Transcript Building a Security Program that Protects an Organization`s

BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION’S MOST CRITICAL ASSETS
BEW GLOBAL’S DLP EXPERTISE
•
Global Support in 130 countries
•
Completed 500+ Assessments
•
Manage DLP Solutions in 22 Countries
•
•
Daily Management of 1,000,000+ Users
Localized Chinese DLP Practice
(2011)
•
Deployed 400+ DLP Projects
•
1st Managed DLP Services Provider
(2008)
VENDOR RECOGNITIONS
•
Symantec Master Specialization DLP
Partner
•
RSA’s Only Authorized Managed DLP
Partner
•
Websense Certified TRITONs – More
than any other partner, 10 Olympians
& 5 Gladiators
BEW GLOBAL SERVICES
BEW GLOBAL’S CORE DIFFERENTIATORS
•
Methodology based on the cornerstones of ISO Plan-Do-Check-Act
•
Leverage our proven Quality Management System (QMS) to drive continuous improvement
•
Reduce risk and increase operational efficiencies
SECURITY CONTINUUM
BEW GLOBAL’S PROVEN APPROACH
BEW Global works in cooperation with customers to plan, implement and maintain a Critical
Asset Protection Program (CAPP) that clearly defines what assets are deemed most important
to the customer organization based on revenue, income, reputation and core operational impact..
REALISTIC SCOPE, MEASUREABLE RESULTS
Through a comprehensive interview and information gathering process, BEW Global works
with the customer to develop a realistic Critical Asset Protection Program (CAPP) scope
that defines the assets as well as the core attributes of those assets in regards creation,
storage, usage and transmission.
CONTENT TYPES
USE CASE: DLP PRE-PROJECT STATE
Organization Overview:
Manufacturing firm of 30,000 employees operating in 50 countries globally
DLP Scope:
Protection of Intellectual Property (General)
DLP Primary Issue:
Lack of staff and buy-in from business owners who handle critical assets
Application Management:
Most information security tools operated and “managed” by IT or networks
Policy Governance:
No internal resources with any experience with DLP policy construction
Incident Triage:
Lean staff of Infosec staff already buried by SIEM and other tools output
Event Management:
Informal event management process with little feedback to the business
Reporting and Metrics:
Zero customized reports. Very little business analysis provided
Status:
Charged with implementing DLP to protect Critical Assets, specifically product IP
INTELISECURE QUALITY MANAGEMENT SYSTEM
INTELISECURE QUALITY MANAGEMENT SYSTEM
INTELISECURE QUALITY MANAGEMENT SYSTEM
INTELISECURE QUALITY MANAGEMENT SYSTEM
INTELISECURE QUALITY MANAGEMENT SYSTEM
INTELISECURE QUALITY MANAGEMENT SYSTEM
USE CASE: POST-PROJECT STATE
Organization Overview:
Defined specific business units to initiate program
DLP Scope:
Focused on 3 specific product lines linked to highest revenue & earnings
DLP Primary Goal:
Identification of unauthorized movement of specific elements of IP
Application Management:
Operated by a combination of IT, messaging & desktop management teams
Policy Governance:
100% customized policies based on data collected from business unit
Incident Triage:
Daily review of incidents by BEW Global Intelisecure Managed Services team
Event Management:
Incidents meeting severity criteria routed to business unit for investigation
Reporting and Metrics:
Behavioral pattern analysis leading to preventive actions
Status:
R&D teams have high-level of confidence in ability to identify leakage of IP
PITFALL 1: NO PLAN OF ATTACK
PITFALL 2: FAILURE TO ENGAGE THE BUSINESS
5 Pieces of DLP Advice You Can’t
Afford to Ignore
17
PITFALL 3: INADEQUATELY TRAINED RESOURCES
5 Pieces of DLP Advice You Can’t
Afford to Ignore
18
DATA LOSS PROTECTION PITFALLS:
M i s s i n g t h e Ta r g e t – F a l s e S e n s e o f S e c u r i t y
Mis-configured Tap
or Port Span
Problem
Missing segments of
network traffic or protocols
Solution
Comprehensive test plan
that maps to in scope
business processes and
related data types
transmitted from various
network locations to
ensure all relevant data
streams are being
captured.
Encryption – The
Masked Data
Problem
Analysis of data DID NOT
take place prior to
encryption.
Solution
Comprehensive test plan
that proves ALL DLP data
assessment takes place
prior to the gateway
encryption & implement
managed “test” DLP
policies that identify
encrypted transmissions
as part of the test plan.
Misfire of Network
Discovery Scans
Network versus
Endpoint Discovery
Problem
Locations of sensitive
data never targeted by
the organization for
scanning due to lack of
an effective policy
governance process.
Problem
Running DAR scans
using a combo of
network & endpoint
without thinking about
which policy types &
detection methods are
not the same.
Solution
Identify potential data
stores by discussing the
DLP program with staff
to understand process.
Solution
Prior to acquiring DLP
solution, have an
understanding of the
data types that make up
your target environment
& then, decide on
scanning method.
.
DATA LOSS PROTECTION PITFALLS:
T h e P a n d o r a ’s B o x o f D L P
Environment
Assessment
Staying in
Contact
User Performance
Impacts
Network/System
Performance Impacts
• Problem
No rigorous endpoint
environment
assessment prior to the
selection of the
application &
enablement.
• Problem
Failure to monitor
endpoint population &
their frequency of
“checking-in” to the
management server
with validated results.
• Problem
Implementing same
policies for network
based & endpoint
assessments without
testing or modification.
• Problem
Failure to calculate &
measure the impact of
endpoint policy traffic
across wide & local
area network
connections.
• Solution
Address age of
environment,
performance
capabilities, technical &
human issues, & load
of applications, in
conjunction with
education on the DLP
endpoints.
• Solution
Phased deployment of
endpoint with
validation via test plan
on initial success of
ALL agents & ongoing endpoint agent
health reports.
• Solution
Utilize a
comprehensive test
plan outlining specific
metrics (time to open
files, open/send
emails, open
applications) prior to
deployment.
• Solution
Thorough assessment
of endpoint policies
that addresses all of
the concerns including
policy design
requirements, timing,
frequency & delivery
methods.
CLIENTS INCLUDE
BEW GLOBAL IS THE CHOICE OF MARKET LEADERS
HEALTHCARE
UNIVERSITIES
FINANCE
INSURANCE
TOP 50
CLIENTS INCLUDE
BEW GLOBAL IS THE CHOICE OF MARKET LEADERS
MANUFACTURING
OIL & GAS
RETAIL/ENTERTAINMENT
Questions?