版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、DLP OverviewTony SabajSales Manager DLP, Central North America (847) 833-3941DATA IS EXPLODINGLeaks are Increasingly CommonRecent Statistics48%Of 900 breaches were caused by insiders96%Of 900 breaches were avoidable through simple or intermediate security controls 1%Out of 498 breaches reported that
2、 they had security features protecting the exposed dataSource: Identity Theft Resource Center (ITRC), 2010 Data Breach Investigations ReportImplement a data security policythat supports business and user needsImplementing a Data Security PolicyDefine: Straightforward PolicyEducatePeopleEnforce with
3、TechnologyMeasure and ImproveWhere to Start? Understand UsageWho should have access?What is the impact if shared beyond those people?Where can the information be used? When is it sensitive?Why is the Data being protectedWhere to Start? Typical FrameworksBasic HierarchyPublic, Internal, ConfidentialS
4、pecific RegulationsPCI, HIPAA, SOXBusiness ProcessesCompensation Reviews, M&AWhere to Start and ConsiderationsHave a Written PolicyRegardless of enforcement capabilitiesAddress the needs of the organizationComplianceIntellectual PropertyConstantly involve, educate and communicate the users community
5、 of the Data Protection PolicyWhat the Experts Are sayingMost Data Protection Solutions are nontransparent controlsintentionally visible to an end user primary value proposition of changing user behavior. This is very different from transparent controls such as firewalls and antivirus programs that
6、are unseen by end users.Nontransparent controls represent a cultural shift for many organizationsWhere to Start and Considerations Start SmallNo Need to try and Boil the OceanDefine short, mid and long term success factorsAddress Data In Motion and End Points FirstKnow what is important to the organ
7、izationDifferent Groups have different needsWhat is important to an Organization?Example from real world Engagement Retail Franchise organizationHRIP/Production/ Marketing/R&DFinanceLegalExecutiveEmployee Details SSN, Start Date, Term Info, DOB, Address, Sex, Religion, Race, Age, Salary InfoPerforma
8、nce ReviewsDisciplinary ReportsSource CodeInternal AppFranchise financial reportingFinancial Models for Derivative AnalystsHosted Financial AppContractsFranchise agreements/sub-leasesReal Estate leasesVendor ContractsBoard CommunicationsEmployee RecordsBackground ReportsTemp Emps & ContractorsArea L
9、eader & General Mgr. ReportsAudit ReportsFinancial and GL reports on network shareVendor InfoFranchise informationTemp login passwords (aaaaa#) for access to BenefitsStrategic Marketing PlansSales ForecastingBoard CommunicationsLitigationsEmployee informationOrganizational ChartsBenefit Info (Insura
10、nce)Long/Short Term DisabilityLife InsuranceMedical Claim InfoNew Product LaunchCompany ForecastProduct ForecastStock ReportsCompany ForecastProduct ForecastWhat the Experts Are sayingCritical to get business involvement in the requirements planning and implementation of DLPGartner continues to see
11、organizations struggling with DLP deploymentsMore organizations are willing to limit the scope of a DLP deployment and avoid boil the ocean thinking, resulting in more successful deploymentsWhat the Experts are Saying“IDC believes that through the use of security suites, new security technologies ca
12、n be implemented without degrading existing security capabilities. This trend will only continue as people search for more complete security that is also manageable.”“ endpoint security used to enhance Internet security, there will be a growing need for the use of endpoint security to protect corpor
13、ate information from unauthorized disclosure. This is performed by full-disk and file encryption”“. This will require improved enterprise management capabilities associated with the endpoints”Where to Start and ConsiderationsMake sure solution integrates with existing security controlsPolicy Managem
14、entReportingLoggingEvent ManagementWhat the Experts Are sayingData Protection Console interfaces shouldEasy to read, interpret and use Display complex information from network, endpoint and while not overburdening operatorsThe capabilities supported in the console should includeDefinition of policie
15、sRemediation mechanismsDefinition of management and user rolesTriageIdentification of eventsCase management, Event managementReportingWhere to Start and ConsiderationsKnow the Data Loss VectorsEmailWeb 2.0Cloud/Service ProvidersSocial MediaEncryptionEnd PointsManagedUnmanagedUSB/Removable MediaWhere
16、 to Start and ConsiderationsAddress the different data “flows” and have a policy for eachData in MotionOutboundInternalInboundData at RestData in UseAddress different data access/transfer methodsRemote AccessMobile DevicesEndpointsEmailWeb 2.0Where to Start and ConsiderationsMake sure that solution
17、is flexible enough for the organizations unique needsData TypesChanging PolicyEducation/awarenessPolicy exceptions for specific users or groupsPolicies that follow users and devicesWhat the Experts Are sayingCritical Capabilities (Enterprise DLP)Endpoint audit, control and discoveryNetwork audit and
