19
www.Seqrite.com 1
| Date post: | 21-Jan-2018 |
| Category: |
Software |
| Upload: | quick-heal-technologies-ltd |
| View: | 193 times |
| Download: | 2 times |
www.Seqrite.com 1
www.Seqrite.com 2
Contents
• Architects of Data Loss (Classification)
• Classification of DATA
• What is Data Loss Prevention (DLP)?
• Why organizations need DLP solution?
• Various Operating systems & channels supported under DLP
• Data Transfer Channels and Data Settings (Exception and DLP License utilization)
• What is Data at Rest and DAR Scan in DLP?
• Case scenarios to identify customer expectations
• Summary
www.Seqrite.com 3
Classification of DATA
Active data stored in non-persistent digital sate- in RAM, CPU caches,registry entries etc.
Stored physically in any digital form - databases, data warehouses, archives,spreadsheets, off-site backups, tapes etc.
Datain use
Data at rest
Data in motion
Data that traverses a network or temporarily reside in computer memory - emails, downloaded files, VPN data sharing etc.
www.Seqrite.com 4
Architects of Data Loss (Classification)
Employees/Insiders who accidentally
lose data.
Employees/Insiders who deliberately
leak data.
Attacker/Outsiders who target
specific silos of data.
www.Seqrite.com 5
Architects of Data Loss- Interesting Facts
59%
of employees steal proprietary corporate data when they quit
or are fired.
80%
of analyzed breaches had a financial motive
60%
reported cases analyzed that
attackers are able to compromise an organization within minutes.
12.7mn
records exposed in 454 data breaches
reported during 2016
80%
4 out of 5 victims
don’t realize they’ve
been attacked for a
week or longer.
www.Seqrite.com 6
Why companies need DLP solution when it comes to data loss?
Employees or insiders are often the cause of deliberate or
accidental data breaches in established industries all around the
world.
The common source of accidental data leakage by employees can be
attributed to the following:
• Employees under-estimates the risks of data leakage
• Employees think that their IT policies are foolproof and secure
• Employees don't actively think about security as an issue
• Employees are not overly concerned with security protocols
• Employees generally neglects the recommended IT policies
www.Seqrite.com 7
What is DLP?
DLP is the methodology to identify and forestall the unauthorized
communication or disclosure of confidential data. In order to
ensure that sensitive information is utilized in its intended
manner, DLP consolidates people, technology and processes.
Reference: Seqrite Whitepaper on DLP
www.Seqrite.com 8
Windows Client and Network OS
Mac OS X 10.6, 10.7, 10.8, 10.9, 10.10
Operating systems Channels Supported
Print ScreenRemovable DevicesNetwork SharedClipboardPrinter ActivityApplication/Online Services.
Various Operating Systems & channels supported under DLP
www.Seqrite.com 9
Explaining Available Data Transfer Channels
Print Screen Using the Print Screen option to save the screenshot. (On Windows only)
Removable Devices
Using Removable Devices to copy data (for Windows). For selected file types, the Removable Devices go to ‘Read Only’ mode when ‘Monitor Removable Devices’ option is selected.
Network Shares
Using Network Share accessed using UNC Path or Mapped Network Drive. (For Windows only)
Clipboard Using the Clipboard to paste information from one application to another
Printer Activity
Using printer activity, printing through local and network printer. The file/data is not monitored. (Windows only)
Application/online Services
Using online services of third-party application/services to send data such as email, file sharing apps, cloud services, Web browsers and other applications using social media
www.Seqrite.com 10
Disable Print Screen
• Using the Print Screen option to save the screenshot
• It works also for Alt + Print screen
• Applicable only for Windows platform
Benefits:
• This is the easiest method if someone wants to capture some information from
computer as it reduces the efforts of keyboard typing
• Enabling this channel will minimize the risk of data leakage if the user is trying to
take the snap of computer screen in order to capture some sensitive/confidential
information
www.Seqrite.com 11
Removable Devices
• If we block some specific file types from removable drives, users will not able to
copy those files to PC or from PC to drive
• Users will get an alert message & a report will be created for the same
• File will be copied but it will be of 0 KB. So it is unusable
• If we try to copy three files from which one is blocked, the blocked file will not be
copied
• Applicable only for Windows platform
Benefits:
Useful where users don’t want to block removable devices completely i.e. IT admins
can configure DLP with important file types.
www.Seqrite.com 12
Monitor Network Share
• Using Network Share accessed using UNC Path (\\192.168.x.x or \\PC-name) or
Mapped Network Drive
• PC having client agent & DLP applied for network sharing will not be able to access
any files via sharing irrespective of the other PC having Seqrite installed or not
• Applicable only for Windows platform
Benefits:
• With removable drives being controlled by DLP, employees/others try to break the
company protocols by transferring data over the network. By enabling Monitor
Network Share, if end-users try to copy confidential data from one network
location to another, the data transfer will be blocked.
www.Seqrite.com 13
Clipboard
• Using the Clipboard to paste information from one application to another.
