Priyanka Aash, profile picture
Uploaded byPriyanka Aash
PPTX, PDF1,551 views

Ciso round table on effective implementation of dlp & data security

The document discusses an effective implementation of data loss prevention (DLP) and data security. It covers key factors like the evolving threat landscape, business drivers for DLP, common challenges, and approaches to solve data security issues. An effective methodology is proposed, including identifying critical data and channels, deploying suitable policies, monitoring incidents, and establishing governance through continuous review and improvement. Critical success factors include business involvement, a phased implementation approach, and repeating the plan-do-check-act cycle periodically. The expected project outcomes are protection of critical channels, improved data tracking and awareness, and happier customers and auditors.

In this document
Powered by AI

Introduction to CISO Roundtable on DLP and data security, led by Venkatasubramanian Ramakrishnan.

Discussed the inflection point, key factors affecting data security, and role evolution of InfoSec.

Introduction to DLP project, explaining enterprise challenges and agenda for addressing data security.

Identified challenges in enterprise DLP including regulatory requirements, employee dynamics, and evolving threats.

Impact of confidentiality, regulatory compliance, and data breach prevention on business interests.

Addressed common misnomers about DLP security, emphasizing proper data classification and incident responses.

Explained how DLP complements existing security solutions and fills gaps to protect classified information.

Outlined key considerations for DLP solution decision making including usability, integration, and scalability.

Detailed approach to DLP implementation involving stakeholder engagement and continuous monitoring efforts.

Stressed the importance of business involvement in DLP project success, ongoing policy adaptation required.

Presented results of DLP implementation, highlighting improved monitoring, compliance, and employee awareness.

Emphasized critical learnings such as organizational culture importance and ongoing DLP process establishment.

Overview of technology architecture and various data security solutions including DLP, GRC, and access controls.

Summary of key capabilities provided by DLP to ensure data security across various channels.

Methods for detecting sensitive information within images and continual small leaks of data over time.

Discussed network DLP approaches including traffic inspection methods and response options by channel.

Explored endpoint DLP measures for safeguarding data across various channels and response protocols.

Covered methods of discovering data at rest & remediation capabilities through various techniques.

Introduced a management framework for DLP covering actions, sources of sensitive data, and enforcement.

Described incident management workflows and demonstrated risk reduction statistics over a 90-day period.

Final thank you and open forum for questions related to data security and DLP project discussions.

