This document summarizes a presentation on preventing data leakage. It defines data leakage and data loss prevention. It identifies gaps in the company's current security measures, including a lack of mechanisms to capture sensitive data. It evaluates vendors that could address this gap, selecting Vontu. It discusses Vontu products that could protect data in motion and meet pricing estimates. It recommends additionally implementing Blue Coat Proxy to handle network loads and provide URL filtering to support the Vontu solution.
2. Agenda
• What is Data Leakage
• What is Data Loss Prevention
• Identified Gaps
• Vendors and Options
• Products to meet the Gaps
• Final Thoughts
3. What is Data Leakage
• Data Leakage (DL) is how information advertently or
inadvertently reaches unintended recipients in a competitive
environment.
• Sensitive information in databases, spreadsheets, email
archives and documents spread throughout the network can
be lost in many different ways: by employees e-mailing
unencrypted documents; through infection by a virus or
worm; by malicious insiders taking advantage of lax
security measures; and via stolen laptops and storage
devices.
• Recent Data Losses and Breaches:
• TJ Max – Largest Loss of Sensitive Financial Data in US History
• Veteran Affairs – Although the hard drive was recovered, the incident caused
great distrust by former and active military personnel about trust
• State of Ohio – Tape Loss resulted in a complete embarrassment for the
State Government and a loss of consumer confidence
4. What is Data Loss Prevention
• Data Leakage Protection (DLP) is a common security
primitive with the objective of detecting and preventing
confidential content from being "leaked" out of an organizations'
boundaries, that is when confidential or sensitive content has
escaped out of the pre-defined restricted area. Boundaries and
content can be thought of as physical or logical.
• A leakage might or might not cause immediate damage, but
generally means that a lack of security controls exist. Leakage
can occur due to an attack or can be caused by a simple mistake
or a lack of awareness.
5. Identified Gaps
Per the Network Security Audit completed June 25th
, 2007:
• It was identified that NetJets has no mechanism to capture sensitive
data
• The firewalls, IPS, Anti-Virus cannot determine which data
is sensitive, confidential, internal, or public
• Examples of Sensitive data is:
• Social Identification Numbers (SSN, TIN)
• Birthdates
• Financial Account Details (Bank Records, Credit Card)
• Domicile Information (Address, Phone)
• Employee Profiling (Gender, Race, Ethnicity, Origin)
• Government Issued Identification (Passport, DL)
• Aircraft Incidents; FAA, NTSB, TSA
• Legal Proceedings
6. Vendors and Options
• To meet the Gap of ‘No mechanism to capture Sensitive
Information’
• The Information Security Team has identified several key
vendors:
• Vontu
• WebSense
• Vericept
7. Products to meet the Gap of Data in Motion
• The Vendor of Choice is Vontu:
• Vontu is the single most trusted vendor for addressing the
problem of data loss. By an order of magnitude, Vontu leads all
DLP vendors in market share, leading by wide margins for both
"in use" and "in pilot/evaluation," according to a new survey by
TheInfoPro of 150 information security professionals at Fortune
1000 companies
• Vontu currently maintains approximately 60 percent market
share, as well as by far the greatest number of enterprise-wide,
multi-product DLP deployments. One key to customer success is
the Vontu solution's proven ability to scale well beyond the
limits of competing products, resulting in more large enterprise
deployments than all other vendors combined. Vontu
deployments now protect the data of more than four million
employees, including 14 deployments of more than 100,000
employees. Small and medium-size companies also deployed
Vontu software in record numbers.
8. Products to meet the Gap of Data in Motion
• The Vendor of Choice is Vontu:
• Retail Pricing for 7000 employees to protect data in
motion would be $249,452 (which includes
maintenance)
• 2009 costs for 7000 employee to protect data in
motion would be $38,052 for MX (at Retail Pricing)
Data in Motion
Email
IM/Chat
Web
Secure HTTP
FTP
Vontu
Network
Monitor
Vontu
Network
Prevent
9. Additional Thoughts
• The placement of the Vontu product at the edge of the
Network Perimeter demands a solid proxy product
• Our Recommendation for this has been:
• The Blue Coat Proxy
• The BCP has the throughput to handle not
only the network load, but also provide
enhanced URL filtering and is the
recommended product by Vontu for this
purpose.
10. Blue Coat Proxy Server
• The BCP would fulfill
the current needs of
the St. Bernard iPrism
Server and provide
URL filtering at a scale
that is unmatched by
iPrism.
Costs associated with
BCP (Retail):
Year 1 w/o URL Filter
$138,120
Year 1 w/ URL Filter
$186,000
Year 2 w/o URL Filter
$19,120
Year 2 w/ URL Filter
$25,000