Benefits:
• Applicable only to confidential data & user-defined dictionaries.
• Data will not be copied even if you select full line or word containing blocked word.
• E.g. Master card is blocked. So 5555555555554444 can't be copied.
Also, Mastercard5555555555554444Visa will be blocked.
www.Seqrite.com 14
Printer Activity
• Printer activity over local and network printer can now be monitored
• Data will not be monitored while printing
• It will either block or allow printing independent of the data being printed
• Supported only on Windows platform
Benefits:
• IT admins can grant printer privileges on specific endpoints. Taking printouts of
documents is only allowed on those endpoints where admins grant printing
privileges. This ensures that even if the user is attempting data leakage using Print
Channel it will be denied.
www.Seqrite.com 15
Latest EnhancementsP
DLP for specific group:
Customer can buy DLP as per requirement i.e. less than or same as that of EPS license.
This is flexible i.e. IT admins can add/remove clients from DLP list as per need.
Custom Extension:
IT admin can define custom file extension if in case it is not in default list. This helps to
monitor/control almost all known/unknown file types through DLP.
Domain Exception:
Helpful to exclude certain domains while sharing DLP monitored data where customer
wants to exclude internal or some trusted domains from DLP.
Exclusion for File Share/Network Locations:
Can exclude require (centralized data repository) mapped drives or folders to allow users
to store the data at these locations.
D
L
P
www.Seqrite.com 16
Data at Rest Scan
Why DAR?
1. Usually most of the organizations are concerned about data transfer and not about the data stored in system which is not in
motion
2. Organizations also expects that sensitive data should be kept at recommended location to avoid unauthorized access
3. In such cases DAR helps you to find sensitive/confidential data stored in your system
4. You can scan the desired location such as drive, folder, or removable devices on the endpoints and detect the confidential
or sensitive information present
5. You can view the information related to the detected confidential data such as the file path, threat type, and matched text
Benefits:
• Based on this analysis IT admins/ owner of the organization take timely actions in order to make sure that the decided
Data Storage Policy is being followed by his employees.
www.Seqrite.com 17
Case Scenario
A customer is interested in Seqrite EPS with DLP and has certain expectations.
CONDITION 1: Wants to restrict some of the file types through email clients but the same can be shared only within the
organization under existing DLP policy.
CONDITION 2: Has its own software to create some graphic files but that extension is not in default DLP list and wants to
monitor it too.
CONDITION 3: Wants to restrict all Instant Messengers (IMs) except Skype on specific user endpoints.
What do we have in bucket?
SOLUTION 1: To share files within the organization you can add your mail domain in Domain Exception.
SOLUTION 2: If the required extension is unavailable in pre-defined extension then we have the facility to add Custom
Extensions from EPS 7.1.
SOLUTION 3: You can restrict IM tools through Online/Application services and can add Skype in Application exception list
from Admin Settings.
www.Seqrite.com 18
Summary of Benefits
• In today’s competitive world, many organizations are keen to keep their confidential data secure. Seqrite DLP helps the
customer to achieve this goal.
• If someone intentionally tries to transfer the data using certain data channels, in such cases, correct DLP configuration
detects and denies such activities
• In Government organizations/offices confidential data module plays a vital role to prevent any authorized and unauthorized
user to leak such information to outsiders. Example: PAN CARD
• Custom Extension helps to include other file types apart from default
• DAR Scan helps you to make sure that your IT policies related to DATA are being properly followed by your employees
• Most importantly, if you spend on a DLP solution in return, it decreases the restoration cost
• No need to buy DLP for all endpoints. Need based requirement reduces the surplus investment
• DLP reports keep IT admins/owner updated about violation incidents and to identify untrusted individuals
(Internal/External).
www.Seqrite.com 19
Thank You