Downloaded 52 times
CISO Roundtable: Effective Implementation of DLP and Data Security
©2013, Cognizant | All rights reserved. The information contained herein is subject to change without notice. Venkatasubramanian Ramakrishnan Director- Global Information Security Cognizant Technology Solutions Information Security and Data Protection Strategy
| ©2013, Cognizant2 Contents 2 Inflection Point 3 Key Disrupting Factors 4 Role of Information Security Function 5 Data Security Strategy 6 Key Points 7 Big Picture 8 Threat Modeling 9 Sample Threat Modeling
| ©2013, Cognizant3 Inflection Point
| ©2013, Cognizant4 Key Disrupting Factors 1.Greater Business Partner Responsibility for Technology Projects 2.Workplace of the Future 3.Sharper Executive Focus on Risk Management 4.Core Responsibility Overlap with the Legal Function 5.Sophistication of External Threat Vectors
| ©2013, Cognizant5 Role of Information Security Function 2000-2004 2005-2012 2012 & Beyond Control Owner Decision Owner Decision Facilitator RiskManagementPhilosophy
| ©2013, Cognizant6 Data Security Strategy
| ©2013, Cognizant7 Key Points 1.New Era requires information security system design with a counter-intelligence mind set! 2.Competitive economic pressures and national security issues drive various entities to seek information and Intellectual Property 3.Counterintelligence awareness of the security leaders is the first step to improve the protection of proprietary information
| ©2013, Cognizant8 Big Picture T H R E A T S BUSINESS MODEL Strategy, people, process, technology and infrastructure in place to drive towards objectives OPPORTUNITIES OBJECTIVES strategic, operational , customer, compliance objectivesOPPORTUNITIES MANDATORY BOUNDARY (laws, government regulations and other mandates) VOLUNTARY BOUNDARY (organizational values, contractual obligations, internal policies and other promises )
| ©2013, Cognizant9 Threat Modeling Capabilities Competition Strategic Plans Political, Economic & Social Forces Markets Customers Technology Developments Industry Structure Competitive intelligence Collectors Terrorists “Ethically Flexible” Employees Critical Elements of Business Intelligence State Sponsored Attack Resource Poaching Threats Economic or Industrial Espionage Monitor External Environment • Monitor social media for any chatter on new methods or targets of attacks. • Engage in peer conversations to share knowledge and stay up-to-date on threat vectors, new techniques, known bad IP addresses, etc. • Understand what kinds of activities and news reports are likely to increase the chances of an incident.
| ©2013, Cognizant10 Sample Threat Modeling List of data or information that may be under threat Who may want it How motivated are they to get it (Ask these questions) Priority for Incident Response Planning (Determined by the previous three factors) Client credit card numbers Hacker-thieves Etc. What kind of clients do you have? Etc. Low/Med/High Intellectual property data Competitors Foreign governments interested in a particular IP or technology Etc. Will this IP significantly alter the market share landscape on the industry? Is the IP capable of providing extensive competitive advantage? Are there ideological reasons for stealing such information? Etc. Low/Med/High Manage Potential Threats • Determine what assets, data, information, etc. the organization owns that may be of particular interest to attackers. Also determine how important this information or data is to the business. • Determine who may want such information, how sophisticated they are, and what channels they may use to attempt to cause an incident. • Determine how motivated potential attackers may be.
©2013, Cognizant | All rights reserved. The information contained herein is subject to change without notice. Thank you
12 Data Leakage Prevention (DLP) Project
13 Agenda  Enterprise – Growing Challenges  Business Drivers for DLP  DLP Specific Challenges & Misnomer  Solution Decision Making  Approaches / Solutions to solve Data Security Challenges  Approach & Methodology  Critical Success Factor  Project Outcome  Key Learning’s
14 Enterprise - Growing Challenges  Growing Employee base and across locations  Enabling Employee friendly environment to keep them motivated & achieve work-life balance  Governed by different regulations and compliance requirement  Data Residing in multiple locations  Multiple Stakeholders Involved & lack of understanding  Everyone thinks all their data is critical and important (not so important)  Evolving Dynamic threat landscape (Government agencies, Fortune 100 companies, Enterprises are being constantly targeted & some of them successful too)  Outsourcing & its related discrete requirements / commitments  Growing adoption of public cloud / infrastructure / networks
15 Drivers Why it matters? Business Confidentiality Regulatory Compliance Business Drivers for DLP  To comply with Regulatory and Compliance requirements  Avoid penalties for non-compliance  Prevent data breaches / infiltration  Protect business interests, including customer confidence  Protect Company & Customer IPR  Protect Brand Value
16 DLP Specific Challenges & Misnomer  “All” our data is critical and confidential  IT department should be able to identify and classify critical business information  Lets fingerprint all our data  Lets configure DLP to protect all data  Lets block all sensitive information from going out and allow information transfer only on senior management approvals  We have defined 200 policies but the DLP solution is not raising any meaningful alerts
17 Approaches to solve Data Security Challenges  There are multiple solutions available in the market to address the Data Security requirement and most of them work in complementary fashion to one another.  DLP solution to be adopted to address the missing piece / gap created in other data security solutions as highlighted below. Solutions Area it Covers Missing Piece Full Disk Encryption Works on the Disk level to encrypt the drive All these solutions cannot differentiate the data (i.e.) the classified information – Private / Confidential & Public data Device Control Works on the device level again to either allow or disallow the drive Access Control & RMS Works based on rights / privileges enabled for user / IP or User Intervention is required Email Encryption Works based on user / domain as per policy DLP Works on the Classified Information to enable
18 Solution Decision Making  Adopt solution which is easy to understand and implement  DLP solution deployment should not call for architectural / design / product changes for existing services like email & web rather it should integrate seamlessly with minimum or no changes  Proper Categorization of vanilla DLP policy based on Industries & Countries  Solution should be scalable & reliable from architecture standpoint  Support for multitude of systems used in the Corporate environment  Easy and straight-forward integration should be possible with existing internal systems (Directory Services, Monitoring Services & SIEM etc)  Vendor support & good Roadmap / vision is the key  Availability of Reliable Partner for the vendor in the local country with good deployment and process experience in rolling out DLP
