SlideShare una empresa de Scribd logo

Selecting Data Security Technology

Flaskdata.io
Flaskdata.io

n this Security technology workshop for IT and network security practitioners, we will teach you a three step process you can use for selecting the right data security technology for your business at the best price. In this session we’ll have a free discission of the do’s and don’ts and the pros and cons of different technologies such as agent DLP, network DLP and DRM.

1 de 18
Descargar para leer sin conexión
Selecting Data security Technology Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com http://www.controlpolicy.com/     
Agenda • Introduction and welcome • What is data security? • Defining the problem • Select by threat • Building threat cases • Three threat cases • Data security taxonomy • Selection process    
Introduction • Our mission today – Tools to help make your work easier – Share ideas    
What the heck is data security? • Security – Ensure we can survive & add value • Physical, information, systems, people • Data security – Protect data directly in all realms    
Defining the problem • You can't improve what you can't measure(*) – Little or no monitoring of data flows • Perimeter protection, access control – Firewall/IPS/AV/Content/AD – Disconnect between HR, IT     Lord Kelvin (*) 
We're not in Transylvania anymore • Threat scenario circa 1993 – Bad guys outside – Lots of proprietary protocols • Threat scenario circa 2009 – Bad guys inside – Everything runs on HTTP – Vendors decide threats    
Model of a crime • Means – Access rights • Opportunity – With rights, insider can exploit vulnerabilities in people, systems • Intent – Uncontrollable Enterprise integration Discovery Regulators Gartner    
Building a threat case Value at Risk Metrics =Threat Damage to  Asset value,  Asset x Asset Value x  Threat damage to asset, Threat Probability Threat probability      (*)PTA ­Practical threat analysis risk model
M&A threat case Asset has value, fixed over time or variable Plans to privatize, sell 50% of equity Threat exploits vulnerabilities & damages assets.  IT staff read emails and files of management board Employee leaks plans to press Buyer  sues for breach of contract. Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Monitor abuse of privilege & IT staff  Prevent leakage of have access management board documents to mail/file servers on all channels.    
Service provider threat case Asset has value, fixed over time or variable Internal pricing of service packages Threat exploits vulnerabilities & damages assets. Outsourcing DBA has SQL access to pricing schema. Competitor gets pricing  and undercuts company.  Company loses reputation and revenue. Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Monitor abuse of privilege & Outsource DBA  Prevent internal data leakage may gain access on Oracle database. during end of month close    
Media threat case – Israeli Trojan Asset has value, fixed over time or variable New product marketing campaign Threat exploits vulnerabilities & damages assets. Competitors distributed custom attack on a CDROM Got terms of new product undercut company.  Company loses revenue ­ > $20M Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Employees  Prevent leakage of data may take a CDROM to unauthorized channels and insert it in their PC    
Data security taxonomy Management Provisioning Events Reporting Policies Data Document Forensics Warehouse Server Detection point Interception Received: from  Session [172.16.1.35]  (­80­230­224­  Decoders Message  ID:<437C5FDE.9080> Policies “Send me more Countermeasures files today.    
Selecting a data security technology • Prove 2 hypotheses: – Data loss is currently happening. – A cost effective solution exists that reduces risk to acceptable levels.    
H1: Data loss is happening • What data types and volumes of data leave the network? • Who is sending sensitive information out of the company? • Where is the data going? • What network protocols have the most events? • What are the current violations of company AUP?    
H2: A cost-effective solution exists • What keeps you awake at night? • Value of information assets on PCs, servers & mobile devices? • What is the value at risk? • Are security controls supporting the information behavior you want  (sensitive assets stay inside, public assets flow freely, controlled  assets flow quickly) • How much do your current security controls cost? • How do you compare with other companies in your industry? • How would risk change if you added, modified or dropped security  controls?    
Match technology to threat case Threat case Agent DLP Network DLP DRM The Israeli Install agent on every PC Install appliance at gateway None  Trojan Intercept Win32 calls Intercept Layer 2 traffic Content, context and Content, channel and      organizational policy organizational policy Monitor, block,  prompt Monitor, block, quarantine Execute policy even  Execute policy for endpoints when PC is off network on network    
Coming attractions • Sep 17: Selling data security technology • Sep 24: Write a 2 page procedure • Oct 1: Home(land) security • Oct 8: SME data security http://www.controlpolicy.com/workshops     
Learn more • Presentation materials and resources http://www.controlpolicy.com/data-security-workshops    

