内容说明checkpoint培训

1、DLP OverviewTony SabajSales Manager DLP, Central North America (847) 833-3941DATA IS EXPLODINGLeaks are Increasingly CommonRecent Statistics48%Of 900 breaches were caused by insiders96%Of 900 breaches were avoidable through simple or intermediate security controls 1%Out of 498 breaches reported that

2、 they had security features protecting the exposed dataSource: Identity Theft Resource Center (ITRC), 2010 Data Breach Investigations ReportImplement a data security policythat supports business and user needsImplementing a Data Security PolicyDefine: Straightforward PolicyEducatePeopleEnforce with

3、TechnologyMeasure and ImproveWhere to Start? Understand UsageWho should have access?What is the impact if shared beyond those people?Where can the information be used? When is it sensitive?Why is the Data being protectedWhere to Start? Typical FrameworksBasic HierarchyPublic, Internal, ConfidentialS

4、pecific RegulationsPCI, HIPAA, SOXBusiness ProcessesCompensation Reviews, M&AWhere to Start and ConsiderationsHave a Written PolicyRegardless of enforcement capabilitiesAddress the needs of the organizationComplianceIntellectual PropertyConstantly involve, educate and communicate the users community

5、 of the Data Protection PolicyWhat the Experts Are sayingMost Data Protection Solutions are nontransparent controlsintentionally visible to an end user primary value proposition of changing user behavior. This is very different from transparent controls such as firewalls and antivirus programs that

6、are unseen by end users.Nontransparent controls represent a cultural shift for many organizationsWhere to Start and Considerations Start SmallNo Need to try and Boil the OceanDefine short, mid and long term success factorsAddress Data In Motion and End Points FirstKnow what is important to the organ

7、izationDifferent Groups have different needsWhat is important to an Organization?Example from real world Engagement Retail Franchise organizationHRIP/Production/ Marketing/R&DFinanceLegalExecutiveEmployee Details SSN, Start Date, Term Info, DOB, Address, Sex, Religion, Race, Age, Salary InfoPerforma

8、nce ReviewsDisciplinary ReportsSource CodeInternal AppFranchise financial reportingFinancial Models for Derivative AnalystsHosted Financial AppContractsFranchise agreements/sub-leasesReal Estate leasesVendor ContractsBoard CommunicationsEmployee RecordsBackground ReportsTemp Emps & ContractorsArea L

9、eader & General Mgr. ReportsAudit ReportsFinancial and GL reports on network shareVendor InfoFranchise informationTemp login passwords (aaaaa#) for access to BenefitsStrategic Marketing PlansSales ForecastingBoard CommunicationsLitigationsEmployee informationOrganizational ChartsBenefit Info (Insura

10、nce)Long/Short Term DisabilityLife InsuranceMedical Claim InfoNew Product LaunchCompany ForecastProduct ForecastStock ReportsCompany ForecastProduct ForecastWhat the Experts Are sayingCritical to get business involvement in the requirements planning and implementation of DLPGartner continues to see

11、organizations struggling with DLP deploymentsMore organizations are willing to limit the scope of a DLP deployment and avoid boil the ocean thinking, resulting in more successful deploymentsWhat the Experts are Saying“IDC believes that through the use of security suites, new security technologies ca

12、n be implemented without degrading existing security capabilities. This trend will only continue as people search for more complete security that is also manageable.”“ endpoint security used to enhance Internet security, there will be a growing need for the use of endpoint security to protect corpor

13、ate information from unauthorized disclosure. This is performed by full-disk and file encryption”“. This will require improved enterprise management capabilities associated with the endpoints”Where to Start and ConsiderationsMake sure solution integrates with existing security controlsPolicy Managem

14、entReportingLoggingEvent ManagementWhat the Experts Are sayingData Protection Console interfaces shouldEasy to read, interpret and use Display complex information from network, endpoint and while not overburdening operatorsThe capabilities supported in the console should includeDefinition of policie

15、sRemediation mechanismsDefinition of management and user rolesTriageIdentification of eventsCase management, Event managementReportingWhere to Start and ConsiderationsKnow the Data Loss VectorsEmailWeb 2.0Cloud/Service ProvidersSocial MediaEncryptionEnd PointsManagedUnmanagedUSB/Removable MediaWhere

16、 to Start and ConsiderationsAddress the different data “flows” and have a policy for eachData in MotionOutboundInternalInboundData at RestData in UseAddress different data access/transfer methodsRemote AccessMobile DevicesEndpointsEmailWeb 2.0Where to Start and ConsiderationsMake sure that solution

17、is flexible enough for the organizations unique needsData TypesChanging PolicyEducation/awarenessPolicy exceptions for specific users or groupsPolicies that follow users and devicesWhat the Experts Are sayingCritical Capabilities (Enterprise DLP)Endpoint audit, control and discoveryNetwork audit and