19 Approach & Methodology  Act on all the Outcome coming from analysis  Initiate work on long term strategy  Enable custom policy as per requirement  Fine tune policy  Make Deployment inline  Expand the coverage and footprint  Repeat entire cycle (Continuous Process)  Establish Policy, Process & Procedure  Review Identified & Classified Data  Establish Infrastructure  Enable shortlisted default policy to create visibility  Deploy DLP for identified channel  Role Segregation  Enable Console Access for different stakeholder to create impact  Enable Incident Monitoring & Response  Delivery weekly & monthly report for management & stakeholder visibility  Establish Governance  Initiation  Establish Objective & goals (short & long term)  Plan Infrastructure  Establish Design  Identify Matching Default Policies  Identify Critical Channels  Stakeholder Analysis  Communicate  Awareness & Training  Define Ownership  Establish Procedure for Critical Data Identification & Classification  List Actions to be performed  Analysis whether Data classification procedure is being followed  Analysis the need for more trainings  Analysis the visibility created by default policy  Analysis effectiveness of existing policy enabled  Check whether short term goal is met and analysis triggering of strategy for long term goal  Analysis stakeholder involvement & support obtained  Decide whether enabling protection or inline mode can be done DLP Approach
20 Critical Success Factor  IT is a facilitator and not the business data owner of the DLP project  DLP Project Success is directly proportionate to business user involvement, buy in, contribution and approvals  Enable DLP in Monitor mode First & then Block Later based on monitoring outcome  Understand Data Classification & Policy Definition is not an one time exercise. Repeat PDCA principle (Plan, Do, Check & Act) on a defined periodicity  Realize that DLP can not eliminate security breaches but helps reduce the risk by detecting and preventing incidents
21 Project Outcome  All Critical Channels like web, email & mobile devices are being covered & monitored  Data movement within Organization is getting tracked better  365*24*7 monitoring in place to handle high / medium severity incidents reported in DLP  Awareness among Employees Improved and this resulted in improved compliance & reduction in data related incidents  Happy Customers & Auditors
22 Key Learning’s  DLP Approach should be chosen based on the Culture of the Organization  Establishing frequent connects with stakeholders & employees is the key to success  Enabling visibility for Business stakeholders resulted in quicker adoption  DLP Journey will not be an One Time exercise / project rather it will be ongoing process / operation to be strictly followed & adhered by all stakeholders  Establishing an Governance Organization dedicated to DLP Journey helped in driving & communicating change to wow’s
Understanding of Technology Architecture and Solutions for Data Security. Maheswaran.S, Manager, Sales Engineering, SAARC
24 Data Security Technologies Data Security DRMDLP GRC/SOC Access Control EncryptionFAM
25 Data Types & DLP Approach Source : www.oxford-consulting.com
DLP – Key Capabilities
Identification Methods 27 Described RegisteredDescribed RegisteredLearned
Image Detection • Detects Sensitive Text within Images – Screen captures – Scanned checks – Scanned receipts – Applications which has image outputs – Fax pages – etc.
Data Drip Detection Detects multiple instances of small data leaks over time John Doe Joe Smith 3:01 PM Customer Information Joe, Here is a customer information: John Doe Joe Smith 3:14 PM Customer Information Joe, Here is a customer information: John Doe Joe Smith 3:17 PM Customer Information Joe, Here is a customer information: John Doe Joe Smith 4:45 PM Customer Information Joe, Here is a customer information: Mike McDonald CCN: 1111-2222-3333-4444 John Doe Joe Smith 4:50 PM Re: Customer Information Joe, Here is another customer information: Jane Brown CCN: 1234-2345-3456-4567 John Doe Joe Smith 3:01 PM Customer Information Joe, Here is a customer information: Low Impact Incident High Impact Event Within 2 Hours
Data in Motion – Network DLP 30 • Look - Don’t Touch • See’s unencrypted Outbound Traffic Port-Span • Look AND Touch • Proxy for Web & FTP • MTA for Email • ActiveSync for Mobile In-Line • Network Printers Agent
Channel Detection and Response 31 Network DLP Web Audit *Block Alert Notify Email Audit Block Quarantine Encrypt Alert Notify FTP Audit Block Alert Notify Network Printer Audit Block Alert Notify Active Sync Audit Block Alert Notify IM & Custom Channels Audit Block Alert Notify RESPONSE OPTIONS BY CHANNEL
SSL Decryption 32 SSL Dynamic Content Control Dynamic Threat Protection S S L Web Security DLP 39 percent of malicious Web attacks included data-stealing code
Data in Use - Endpoint DLP Channels USB Drives Local Printer LAN Storage Internet Print Server Network Printer 2 Network Printer 1 Removable Media Applications
Detection and Response 34 Endpoint DLP Applications Permit Confirm Block Email Quarantine Alert Notify Removable Media Permit Confirm Block Encrypt to USB Alert Notify Storage Alert/Log Scripts - Encrypt - Tombsto Quarantin - EDRM RESPONSE OPTIONS
Data at Rest - Discovery 35 - Network-based Discovery - Conducted over LAN/WAN - Manage by Schedule and/or bandwidth - Leverage VM’s as Multipliers - Perform Discovery Locally - Fastest Discovery - Manage by Schedule, CPU Utilization, Power Supply - The Best of Both Worlds - Leverage any combination Agentless Agent Hybrid
Advanced Remediation Capabilities Discovery • Remediation Scripts – Several predefined scripts available – Customizable for highest flexibility • Common Remediation Action ** Requires 3rd Party Move/Quarantine Encrypt** Classification Tag (Microsoft FCI) Apply EDRM** Purge/Delet e
DLP - Management & Reporting
Business Intelligent Policy Framework Who Human Resources Customer Service Finance Accounting Legal Sales Marketing Technical Support Engineering What Source Code Business Plans M&A Plans Employee Salary Patient Information Financial Statements Customer Records Technical Documentation Competitive Information Where Benefits Provider Personal Web Storage Blog Customer USB Spyware Site Business Partner Competitor Analyst How File Transfer Instant Messaging Peer-to-Peer Print Email Web Audit Notify Remove Quarantine Encrypt Block Removable Media Copy/Paste Print Screen Action Confirm
Enforce Policy by Geo Location
Email-based Incident Workflow • Options to Click within the email notification to: – change severity – escalate – assign – ignore – etc.
Demonstrating Risk Reduction 41 Web Email FTP IM Network Printing Jan 200 150 50 10 45 Feb 100 100 15 5 30 Mar 60 76 5 2 15 90-Day Risk Reduction 70% 49% 90% 80% 67% 60 76 5 2 15 100 100 15 5 30 200 150 50 10 45 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% LikelihoodofDataLoss 90-Day (High Impact) Risk Reduction
Incident Management & Reporting Dashboards 42 The following are samples of our weekly and monthly dashboards on incident management.
Thank You
Questions and Answers 44