18、 controlData store discoveryEase of deploymentConfiguration flexibilityAdvanced detectionInternationalization supportManagement consoleVendor responsivenessDLP Solutions Types, as defined by GartnerEnterprise DLP Solutions which provide organizations with advanced content-aware inspection capabiliti
19、es and robust management consoles Channel DLPConsists of content-aware DLP capabilities that are integrated within an existing application from a management and/or enforcement perspectiveDLP-liteOfferings that group a specific set of capabilities in a way that addresses a niche market Data Loss Prev
20、entionWhat the Experts are SayingWhat do we hope to achieve with a DLP deployment? Although many organizations have an innate desire to have a fully content-aware corporate infrastructure that closely monitors the day-to-day use of sensitive data in all its forms, most organizations will rarely ever
21、 deploy more than the basic capabilities included in DLP offerings. As a result, Gartner has seen a significant increase in channel DLP deployments in large and small organizations. - GartnerGartner projects that the majority of organizations (approximately 70%) may be able to deploy good enough DLP
22、 capabilities in evolving channel-specific solutions by 2013 to satisfy government regulations with respect to private and sensitive data, and for the automated application of protection mechanisms, such as the encryption of email and the storage of sensitive content to USB and other removable stora
23、ge media or portable devices. Data Loss PreventionPolicyPeopleEnforcementIntroducingCheck Point Data SecurityFull Disk EncryptionData Loss PreventionCheck Point Data SecurityUser IdentityUnified Endpoint SecurityMobile AccessGlobal Office (GO)Application ControlData Loss PreventionSimply Enforcing Y
24、our Security PolicyCredit Card information should not leave the companyDefine PolicyImplement DLP Out-of-the-Box PoliciesImplement TechnologyAlert userand prompt for actionEducate & EmpowerA Compliance ScenarioDLP Out-of-the-Box PolicyJohn, Lets review the corporate strategy in our morning meeting.G
25、reen World Strategy Plan 2010 Corporate StrategyData Loss Prevention AlertAn email that you have just sent has been quarantined.Reason: attached document contains confidential internal dataThe message is being held until further action.Send , Discard , or Review IssueCheck Point Data Loss Prevention
26、 UserCheck Educate or AlertUsers on corporate data policiesUser RemediationIT staff resources monitor only remediationBlock or PreventMove from detection to preventionCheck Point Combines Technology and Processes to Make DLP WorkNEW!Monitor Results DLP Customer Success Story: Fitchburg State Univers
27、ity, USAApproach“We looked at other solutions and were overwhelmed by the amount of time, money and resources they would cost us”Check Point DLP in FSCDetects and blocks PCI incidentsAlerts and educates staff members to avoid sending sensitive data in email communicationsBackgroundState University,
28、MA, USA70% of tuition payments are made online Needed to meet PCI compliance and state regulationsBackgroundApproach“Then, we saw Check Point DLP. It was literally up and running in matter of minutes.”Compensation information must be restricted to HR and managersDefine PolicyImplement DLP form templ
29、atepolicyImplement TechnologyAlert userand prompt for actionEducate & EmpowerA Business Process ScenarioUsing DLP to Enforce Your PolicyEXAMPLESHR forms / salary / offersFinancial docsPatient recordsInsurance FormsBank formsDetect and Recognize Your Proprietary FormsMultiSpect Form DetectionForms/Pa
30、rtial FormsRecognize sensitive forms and templatesCompensation review.xlsDLP Customer Success Story: European BankApproachWerent originally really looking for DLP Risk management team and IT team were unaware of DLP needDeployed POCResultsPCI-DSS violations were immediately detectedConfidential emai
31、ls being sent to personal Gmail accounts“It is amazing how you can recognize a templateworks great!” BackgroundEuropean subsidiary of Latin American bankCheck Point Approach Business Goals Achieved Day 1 Meet federal/state mandates as well as industry compliance Protect intellectual propertyFast to
32、Implement and Prevent Network-based DLP focus to efficiently monitor, log and remediate data leakage 500+ pre-defined data types & 800+ standard file types 30-day log to prevent mode for sensitive data types Operational, Management and Financial Efficiencies Streamlined management for best of breed
33、management architecture with SmartCenter Single point for data classification, policy enforcement, monitoring, remediation and reporting/event correlation Cost effective solution minimizes capital and operational costAchieve Compliance, Streamline Implementation, Management, Remediation and Simplify
34、 SecurityUnified Control and DeploymentCentralized ManagementFor Unified Control Across the Entire Security InfrastructureData Loss PreventionPolicy Definition Legacy:Now:Application Detection and Usage ControlsIdentify, allow, block or limit usage/bandwidth of applications at user or group levelMob
35、ile Access Software BladeEasy Access to Email and ApplicationsSimple DeploymentApple App Store/Android MarketplaceTap “Check Point Mobile”Enter your passwordGain secure access to your data!Mobile Access Software BladeUnified Remote Access from any deviceDevicesManaged PCsUnmanaged PCsMicrosoftMacOSS
