Catch the full presentation here: https://www.beyondtrust.com/resources/webinar/prevent-data-leakage-using-windows-information-protection-wip/
In this presentation from his webinar, security expert for Microsoft-based systems, Russell Smith examines how the Windows 10 Anniversary Update can be used to prevent data leaks--and without negatively impacting the user experience, on both personal and company-owned devices. Learn why Microsoft believes WIP offers a better solution than traditional DLP, what the requirements are for WIP, how to make it work for your enterprise, and how WIP can be used in conjunction with least privilege security,application whitelisting, and Azure Rights Management.
This presentation and the webinar covers:
What is Data Leakage Protection (DLP)?
WIP vs. DLP
WIP requirements
Implementing WIP in your environment
Using WIP as part of a defense-in-depth strategy
6. Windows Information Protection
versus Data Leakage Protection
• DLP solutions not integrated into the OS
• WIP provides a seamless experience
• No requirement to switch ‘modes’ or use
dedicated apps
• WIP is easy to deploy and manage
8. Azure Information Protection
• Based on Azure RMS
• Classify, label, and protect data
• Persistent protection
• B2B sharing
9. Windows Information Protection –
Data Lifecycle
• Provision policy to devices
• Data from corporate resources automatically
encrypted
• Enlightened apps can automatically protect, or users
can be allowed to define as business or personal
• Protection retained across devices. Azure Rights
Management can be used for B2B sharing
• Wipe business data on demand or when device is
unenrolled
10. Windows Information Protection –
Enlightened vs. Unenlightened Apps
• Microsoft Edge
• Internet Explorer 11
• Microsoft People
• Mobile Office apps
• Microsoft Photos
• Groove Music
• Notepad
• Microsoft Paint
• Microsoft Movies & TV
• Microsoft Messaging
• Microsoft Remote
Desktop
11. Windows Information Protection –
Technology
• Encrypting File System (EFS)
• Mobile Device Management (MDM)
• Microsoft Intune
• System Center Configuration Manager
(SCCM)
• 3rd-party MDM solution
15. Summary: Why PowerBroker for Windows?
• Asset discovery, application control, risk compliance, Windows event
log monitoring included
• Optional: Session monitoring, file integrity monitoring
Deep capability
• U.S. Patent (No. 8,850,549) for the methods and systems employed
for controlling access to resources and privileges per process
Mature, patented
leader
• Tightly integrated with vulnerability management
• Deep reporting and analytics insights for compliance and operations
Centralized
reporting, analytics
and management
• Privilege and session management on Unix, Linux and Windows
• Privileged password and session management
• Integrate Linux, Unix, and Mac OS X with Microsoft AD
• Real-time auditing of AD, File System, Exchange & SQL
Part of a broad
solution family
Validatedbycustomersandanalystsalike
16. Your solution should:
• Elevate privileges to applications, not users, on an as-needed basis without
exposing passwords
• Enforce least-privilege access based on an application’s known vulnerabilities
• Track and control applications with known vulnerabilities or malware to further
protect endpoints
• Monitor event logs and file integrity for unauthorized changes to key files and
directories
• Capture keystrokes and screens when rules are triggered with searchable
playback