More Related Content

PDF
Privacy-ready Data Protection Program Implementation
byEryk Budi Pratama
 
PPTX
Data Loss Prevention from Symantec
byArrow ECS UK
 
PPTX
Data Loss Prevention
byReza Kopaee
 
PDF
DLP Data leak prevention
byAriel Evans
 
PDF
DLP Executive Overview
byKim Jensen
 
PDF
Overview of Data Loss Prevention (DLP) Technology
byLiwei Ren任力偉
 
PPT
Data loss prevention (dlp)
byHussein Al-Sanabani
 
PDF
CIPPE_SampleQuestions_v6.0.pdf
byDusanPavlovic12
 
Privacy-ready Data Protection Program Implementation
byEryk Budi Pratama
 
Data Loss Prevention from Symantec
byArrow ECS UK
 
Data Loss Prevention
byReza Kopaee
 
DLP Data leak prevention
byAriel Evans
 
DLP Executive Overview
byKim Jensen
 
Overview of Data Loss Prevention (DLP) Technology
byLiwei Ren任力偉
 
Data loss prevention (dlp)
byHussein Al-Sanabani
 
CIPPE_SampleQuestions_v6.0.pdf
byDusanPavlovic12
 

What's hot

PDF
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
byEryk Budi Pratama
 
PDF
Common Practice in Data Privacy Program Management
byEryk Budi Pratama
 
PDF
Best Practices for Implementing Data Loss Prevention (DLP)
bySarfaraz Chougule
 
PDF
IT Governance - Governing IT: Do or Die?
byEryk Budi Pratama
 
PPTX
PPT-Security-for-Management.pptx
byRSAArcher
 
PDF
Introducing Data Loss Prevention 14
bySymantec
 
PDF
How to use ChatGPT for an ISMS implementation.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
An Overview of GDPR
byThe Pathway Group
 
PDF
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
GDPR: Training Materials by Qualsys
byQualsys Ltd
 
PPTX
Privacy & Data Protection
bysp_krishna
 
PDF
Cyber Defense Automation
by♟Sergej Epp
 
PDF
ISO 27001 How to accelerate the implementation.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
Information Security Governance and Strategy
byDam Frank
 
PPSX
Security Awareness Training
byWilliam Mann
 
DOCX
Symantec Data Loss Prevention - Technical Proposal (General)
byIftikhar Ali Iqbal
 
PPTX
ISO 27001 - information security user awareness training presentation - Part 1
byTanmay Shinde
 
PDF
Symantec Data Loss Prevention 11
bySymantec
 
PDF
DLP Systems: Models, Architecture and Algorithms
byLiwei Ren任力偉
 
PDF
Information Security Strategic Management
byMarcelo Martins
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
byEryk Budi Pratama
 
Common Practice in Data Privacy Program Management
byEryk Budi Pratama
 
Best Practices for Implementing Data Loss Prevention (DLP)
bySarfaraz Chougule
 
IT Governance - Governing IT: Do or Die?
byEryk Budi Pratama
 
PPT-Security-for-Management.pptx
byRSAArcher
 
Introducing Data Loss Prevention 14
bySymantec
 
How to use ChatGPT for an ISMS implementation.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
An Overview of GDPR
byThe Pathway Group
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
GDPR: Training Materials by Qualsys
byQualsys Ltd
 
Privacy & Data Protection
bysp_krishna
 
Cyber Defense Automation
by♟Sergej Epp
 
ISO 27001 How to accelerate the implementation.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Information Security Governance and Strategy
byDam Frank
 
Security Awareness Training
byWilliam Mann
 
Symantec Data Loss Prevention - Technical Proposal (General)
byIftikhar Ali Iqbal
 
ISO 27001 - information security user awareness training presentation - Part 1
byTanmay Shinde
 
Symantec Data Loss Prevention 11
bySymantec
 
DLP Systems: Models, Architecture and Algorithms
byLiwei Ren任力偉
 
Information Security Strategic Management
byMarcelo Martins
 

Similar to Ciso round table on effective implementation of dlp & data security

PPT
Shariyaz abdeen data leakage prevention presentation
byShariyaz Abdeen
 
PPTX
Data Security Explained
byHappiest Minds Technologies
 
PDF
The Definitive Guide to Data Loss Prevention
byDigital Guardian
 
PDF
trellix-dlp-buyers-guide.pdf
byLaLaBlaGhvgT
 
PPT
Data Privacy - What the CIO and CISO know
byKemalKacapor1
 
PPTX
The CISO’s Guide to Data Loss Prevention
byDigital Guardian
 
PPTX
Top learnings from evaluating and implementing a DLP Solution
byPriyanka Aash
 