Recomendados

Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKunal Gawade, CFE
 
Introduction to Data Management and Sharing
Introduction to Data Management and SharingIntroduction to Data Management and Sharing
Introduction to Data Management and SharingColumbia Unviersity Scholarly Communication Program
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Rashed al kamdah network security threats
Rashed al kamdah network security threatsRashed al kamdah network security threats
Rashed al kamdah network security threatsrashidalkamdah
 
AWS Webinar 201 - Backup, Archive and Disaster Recovery
AWS Webinar 201 - Backup, Archive and Disaster RecoveryAWS Webinar 201 - Backup, Archive and Disaster Recovery
AWS Webinar 201 - Backup, Archive and Disaster RecoveryAmazon Web Services
 
Cyber law-it-act-2000
Cyber law-it-act-2000Cyber law-it-act-2000
Cyber law-it-act-2000Mayuresh Patil
 
it act 2000
it act 2000it act 2000
it act 2000virtualatall
 
An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)Chetan Bharadwaj
 

Recomendados

Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKunal Gawade, CFE
 
Introduction to Data Management and Sharing
Introduction to Data Management and SharingIntroduction to Data Management and Sharing
Introduction to Data Management and SharingColumbia Unviersity Scholarly Communication Program
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Rashed al kamdah network security threats
Rashed al kamdah network security threatsRashed al kamdah network security threats
Rashed al kamdah network security threatsrashidalkamdah
 
AWS Webinar 201 - Backup, Archive and Disaster Recovery
AWS Webinar 201 - Backup, Archive and Disaster RecoveryAWS Webinar 201 - Backup, Archive and Disaster Recovery
AWS Webinar 201 - Backup, Archive and Disaster RecoveryAmazon Web Services
 
Cyber law-it-act-2000
Cyber law-it-act-2000Cyber law-it-act-2000
Cyber law-it-act-2000Mayuresh Patil
 
it act 2000
it act 2000it act 2000
it act 2000virtualatall
 
An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)Chetan Bharadwaj
 
Information technology act 2000
Information technology act 2000Information technology act 2000
Information technology act 2000Akash Varaiya
 
AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...
AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...
AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...Amazon Web Services
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
E commerce
E commerceE commerce
E commercesiddhesh khadse
 
Flaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata.io
 
The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?Flaskdata.io
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
The insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedThe insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedFlaskdata.io
 
2017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v22017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v2Flaskdata.io
 
Quick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemQuick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemFlaskdata.io
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Pathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcarePathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcareFlaskdata.io
 
The Tao of GRC
The Tao of GRCThe Tao of GRC
The Tao of GRCFlaskdata.io
 
Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Flaskdata.io
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devicesFlaskdata.io
 
Grc tao.4
Grc tao.4Grc tao.4
Grc tao.4Flaskdata.io
 

Más contenido relacionado

Destacado

Information technology act 2000
Information technology act 2000Information technology act 2000
Information technology act 2000Akash Varaiya
 
AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...
AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...
AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...Amazon Web Services
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Destacado (8)

Information technology act 2000
Information technology act 2000Information technology act 2000
Information technology act 2000
 
AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...
AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...
AWS re:Invent 2016: Common Considerations for Data Integrity Controls in Heal...
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 
Cyber security
Cyber securityCyber security
Cyber security
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 
E commerce
E commerceE commerce
E commerce
 

Más de Flaskdata.io

Flaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata.io
 
The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?Flaskdata.io
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
The insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedThe insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedFlaskdata.io
 
2017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v22017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v2Flaskdata.io
 
Quick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemQuick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemFlaskdata.io
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Pathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcarePathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcareFlaskdata.io
 
Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Flaskdata.io
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devicesFlaskdata.io
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2Flaskdata.io
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetFlaskdata.io
 
Data Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachData Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachFlaskdata.io
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkFlaskdata.io
 
Selling Data Security Technology
Selling Data Security TechnologySelling Data Security Technology
Selling Data Security TechnologyFlaskdata.io
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickWriting An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickFlaskdata.io
 

Más de Flaskdata.io (20)

Flaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata - Observability for clinical data
Flaskdata - Observability for clinical data
 
The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trials
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
The insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedThe insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeed
 
2017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v22017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v2
 
Quick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemQuick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC system
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Pathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcarePathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcare
 
The Tao of GRC
The Tao of GRCThe Tao of GRC
The Tao of GRC
 
Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devices
 
Grc tao.4
Grc tao.4Grc tao.4
Grc tao.4
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budget
 