36、mart Phones/TabletsiOSAndroidMethodsFull ClientOn Demand ClientSSL VPNMobile VPNHardware Token (GO)EncryptionMedia EncryptionFull Disk EncryptionCheck Point Is Data Security Leader!Check Point Media Encryption and Port Protection Block usage or encrypt dataTransparent user experienceCentralized poli
37、cy managementGranular tracking of removable devices Prevents data loss and theftthrough removable media and portCheck Point Full Disk EncryptionEncrypt hard diskComprehensive OS supportEasy and fast deploymentMost advanced recovery optionsProtects corporate information from unauthorized access when
38、laptops are lost or stolenEndpoint Security Management TodayDifficult to administrate, support and manageLimited visibility into securityIncreasing Endpoints per userMultiple vendorsMultiple Endpoint Security Products Assorted Endpoints per userIT Managers opposing objectivesEndpoint Security Manage
39、ment ChallengeMaximize end-user productivityEffectively manage the complexityMobile users on multiple machinesMultiple capabilities to protect endpoint and ensure complianceProtect end users and corporate from threatsVisibility and control of policyUnified Security Endpoint ManagementCheck Point Sim
40、plifies Endpoint Security ManagementManage Security of Users, Not Just MachinesUnique Visibility and ControlUnified Endpoint Security ManagementCheck Point Simplifies Endpoint Security ManagementUnified Endpoint Security managementUnified Endpoint SecurityUnify all endpoint security protection in a
41、single management console and serverFull Disk EncryptionMedia EncryptionRemote AccessWebCheckFirewall/Compliance CheckAnti-Malware/Program ControlComprehensive Security on the EndpointProtect against drive-by-downloads, phishing sites and zero-day attacksStop unwanted traffic, prevent malware and bl
42、ock targeted attacksAutomatically and transparently secure all information on endpoint hard drivesCentrally enforceable encryption of removable media and port controlProtects your endpoint from unsecure, malicious and unwanted applicationsProvide secure, seamless access to corporate networks remotel
43、yCheck Point Simplifies Endpoint Security ManagementGet Unique Visibility and ControlUnique Visibility and ControlMonitorManageEnforceeverything thats important to youpolicy and exceptions on the flycompliance before the network is accessedUnique Visibility and ControlView all policies in useSummari
44、zed infection reportingFilter compliance report by groups or networksView all endpoint connectivityView all latest updatesMonitor with customizable, at-a-glance dashboardUnique Visibility and ControlManage all levels of the organization down to users and machinesRoses laptopRoses desktopHigh-level v
45、iewOrganizationsUsersMachinesSeamless Active Directory IntegrationAdamPhillipRoseFinanceSalesHREngineeringMy organizationUnique Visibility and ControlEnforce and remediate endpoint complianceCorrect endpoint security modules?Updated OS service pack?Approved applications only?Updated anti-malware ver
46、sion?VerifyRestrict AccessAllow AccessRemediateYESNOUnique Visibility and ControlHRFinanceQuickly deploy the right level of protection for the right groupCheck Point Simplifies Endpoint Security ManagementManage Security of Users, Not Just MachinesHR machines have many usersManage Security of Users,
47、 Not Just MachinesSecurity policy follows the userRose has many machinesDrill down on groups, users and all their machines in a few clicksManage Security of Users, Not Just MachinesQuickly determine Roses statusSearch or click AD to investigate group or user statusFind Roses machines quicklyView Ros
48、es policiesManage Security of Users, Not Just MachinesEasily modify security policy Athens International Airport S.A.Customer ChallengesImprove security through the consolidation of technologies and reduced management complexitiesSimplify IT security and management in a complex environment Provide c
49、omprehensive protection on both the network and endpointsEnable a seamless user experience Reduce costs associated with IT management overheadSolved by Check PointEndpoint Security Software Blades Anti-Malware & Program Control, Firewall & Compliance Check, Remote Access VPN, and WebCheckSecurity Ma
50、nagement Software Blades SmartEvent, SmartReporter, Network Policy Management, and Endpoint Policy ManagementSecurity Gateway BladesIPSEC, AppControl, IPS, FirewallAthens International Airport S.ACustomer Quotes “ The Check Point Software Blade solution allows us to see the big picture. Its the first time weve had this level of visibility into both our network and endpoint machines; its
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2024年标准的银行贷款合同范文(2篇)
- 2024年商标转让委托代理协议范文(二篇)
- 2024年就业协议标准样本(二篇)
- 2024年煤炭买卖合同电子版(四篇)
- 2024年房子租赁协议标准模板(4篇)
- 2024年用工劳动合同专业版(2篇)
- 2024年单项工程施工协议简单版(四篇)
- 2024年对外加工装配合同简易版(3篇)
- 人教版数学五年级下册期末测试卷及1套完整答案
- 六年级下册道德与法治第三单元《多样文明 多彩生活》测试卷(模拟题)
- 营养指导员理论考试题库及答案
- 2021国资委企业绩效评价标准值
- 智慧金融应用
- 《无人机系统飞行手册编制规范》
- 三效蒸发器操作说明书
- 【基于SLP方法的物流园平面布局规划案例分析7400字(论文)】
- 语文-2023年高考新课标Ⅱ卷《社戏》解析
- 具有履行合同所必须的设备和专业技术能力的承诺函-设备和专业技术能力承诺
- 史上最全船舶演习记录规范(中英文对照)
- 能源消耗监控系统项目售后服务与培训方案
- 23秋国家开放大学《学前教育科研方法》形考作业1-3+终考作业参考答案
评论
0/150
提交评论