PPT
410261617-DLP-ppt-colegio-coliseo-peru.ppt
byJuanAlvarez415405
 
PDF
Understanding Data Loss Prevention
byRaid Data Recovery
 
PDF
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
byIRJET Journal
 
PDF
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
bySymantec
 
PPTX
626 Information leakage and Data Loss Prevention Tools
bySplitty
 
PDF
05.05.2021-webinar-presentation-experts-series-How-to-Switch-to-a-Better-DLP.pdf
byngvson
 
PDF
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
bySymantec
 
PPT
2009 iapp-the corpprivacydeptmar13-2009
byasundaram1
 
PPT
Information Leakage - A knowledge Based Approach
byGlobal Business Events - the Heart of your Network.
 
PPTX
Data Security: Why You Need Data Loss Prevention & How to Justify It
byMarc Crudgington, MBA
 
PPTX
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
byAndris Soroka
 
PDF
2010 za con_stephen_kreusch
byJohan Klerk
 
PDF
ISSA DLP Presentation - Oxford Consulting Group
byaengelbert
 
Shariyaz abdeen data leakage prevention presentation
byShariyaz Abdeen
 
Data Security Explained
byHappiest Minds Technologies
 
The Definitive Guide to Data Loss Prevention
byDigital Guardian
 
trellix-dlp-buyers-guide.pdf
byLaLaBlaGhvgT
 
Data Privacy - What the CIO and CISO know
byKemalKacapor1
 
The CISO’s Guide to Data Loss Prevention
byDigital Guardian
 
Top learnings from evaluating and implementing a DLP Solution
byPriyanka Aash
 
410261617-DLP-ppt-colegio-coliseo-peru.ppt
byJuanAlvarez415405
 
Understanding Data Loss Prevention
byRaid Data Recovery
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
byIRJET Journal
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
bySymantec
 
626 Information leakage and Data Loss Prevention Tools
bySplitty
 
05.05.2021-webinar-presentation-experts-series-How-to-Switch-to-a-Better-DLP.pdf
byngvson
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
bySymantec
 
2009 iapp-the corpprivacydeptmar13-2009
byasundaram1
 
Information Leakage - A knowledge Based Approach
byGlobal Business Events - the Heart of your Network.
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
byMarc Crudgington, MBA
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
byAndris Soroka
 
2010 za con_stephen_kreusch
byJohan Klerk
 
ISSA DLP Presentation - Oxford Consulting Group
byaengelbert
 

More from Priyanka Aash

PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
PDF
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
PDF
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
PDF
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
PDF
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
PDF
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
PDF
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
PDF
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
PDF
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
PDF
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
PDF
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
PDF
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
PDF
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
PDF
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
PDF
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
PDF
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
PDF
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 

