Wins with Data Loss Prevention€¦ · – McAfee DLP solution overview . Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC! DLP Fears! • Too complex to deploy.!](https://reader034.vdocuments.us/reader034/viewer/2022051604/5ffdf5643d08624de95675c8/html5/thumbnails/33.jpg)
Q&A