Sophos / Utimaco Data Loss Prevention

Peter Szendröi, SOPHOS Nordics

Jan 20, 2010

Sophos,Simply Secure

Changing security landscape

PCI-DSSHIPAA

CSB 1386

GLBA 95/46/EC

Contractors, outsourcingPartners, customersWeb 2.0

Mobile workers

Firewall

Corporate data

$Customer

dataIntellectual

propertyPersonally identifiableinformation

Targeted

...targeting commercial data

Complex threats....

Web-based, Invisible

Fast changing

Regulatory disclosure and reputation damage

Digital generation set loose Information theft – not graffiti

5

Headlines are the tip of the iceberg

Brand damage

Loss of customers

Incremental internal costs

Direct costs of intellectual property loss

6

How is this data exposed?

Insider theft accounts for only 5-15% of the data loss

Most data breaches are accidental

Only 2.4% were prevented by protective measures (e.g. encryption)

What data is at risk?

7

Process Work Knowledge Work

Well-defined responsibilities Well-defined workflows Dealing with PII

Risks: - Non-compliance- Criminal prosecution- Brand / reputation damage

Changing roles / assignments Unstructured data Company information assets

Risks: - Competitive damage - Loss of partner trust

Personally identifiableinformation

Intellectual propertyCustomerdata

Business challenge Conflicting Goals!

Challenge of Data Loss Prevention

8

Enable productivity, mobility and flexible “web 2.0” working

Comply with regulationAvoid damaging data loss

There is no “100% DLP”

but also

9

Simply Secure Data Loss Prevention

10

Four elements of an effective DLP strategyControl the user environment by restricting data exit points

Control devices, applications, email and web usage

Ensure security policy compliance

Protect confidential and sensitive informationFull disk, removable storage and file encryption

Email encryption

Prevent leakage of personal identifiable informationComprehensive coverage of personally identifiable information types

Continuously assess, audit, report and enforce on endpoint and gateway

Classify intellectual property and sensitive business dataEmpower knowledge workers to classify sensitive business data

Apply classification to existing documents and data sets

11

Control user environment Data loss objective:

Significantly reduce risk by managing what users can do on data exit points

Sophos solution provides granular control of: Storage devices and network interfaces

Applications

Web site access

Continuously monitor user behaviour and enforce security policies

SophosLabs provide the domain expertise: Managed application definitions (P2P, IM, Remote Access)

Managed web site categories (webmail, social networks, IM)

Indentify over 150 file formats using “True File Type” technology

12

Protect confidential and sensitive information

Data loss objective: Data encryption is the ultimate data loss insurance policy

Sophos solution protects data where it is most exposed:Laptops

Removable storage and optical media

Email

Server file shares

Data protection platform:Enterprise mangement console and key management

Integration with Active Directory

Transparent file and folder encryption

Audit compliance

13

Prevent leakage of PII Data loss objective:

Tackle the highest risk of regulatory infringement and brand damage

Sophos solution covers all critical data leakage points: Storage, web, email and IM

Fully integrated into core endpoint and gateway products

SophosLabs provide the content expertise: Over 100 expert definitions of personally identifiable information

Administrator decides appropriate enforcement action: Audit – silent background monitoring of events Training – audited end user authorisation Enforcement - encrypt or block transfer

14

Classify and protect documentsData loss objective:

Protect high value intellectual property and operations data

Sophos solution is designed to empower knowledge workers:Define classification levels within policy

Enable end user to tag and classify new documents

Embed classification within document

Scan for and classify existing documents using document context

Enforce policies for classified documents on endpoint and gateway

Integrated with enterprise encryption solution:Leverages existing user identity and permissions

Provides workable enterprise rights management

Sophos Data Loss Prevention

15

Enterprise Security and Control SafeGuard Enterprise

Solutions designed to meet a need

16

Process Work Knowledge Work

Comply with regulationsProtect data using full disk encryption

Prevent leakage of PII from endpoints

Prevent leakage of PII from email and web gateway

Data at resting scanning of PII on endpoints

Protect company assets using encryption and classification.

Detect leakage of IP via common leak points.

Classify and protect IP at the point of creation.

Persistent taggingIdentify and protect IP using automated classification and data at rest scanning.

SafeGuard EnterpriseYour key to data protection with encryption

SafeGuardDevice

Encryption

2. Encrypt laptops, desktops

SafeGuardFileShare*6. Secure

network file shares

SafeGuard Management

Center

1. Consistent policies, mgmt. of keys & certificates

SafeGuardData

Exchange

3. Encrypt removable media

SafeGuard Configuration

Protection

4. PC port control & DLP

SafeGuard Partner Connect

5. Manage external security products

(*) Future release

Safeguard Mail Gateway overview

1 2 34

5

1. Email Client sends out Email in plain text2. Email Server forwards Email to Content-Filter3. Content-Filter forwards Email to SGMG4. SGMG evaluates Email Security Policy and

cryptographically handles the Email accordingly

5. SGMG delivers Email to the Recipient

a. External Communication Partner sends an encrypted Email

b. SGMG identifies encrypted Email and decrypts this Email. The Email is now in plain-text.

c. SGMG forwards Email to AV-Scannerd. AV-Scanner checks and forwards the Email to

the Email Servere. Email Client receives Email in plain text

e d cb

a

20

Questions?