Ciso round table on effective implementation of dlp & data security

  • 1.
  • 2.
    ©2013, Cognizant |All rights reserved. The information contained herein is subject to change without notice. Venkatasubramanian Ramakrishnan Director- Global Information Security Cognizant Technology Solutions Information Security and Data Protection Strategy
  • 3.
    | ©2013, Cognizant2 Contents 2Inflection Point 3 Key Disrupting Factors 4 Role of Information Security Function 5 Data Security Strategy 6 Key Points 7 Big Picture 8 Threat Modeling 9 Sample Threat Modeling
  • 4.
  • 5.
    | ©2013, Cognizant4 KeyDisrupting Factors 1.Greater Business Partner Responsibility for Technology Projects 2.Workplace of the Future 3.Sharper Executive Focus on Risk Management 4.Core Responsibility Overlap with the Legal Function 5.Sophistication of External Threat Vectors
  • 6.
    | ©2013, Cognizant5 Roleof Information Security Function 2000-2004 2005-2012 2012 & Beyond Control Owner Decision Owner Decision Facilitator RiskManagementPhilosophy
  • 7.
    | ©2013, Cognizant6 DataSecurity Strategy
  • 8.
    | ©2013, Cognizant7 KeyPoints 1.New Era requires information security system design with a counter-intelligence mind set! 2.Competitive economic pressures and national security issues drive various entities to seek information and Intellectual Property 3.Counterintelligence awareness of the security leaders is the first step to improve the protection of proprietary information
  • 9.
    | ©2013, Cognizant8 BigPicture T H R E A T S BUSINESS MODEL Strategy, people, process, technology and infrastructure in place to drive towards objectives OPPORTUNITIES OBJECTIVES strategic, operational , customer, compliance objectivesOPPORTUNITIES MANDATORY BOUNDARY (laws, government regulations and other mandates) VOLUNTARY BOUNDARY (organizational values, contractual obligations, internal policies and other promises )
  • 10.
    | ©2013, Cognizant9 ThreatModeling Capabilities Competition Strategic Plans Political, Economic & Social Forces Markets Customers Technology Developments Industry Structure Competitive intelligence Collectors Terrorists “Ethically Flexible” Employees Critical Elements of Business Intelligence State Sponsored Attack Resource Poaching Threats Economic or Industrial Espionage Monitor External Environment • Monitor social media for any chatter on new methods or targets of attacks. • Engage in peer conversations to share knowledge and stay up-to-date on threat vectors, new techniques, known bad IP addresses, etc. • Understand what kinds of activities and news reports are likely to increase the chances of an incident.
  • 11.
    | ©2013, Cognizant10 SampleThreat Modeling List of data or information that may be under threat Who may want it How motivated are they to get it (Ask these questions) Priority for Incident Response Planning (Determined by the previous three factors) Client credit card numbers Hacker-thieves Etc. What kind of clients do you have? Etc. Low/Med/High Intellectual property data Competitors Foreign governments interested in a particular IP or technology Etc. Will this IP significantly alter the market share landscape on the industry? Is the IP capable of providing extensive competitive advantage? Are there ideological reasons for stealing such information? Etc. Low/Med/High Manage Potential Threats • Determine what assets, data, information, etc. the organization owns that may be of particular interest to attackers. Also determine how important this information or data is to the business. • Determine who may want such information, how sophisticated they are, and what channels they may use to attempt to cause an incident. • Determine how motivated potential attackers may be.
  • 12.
    ©2013, Cognizant |All rights reserved. The information contained herein is subject to change without notice. Thank you
  • 13.
  • 14.
    13 Agenda  Enterprise –Growing Challenges  Business Drivers for DLP  DLP Specific Challenges & Misnomer  Solution Decision Making  Approaches / Solutions to solve Data Security Challenges  Approach & Methodology  Critical Success Factor  Project Outcome  Key Learning’s
  • 15.
    14 Enterprise - GrowingChallenges  Growing Employee base and across locations  Enabling Employee friendly environment to keep them motivated & achieve work-life balance  Governed by different regulations and compliance requirement  Data Residing in multiple locations  Multiple Stakeholders Involved & lack of understanding  Everyone thinks all their data is critical and important (not so important)  Evolving Dynamic threat landscape (Government agencies, Fortune 100 companies, Enterprises are being constantly targeted & some of them successful too)  Outsourcing & its related discrete requirements / commitments  Growing adoption of public cloud / infrastructure / networks
  • 16.
    15 Drivers Why itmatters? Business Confidentiality Regulatory Compliance Business Drivers for DLP  To comply with Regulatory and Compliance requirements  Avoid penalties for non-compliance  Prevent data breaches / infiltration  Protect business interests, including customer confidence  Protect Company & Customer IPR  Protect Brand Value
  • 17.
    16 DLP Specific Challenges& Misnomer  “All” our data is critical and confidential  IT department should be able to identify and classify critical business information  Lets fingerprint all our data  Lets configure DLP to protect all data  Lets block all sensitive information from going out and allow information transfer only on senior management approvals  We have defined 200 policies but the DLP solution is not raising any meaningful alerts
  • 18.
    17 Approaches to solveData Security Challenges  There are multiple solutions available in the market to address the Data Security requirement and most of them work in complementary fashion to one another.  DLP solution to be adopted to address the missing piece / gap created in other data security solutions as highlighted below. Solutions Area it Covers Missing Piece Full Disk Encryption Works on the Disk level to encrypt the drive All these solutions cannot differentiate the data (i.e.) the classified information – Private / Confidential & Public data Device Control Works on the device level again to either allow or disallow the drive Access Control & RMS Works based on rights / privileges enabled for user / IP or User Intervention is required Email Encryption Works based on user / domain as per policy DLP Works on the Classified Information to enable
  • 19.
    18 Solution Decision Making Adopt solution which is easy to understand and implement  DLP solution deployment should not call for architectural / design / product changes for existing services like email & web rather it should integrate seamlessly with minimum or no changes  Proper Categorization of vanilla DLP policy based on Industries & Countries  Solution should be scalable & reliable from architecture standpoint  Support for multitude of systems used in the Corporate environment  Easy and straight-forward integration should be possible with existing internal systems (Directory Services, Monitoring Services & SIEM etc)  Vendor support & good Roadmap / vision is the key  Availability of Reliable Partner for the vendor in the local country with good deployment and process experience in rolling out DLP