18、 controlData store discoveryEase of deploymentConfiguration flexibilityAdvanced detectionInternationalization supportManagement consoleVendor responsivenessDLP Solutions Types, as defined by GartnerEnterprise DLP Solutions which provide organizations with advanced content-aware inspection capabiliti

19、es and robust management consoles Channel DLPConsists of content-aware DLP capabilities that are integrated within an existing application from a management and/or enforcement perspectiveDLP-liteOfferings that group a specific set of capabilities in a way that addresses a niche market Data Loss Prev

20、entionWhat the Experts are SayingWhat do we hope to achieve with a DLP deployment? Although many organizations have an innate desire to have a fully content-aware corporate infrastructure that closely monitors the day-to-day use of sensitive data in all its forms, most organizations will rarely ever

21、 deploy more than the basic capabilities included in DLP offerings. As a result, Gartner has seen a significant increase in channel DLP deployments in large and small organizations. - GartnerGartner projects that the majority of organizations (approximately 70%) may be able to deploy good enough DLP

22、 capabilities in evolving channel-specific solutions by 2013 to satisfy government regulations with respect to private and sensitive data, and for the automated application of protection mechanisms, such as the encryption of email and the storage of sensitive content to USB and other removable stora

23、ge media or portable devices. Data Loss PreventionPolicyPeopleEnforcementIntroducingCheck Point Data SecurityFull Disk EncryptionData Loss PreventionCheck Point Data SecurityUser IdentityUnified Endpoint SecurityMobile AccessGlobal Office (GO)Application ControlData Loss PreventionSimply Enforcing Y

24、our Security PolicyCredit Card information should not leave the companyDefine PolicyImplement DLP Out-of-the-Box PoliciesImplement TechnologyAlert userand prompt for actionEducate & EmpowerA Compliance ScenarioDLP Out-of-the-Box PolicyJohn, Lets review the corporate strategy in our morning meeting.G

25、reen World Strategy Plan 2010 Corporate StrategyData Loss Prevention AlertAn email that you have just sent has been quarantined.Reason: attached document contains confidential internal dataThe message is being held until further action.Send , Discard , or Review IssueCheck Point Data Loss Prevention

26、 UserCheck Educate or AlertUsers on corporate data policiesUser RemediationIT staff resources monitor only remediationBlock or PreventMove from detection to preventionCheck Point Combines Technology and Processes to Make DLP WorkNEW!Monitor Results DLP Customer Success Story: Fitchburg State Univers

27、ity, USAApproach“We looked at other solutions and were overwhelmed by the amount of time, money and resources they would cost us”Check Point DLP in FSCDetects and blocks PCI incidentsAlerts and educates staff members to avoid sending sensitive data in email communicationsBackgroundState University,

28、MA, USA70% of tuition payments are made online Needed to meet PCI compliance and state regulationsBackgroundApproach“Then, we saw Check Point DLP. It was literally up and running in matter of minutes.”Compensation information must be restricted to HR and managersDefine PolicyImplement DLP form templ

29、atepolicyImplement TechnologyAlert userand prompt for actionEducate & EmpowerA Business Process ScenarioUsing DLP to Enforce Your PolicyEXAMPLESHR forms / salary / offersFinancial docsPatient recordsInsurance FormsBank formsDetect and Recognize Your Proprietary FormsMultiSpect Form DetectionForms/Pa

30、rtial FormsRecognize sensitive forms and templatesCompensation review.xlsDLP Customer Success Story: European BankApproachWerent originally really looking for DLP Risk management team and IT team were unaware of DLP needDeployed POCResultsPCI-DSS violations were immediately detectedConfidential emai

31、ls being sent to personal Gmail accounts“It is amazing how you can recognize a templateworks great!” BackgroundEuropean subsidiary of Latin American bankCheck Point Approach Business Goals Achieved Day 1 Meet federal/state mandates as well as industry compliance Protect intellectual propertyFast to

32、Implement and Prevent Network-based DLP focus to efficiently monitor, log and remediate data leakage 500+ pre-defined data types & 800+ standard file types 30-day log to prevent mode for sensitive data types Operational, Management and Financial Efficiencies Streamlined management for best of breed

33、management architecture with SmartCenter Single point for data classification, policy enforcement, monitoring, remediation and reporting/event correlation Cost effective solution minimizes capital and operational costAchieve Compliance, Streamline Implementation, Management, Remediation and Simplify

34、 SecurityUnified Control and DeploymentCentralized ManagementFor Unified Control Across the Entire Security InfrastructureData Loss PreventionPolicy Definition Legacy:Now:Application Detection and Usage ControlsIdentify, allow, block or limit usage/bandwidth of applications at user or group levelMob

