23
BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION’S MOST CRITICAL ASSETS
BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION’S MOST CRITICAL ASSETS
BEW GLOBAL’S DLP EXPERTISE• Global Support in 130 countries• Manage DLP Solutions in 22 Countries• Daily Management of 1,000,000+ Users• Deployed 400+ DLP Projects
• Completed 500+ Assessments
• Localized Chinese DLP Practice(2011)
• 1st Managed DLP Services Provider (2008)
VENDOR RECOGNITIONS• Symantec Master Specialization DLP
Partner• RSA’s Only Authorized Managed DLP
Partner
• Websense Certified TRITONs – More than any other partner, 10 Olympians & 5 Gladiators
BEW GLOBAL SERVICES
BEW GLOBAL’S CORE DIFFERENTIATORS• Methodology based on the cornerstones of ISO Plan-Do-Check-Act • Leverage our proven Quality Management System (QMS) to drive continuous improvement • Reduce risk and increase operational efficiencies
SECURITY CONTINUUM
BEW Global works in cooperation with customers to plan, implement and maintain a Critical Asset Protection Program (CAPP) that clearly defines what assets are deemed most important to the customer organization based on revenue, income, reputation and core operational impact..
BEW GLOBAL’S PROVEN APPROACH
REALISTIC SCOPE, MEASUREABLE RESULTS
Through a comprehensive interview and information gathering process, BEW Global works with the customer to develop a realistic Critical Asset Protection Program (CAPP) scope that defines the assets as well as the core attributes of those assets in regards creation, storage, usage and transmission.
CONTENT TYPES
USE CASE: DLP PRE-PROJECT STATE
Organization Overview: Manufacturing firm of 30,000 employees operating in 50 countries globally
DLP Scope: Protection of Intellectual Property (General)
DLP Primary Issue: Lack of staff and buy-in from business owners who handle critical assets
Application Management: Most information security tools operated and “managed” by IT or networks
Policy Governance: No internal resources with any experience with DLP policy construction
Incident Triage: Lean staff of Infosec staff already buried by SIEM and other tools output
Event Management: Informal event management process with little feedback to the business
Reporting and Metrics: Zero customized reports. Very little business analysis provided
Status: Charged with implementing DLP to protect Critical Assets, specifically product IP
INTELISECURE QUALITY MANAGEMENT SYSTEM
INTELISECURE QUALITY MANAGEMENT SYSTEM
INTELISECURE QUALITY MANAGEMENT SYSTEM
INTELISECURE QUALITY MANAGEMENT SYSTEM
INTELISECURE QUALITY MANAGEMENT SYSTEM
INTELISECURE QUALITY MANAGEMENT SYSTEM
USE CASE: POST-PROJECT STATE Organization Overview: Defined specific business units to initiate program
DLP Scope: Focused on 3 specific product lines linked to highest revenue & earnings
DLP Primary Goal: Identification of unauthorized movement of specific elements of IP
Application Management: Operated by a combination of IT, messaging & desktop management teams
Policy Governance: 100% customized policies based on data collected from business unit
Incident Triage: Daily review of incidents by BEW Global Intelisecure Managed Services team
Event Management: Incidents meeting severity criteria routed to business unit for investigation
Reporting and Metrics: Behavioral pattern analysis leading to preventive actions
Status: R&D teams have high-level of confidence in ability to identify leakage of IP
PITFALL 1: NO PLAN OF ATTACK
5 Pieces of DLP Advice You Can’t Afford to Ignore 17
PITFALL 2: FAILURE TO ENGAGE THE BUSINESS
5 Pieces of DLP Advice You Can’t Afford to Ignore 18
PITFALL 3: INADEQUATELY TRAINED RESOURCES
DATA LOSS PROTECTION PITFALLS: Missing the Target – Fa lse Sense o f Secur i ty
Mis-configured Tap or Port Span
ProblemMissing segments of network traffic or protocols
Solution Comprehensive test plan that maps to in scope business processes and related data types transmitted from various network locations to ensure all relevant data streams are being captured.
Encryption – The Masked Data
Problem Analysis of data DID NOT take place prior to encryption.
SolutionComprehensive test plan that proves ALL DLP data assessment takes place prior to the gateway encryption & implement managed “test” DLP policies that identify encrypted transmissions as part of the test plan.
Misfire of Network Discovery Scans
Problem Locations of sensitive data never targeted by the organization for scanning due to lack of an effective policy governance process.
SolutionIdentify potential data stores by discussing the DLP program with staff to understand process.
Network versus Endpoint Discovery
Problem Running DAR scans using a combo of network & endpoint without thinking about which policy types & detection methods are not the same.
SolutionPrior to acquiring DLP solution, have an understanding of the data types that make up your target environment & then, decide on scanning method. .
The Pandora ’s Box o f DLP
Environment Assessment
Staying in Contact
User PerformanceImpacts
Network/System Performance Impacts
• ProblemNo rigorous endpoint environment assessment prior to the selection of the application & enablement.
• SolutionAddress age of environment, performance capabilities, technical & human issues, & load of applications, in conjunction with education on the DLP endpoints.
• Problem Failure to monitor endpoint population & their frequency of “checking-in” to the management server with validated results.
• SolutionPhased deployment of endpoint with validation via test plan on initial success of ALL agents & on-going endpoint agent health reports.
• Problem Implementing same policies for network based & endpoint assessments without testing or modification.
• SolutionUtilize a comprehensive test plan outlining specific metrics (time to open files, open/send emails, open applications) prior to deployment.
• Problem Failure to calculate & measure the impact of endpoint policy traffic across wide & local area network connections.
• SolutionThorough assessment of endpoint policies that addresses all of the concerns including policy design requirements, timing, frequency & delivery methods.
DATA LOSS PROTECTION PITFALLS:
BEW GLOBAL IS THE CHOICE OF MARKET LEADERS
CLIENTS INCLUDE
UNIVERSITIES INSURANCEHEALTHCARE FINANCE
TOP 50
BEW GLOBAL IS THE CHOICE OF MARKET LEADERS
CLIENTS INCLUDE
MANUFACTURING OIL & GAS RETAIL/ENTERTAINMENT
Questions?