  • 20.
    19 Approach & Methodology Act on all the Outcome coming from analysis  Initiate work on long term strategy  Enable custom policy as per requirement  Fine tune policy  Make Deployment inline  Expand the coverage and footprint  Repeat entire cycle (Continuous Process)  Establish Policy, Process & Procedure  Review Identified & Classified Data  Establish Infrastructure  Enable shortlisted default policy to create visibility  Deploy DLP for identified channel  Role Segregation  Enable Console Access for different stakeholder to create impact  Enable Incident Monitoring & Response  Delivery weekly & monthly report for management & stakeholder visibility  Establish Governance  Initiation  Establish Objective & goals (short & long term)  Plan Infrastructure  Establish Design  Identify Matching Default Policies  Identify Critical Channels  Stakeholder Analysis  Communicate  Awareness & Training  Define Ownership  Establish Procedure for Critical Data Identification & Classification  List Actions to be performed  Analysis whether Data classification procedure is being followed  Analysis the need for more trainings  Analysis the visibility created by default policy  Analysis effectiveness of existing policy enabled  Check whether short term goal is met and analysis triggering of strategy for long term goal  Analysis stakeholder involvement & support obtained  Decide whether enabling protection or inline mode can be done DLP Approach
  • 21.
    20 Critical Success Factor IT is a facilitator and not the business data owner of the DLP project  DLP Project Success is directly proportionate to business user involvement, buy in, contribution and approvals  Enable DLP in Monitor mode First & then Block Later based on monitoring outcome  Understand Data Classification & Policy Definition is not an one time exercise. Repeat PDCA principle (Plan, Do, Check & Act) on a defined periodicity  Realize that DLP can not eliminate security breaches but helps reduce the risk by detecting and preventing incidents
  • 22.
    21 Project Outcome  AllCritical Channels like web, email & mobile devices are being covered & monitored  Data movement within Organization is getting tracked better  365*24*7 monitoring in place to handle high / medium severity incidents reported in DLP  Awareness among Employees Improved and this resulted in improved compliance & reduction in data related incidents  Happy Customers & Auditors
  • 23.
    22 Key Learning’s  DLPApproach should be chosen based on the Culture of the Organization  Establishing frequent connects with stakeholders & employees is the key to success  Enabling visibility for Business stakeholders resulted in quicker adoption  DLP Journey will not be an One Time exercise / project rather it will be ongoing process / operation to be strictly followed & adhered by all stakeholders  Establishing an Governance Organization dedicated to DLP Journey helped in driving & communicating change to wow’s
  • 24.
    Understanding of TechnologyArchitecture and Solutions for Data Security. Maheswaran.S, Manager, Sales Engineering, SAARC
  • 25.
    24 Data Security Technologies Data Security DRMDLPGRC/SOC Access Control EncryptionFAM
  • 26.
    25 Data Types &DLP Approach Source : www.oxford-consulting.com
  • 27.
    DLP – KeyCapabilities
  • 28.
  • 29.
    Image Detection • DetectsSensitive Text within Images – Screen captures – Scanned checks – Scanned receipts – Applications which has image outputs – Fax pages – etc.
  • 30.
    Data Drip Detection Detectsmultiple instances of small data leaks over time John Doe Joe Smith 3:01 PM Customer Information Joe, Here is a customer information: John Doe Joe Smith 3:14 PM Customer Information Joe, Here is a customer information: John Doe Joe Smith 3:17 PM Customer Information Joe, Here is a customer information: John Doe Joe Smith 4:45 PM Customer Information Joe, Here is a customer information: Mike McDonald CCN: 1111-2222-3333-4444 John Doe Joe Smith 4:50 PM Re: Customer Information Joe, Here is another customer information: Jane Brown CCN: 1234-2345-3456-4567 John Doe Joe Smith 3:01 PM Customer Information Joe, Here is a customer information: Low Impact Incident High Impact Event Within 2 Hours
  • 31.
    Data in Motion– Network DLP 30 • Look - Don’t Touch • See’s unencrypted Outbound Traffic Port-Span • Look AND Touch • Proxy for Web & FTP • MTA for Email • ActiveSync for Mobile In-Line • Network Printers Agent
  • 32.
    Channel Detection andResponse 31 Network DLP Web Audit *Block Alert Notify Email Audit Block Quarantine Encrypt Alert Notify FTP Audit Block Alert Notify Network Printer Audit Block Alert Notify Active Sync Audit Block Alert Notify IM & Custom Channels Audit Block Alert Notify RESPONSE OPTIONS BY CHANNEL
  • 33.
  • 34.
    Data in Use- Endpoint DLP Channels USB Drives Local Printer LAN Storage Internet Print Server Network Printer 2 Network Printer 1 Removable Media Applications
  • 35.
    Detection and Response 34 EndpointDLP Applications Permit Confirm Block Email Quarantine Alert Notify Removable Media Permit Confirm Block Encrypt to USB Alert Notify Storage Alert/Log Scripts - Encrypt - Tombsto Quarantin - EDRM RESPONSE OPTIONS
  • 36.
    Data at Rest- Discovery 35 - Network-based Discovery - Conducted over LAN/WAN - Manage by Schedule and/or bandwidth - Leverage VM’s as Multipliers - Perform Discovery Locally - Fastest Discovery - Manage by Schedule, CPU Utilization, Power Supply - The Best of Both Worlds - Leverage any combination Agentless Agent Hybrid
  • 37.
    Advanced Remediation Capabilities Discovery •Remediation Scripts – Several predefined scripts available – Customizable for highest flexibility • Common Remediation Action ** Requires 3rd Party Move/Quarantine Encrypt** Classification Tag (Microsoft FCI) Apply EDRM** Purge/Delet e
  • 38.
    DLP - Management& Reporting
  • 39.
    Business Intelligent PolicyFramework Who Human Resources Customer Service Finance Accounting Legal Sales Marketing Technical Support Engineering What Source Code Business Plans M&A Plans Employee Salary Patient Information Financial Statements Customer Records Technical Documentation Competitive Information Where Benefits Provider Personal Web Storage Blog Customer USB Spyware Site Business Partner Competitor Analyst How File Transfer Instant Messaging Peer-to-Peer Print Email Web Audit Notify Remove Quarantine Encrypt Block Removable Media Copy/Paste Print Screen Action Confirm
  • 40.
    Enforce Policy byGeo Location
  • 41.
    Email-based Incident Workflow •Options to Click within the email notification to: – change severity – escalate – assign – ignore – etc.
  • 42.
    Demonstrating Risk Reduction 41 WebEmail FTP IM Network Printing Jan 200 150 50 10 45 Feb 100 100 15 5 30 Mar 60 76 5 2 15 90-Day Risk Reduction 70% 49% 90% 80% 67% 60 76 5 2 15 100 100 15 5 30 200 150 50 10 45 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% LikelihoodofDataLoss 90-Day (High Impact) Risk Reduction
  • 43.
    Incident Management &Reporting Dashboards 42 The following are samples of our weekly and monthly dashboards on incident management.
  • 44.
  • 45.