35、ile Access Software BladeEasy Access to Email and ApplicationsSimple DeploymentApple App Store/Android MarketplaceTap “Check Point Mobile”Enter your passwordGain secure access to your data!Mobile Access Software BladeUnified Remote Access from any deviceDevicesManaged PCsUnmanaged PCsMicrosoftMacOSS

36、mart Phones/TabletsiOSAndroidMethodsFull ClientOn Demand ClientSSL VPNMobile VPNHardware Token (GO)EncryptionMedia EncryptionFull Disk EncryptionCheck Point Is Data Security Leader!Check Point Media Encryption and Port Protection Block usage or encrypt dataTransparent user experienceCentralized poli

37、cy managementGranular tracking of removable devices Prevents data loss and theftthrough removable media and portCheck Point Full Disk EncryptionEncrypt hard diskComprehensive OS supportEasy and fast deploymentMost advanced recovery optionsProtects corporate information from unauthorized access when

38、laptops are lost or stolenEndpoint Security Management TodayDifficult to administrate, support and manageLimited visibility into securityIncreasing Endpoints per userMultiple vendorsMultiple Endpoint Security Products Assorted Endpoints per userIT Managers opposing objectivesEndpoint Security Manage

39、ment ChallengeMaximize end-user productivityEffectively manage the complexityMobile users on multiple machinesMultiple capabilities to protect endpoint and ensure complianceProtect end users and corporate from threatsVisibility and control of policyUnified Security Endpoint ManagementCheck Point Sim

40、plifies Endpoint Security ManagementManage Security of Users, Not Just MachinesUnique Visibility and ControlUnified Endpoint Security ManagementCheck Point Simplifies Endpoint Security ManagementUnified Endpoint Security managementUnified Endpoint SecurityUnify all endpoint security protection in a

41、single management console and serverFull Disk EncryptionMedia EncryptionRemote AccessWebCheckFirewall/Compliance CheckAnti-Malware/Program ControlComprehensive Security on the EndpointProtect against drive-by-downloads, phishing sites and zero-day attacksStop unwanted traffic, prevent malware and bl

42、ock targeted attacksAutomatically and transparently secure all information on endpoint hard drivesCentrally enforceable encryption of removable media and port controlProtects your endpoint from unsecure, malicious and unwanted applicationsProvide secure, seamless access to corporate networks remotel

43、yCheck Point Simplifies Endpoint Security ManagementGet Unique Visibility and ControlUnique Visibility and ControlMonitorManageEnforceeverything thats important to youpolicy and exceptions on the flycompliance before the network is accessedUnique Visibility and ControlView all policies in useSummari

44、zed infection reportingFilter compliance report by groups or networksView all endpoint connectivityView all latest updatesMonitor with customizable, at-a-glance dashboardUnique Visibility and ControlManage all levels of the organization down to users and machinesRoses laptopRoses desktopHigh-level v

45、iewOrganizationsUsersMachinesSeamless Active Directory IntegrationAdamPhillipRoseFinanceSalesHREngineeringMy organizationUnique Visibility and ControlEnforce and remediate endpoint complianceCorrect endpoint security modules?Updated OS service pack?Approved applications only?Updated anti-malware ver

46、sion?VerifyRestrict AccessAllow AccessRemediateYESNOUnique Visibility and ControlHRFinanceQuickly deploy the right level of protection for the right groupCheck Point Simplifies Endpoint Security ManagementManage Security of Users, Not Just MachinesHR machines have many usersManage Security of Users,

47、 Not Just MachinesSecurity policy follows the userRose has many machinesDrill down on groups, users and all their machines in a few clicksManage Security of Users, Not Just MachinesQuickly determine Roses statusSearch or click AD to investigate group or user statusFind Roses machines quicklyView Ros

48、es policiesManage Security of Users, Not Just MachinesEasily modify security policy Athens International Airport S.A.Customer ChallengesImprove security through the consolidation of technologies and reduced management complexitiesSimplify IT security and management in a complex environment Provide c

49、omprehensive protection on both the network and endpointsEnable a seamless user experience Reduce costs associated with IT management overheadSolved by Check PointEndpoint Security Software Blades Anti-Malware & Program Control, Firewall & Compliance Check, Remote Access VPN, and WebCheckSecurity Ma

50、nagement Software Blades SmartEvent, SmartReporter, Network Policy Management, and Endpoint Policy ManagementSecurity Gateway BladesIPSEC, AppControl, IPS, FirewallAthens International Airport S.ACustomer Quotes “ The Check Point Software Blade solution allows us to see the big picture. Its the first time weve had this level of visibility into both our network and endpoint machines; its