Data Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachData Security Metricsa Value Based Approach
Data Security Metricsa Value Based Approach
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest link
 
Selling Data Security Technology
Selling Data Security TechnologySelling Data Security Technology
Selling Data Security Technology
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickWriting An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stick
 

Selecting Data Security Technology

  • 1. Selecting Data security Technology Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com http://www.controlpolicy.com/     
  • 2. Agenda • Introduction and welcome • What is data security? • Defining the problem • Select by threat • Building threat cases • Three threat cases • Data security taxonomy • Selection process    
  • 3. Introduction • Our mission today – Tools to help make your work easier – Share ideas    
  • 4. What the heck is data security? • Security – Ensure we can survive & add value • Physical, information, systems, people • Data security – Protect data directly in all realms    
  • 5. Defining the problem • You can't improve what you can't measure(*) – Little or no monitoring of data flows • Perimeter protection, access control – Firewall/IPS/AV/Content/AD – Disconnect between HR, IT     Lord Kelvin (*) 
  • 6. We're not in Transylvania anymore • Threat scenario circa 1993 – Bad guys outside – Lots of proprietary protocols • Threat scenario circa 2009 – Bad guys inside – Everything runs on HTTP – Vendors decide threats    
  • 7. Model of a crime • Means – Access rights • Opportunity – With rights, insider can exploit vulnerabilities in people, systems • Intent – Uncontrollable Enterprise integration Discovery Regulators Gartner    
  • 8. Building a threat case Value at Risk Metrics =Threat Damage to  Asset value,  Asset x Asset Value x  Threat damage to asset, Threat Probability Threat probability      (*)PTA ­Practical threat analysis risk model
  • 9. M&A threat case Asset has value, fixed over time or variable Plans to privatize, sell 50% of equity Threat exploits vulnerabilities & damages assets.  IT staff read emails and files of management board Employee leaks plans to press Buyer  sues for breach of contract. Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Monitor abuse of privilege & IT staff  Prevent leakage of have access management board documents to mail/file servers on all channels.    
  • 10. Service provider threat case Asset has value, fixed over time or variable Internal pricing of service packages Threat exploits vulnerabilities & damages assets. Outsourcing DBA has SQL access to pricing schema. Competitor gets pricing  and undercuts company.  Company loses reputation and revenue. Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Monitor abuse of privilege & Outsource DBA  Prevent internal data leakage may gain access on Oracle database. during end of month close    
  • 11. Media threat case – Israeli Trojan Asset has value, fixed over time or variable New product marketing campaign Threat exploits vulnerabilities & damages assets. Competitors distributed custom attack on a CDROM Got terms of new product undercut company.  Company loses revenue ­ > $20M Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Employees  Prevent leakage of data may take a CDROM to unauthorized channels and insert it in their PC    
  • 12. Data security taxonomy Management Provisioning Events Reporting Policies Data Document Forensics Warehouse Server Detection point Interception Received: from  Session [172.16.1.35]  (­80­230­224­  Decoders Message  ID:<437C5FDE.9080> Policies “Send me more Countermeasures files today.    
  • 13. Selecting a data security technology • Prove 2 hypotheses: – Data loss is currently happening. – A cost effective solution exists that reduces risk to acceptable levels.    
  • 14. H1: Data loss is happening • What data types and volumes of data leave the network? • Who is sending sensitive information out of the company? • Where is the data going? • What network protocols have the most events? • What are the current violations of company AUP?    
  • 15. H2: A cost-effective solution exists • What keeps you awake at night? • Value of information assets on PCs, servers & mobile devices? • What is the value at risk? • Are security controls supporting the information behavior you want  (sensitive assets stay inside, public assets flow freely, controlled  assets flow quickly) • How much do your current security controls cost? • How do you compare with other companies in your industry? • How would risk change if you added, modified or dropped security  controls?    
  • 16. Match technology to threat case Threat case Agent DLP Network DLP DRM The Israeli Install agent on every PC Install appliance at gateway None  Trojan Intercept Win32 calls Intercept Layer 2 traffic Content, context and Content, channel and      organizational policy organizational policy Monitor, block,  prompt Monitor, block, quarantine Execute policy even  Execute policy for endpoints when PC is off network on network    
  • 17. Coming attractions • Sep 17: Selling data security technology • Sep 24: Write a 2 page procedure • Oct 1: Home(land) security • Oct 8: SME data security http://www.controlpolicy.com/workshops     
  • 18. Learn more • Presentation materials and resources http://www.controlpolicy.com/data-security-workshops