Editor's Notes

  • #15 Regulations & Compliance - (PCI-DSS, ISO 27001, HIPAA, SOX, Data Privacy Act, IT Act, GLBA etc), Data stored in multiple location – (Desktops/Laptops/Servers/DB/Web/Cloud etc). Names of Company who have been hacked in recent past - Google / RSA / Twitter / Facebook Hack etcAdoption of SAAS / PAAS business models / offerings
  • #17 DLP should take care of incoming data transfers too
  • #19 Regular release of default policies in a defined frequency, Reporting & Logging should be quick, reliable etc as forensic information to be captured and retained will be huge based on the logging & retention policy of the Organization, Support for Windows, Unix & Mac systems
  • #20 Approach 1: Think, Plan & Try BIG (Big Bang Approach  Fails in most of the cases as every stakeholder has their own priority, project & business to deal with and maybe this will be successful in Process Centric Organization) Approach 2: Think BIG, Plan smaller action’s to create visibility, to make stakeholders understand the business impact & to commit & then drive faster adoption (This will work in almost all Enterprises)
  • #21 The 80:20 principle
  • #25 Most customers looks at DLP project as a large black box that you trough everything on it (Data Classification, Access management, Encryption, Discovery, DRM) and hope for the best – problem is that this leads to a massive investment, on infrastructure, resources, planning and they don’t see results in a long time – when Executive asking for the results the answer is usually “this is still in process”Websense suggests a different approach where we recommend our customers to build small boxes (Box have 3 dimensions : Channel , Data, Business unit/region) – if the customer starts with focus target, let say Financial data over email coming from the corporate They will see quick results , reason is that this is manageable , focused and will show quick ROI Results will also create appetite to other business units to get into to project
  • #30 Most DLP solution can alert administrators if a specified type of sensitive information reaches a predefined threshold of data transmission. For example, any transmission which is suspected of having more than 5 credit card numbers could alert the administrator. However, most DLP solutions cannot support a similar scenario of policy violation; 5 or more transmissions with each transmission containing a single credit card number.Smart Detection feature enables administrators to define policies that span multiple incidents over a specified period of time. As the graphics shows, 5 email from the same user throughout the course of a day, with each email containing credit card information can alert the administrator as possible violation.Websense is the only vendor providing this level of sophistication.
  • #34 While many focus on USB drives when it comes to endpoint protection, there are several other channels of possible data loss.
  • #37 For discovery, there are several remediation actions available. Actions such as tombstone (delete file and leave a note indicating its been deleted), ransom note (indicating where/how to get the file) as well as encryption and application of electronic digital rights management are supported.With remediation action for discovery, we support custom scripts enabling high flexibility to meet specific customer requirements.
  • #39 Comprehensive data security is multi-faceted. Despite some misnomers of focusing primarily on the data itself, a comprehensive solution must address the entire flow of data.First, you must understand who should have access to particular data.Second, the data itself must be well identified.Third, the valid location of where such data can reside must be defined.How such data can and cannot be transmitted must be then defined.Finally, all the previous steps are all for nought unless you can granularly control the action associated with each scenario.As you can see, comprehensive data security must consider various factors requiring simple and unified management. Websense is the only vendor offering Unified Policy Design covering all facets of data security.