Post on 02-Jun-2015
DLPDLP, giải pháp, và phương phát triển khai
Đơn vị tổ chức:
Đơn vị tài trợ:
Bản thân
Họ tên: TRẦN CHÍ CẦNĐơn vị: Công ty CP Tin Học LẠC TIÊNEmail: can.tranchi@lactien.comCell: 090 858 68 01
DLP là gì?
Have Broken Business Processes?
Lack of visibility ofwhat & how data is being
leaked?
Source codeforwarded to private
email accounts?
PCI data copied ontonon-encrypted USBs?
DLP Can Help!
Improve BusinessProcess
Protect SensitiveInformation
Ensure RegulatoryCompliance
Data-in-Motion
Data-at-Rest
Data-in-Use
Data Types
WI
LD
WI
LD
WE
ST
The Sources of Data Loss
Email Web Post Network IM Chat
Desktop/LaptopDatabase
Removable Media ScreenPrinter
File Share
Clipboard
You Cannot Protect What You Don’t Know!
October 29, 20138
1101010111000100101011101000101010010001001010111010100010010000100100111100011100010011010101110001001010111010001010100100010010101110101000100100001001001111000111000100110101011100010010101110100010101001000100101011101010001001000010010011110001110
101011101010001001000010010011110001110001001101010111000100101011101000101010010001001010111010100010010000100100111100011100010011010101110001001010111010001010100100010010101110101000100100001001001111000111000101
1101010111000100101011101000101010010001001010111010100010010000100100111100011100010011010101110001001010111010001010100100010010101110101000100100001001001111000111000100110101011100010010101110100010101001000100101011101010001001000010010011110001110
101011101010001001000010010011110001110001001101010111000100101011101000101010010001001010111010100010010000100100111100011100010011010101110001001010111010001010100100010010101110101000100100001001001111000111000101
Understanding How & What Data is Leaving Your Organization.
ViolationsViolations
PolicyPolicy
CapturedData
CapturedData
Data Analytics
Deploy
Data-in-Motion
Data-at-Rest
Data-in-Use
Data Types Data Loss Vectors Solution
DLP PreventDLP Monitor
DLP Discover
DLP Endpoint
Email Web Post Network IM Chat
Desktop/LaptopDatabase
Removable Media ScreenPrinter
File Share
Clipboard
Discover Data
DLP Discover• Crawl servers Inventory, classify, or fingerprint data
• Remediate Move, delete, or encrypt
• Supported repositories/databases CIFS/NFS/HTTP(S)/FTP(S)
SharePoint/Documentum
SQL/Oracle/DB2/MySQL Enterprise
Find and protect sensitive informationin storage repositories and harddrives.
What It Does
DLP Discover
DLP Endpoint• Crawl local drives & Tag Application, location or content
Outlook files (PST/OST)
• Remediate Move, delete or encrypt
DLP Endpoint
DLP Endpoint• Provide content-aware device
control Move or block
• Integrated with EndpointEncryption
File, folder, or USB
• DRM support Adobe, MS RMS
Protect against data loss via outboundemail, web postings, and endpoints such aslaptops, USBs and other devices.
What It Does
Protect Data
Email/Web Gateway
DLP PreventDLP Prevent
• Analyze network traffic for bothemail and web
SMTP/HTTP/HTTPS
IM/Blog/FTP/FTPS
• Allow, block, bounce or notify• Encrypt, quarantine, or redirect
DLP Endpoint
DLP Endpoint• Provide content-aware detection Over 300 content types
Outlook, webmails
IM/FTP/HTTP(S)
I/O channels (USB, media, devices)
Monitor data as it moves across thenetwork and as it leaves the endpoint.
What It Does
Monitor Data
Switches/Routers
DLP Endpoint
DLP Monitor DLP Monitor• Passively monitor all network traffic Detect tags via keywords or concept
• Examine how data is being used What, where, who or why
• Protocol agnostic
Comprehensive Data Protection
ePO
ESMAbility to inspect, analyse, correlate andreport information of DLP. Secure logstorage (historical). Chain of Custody andNon-Repudiation.
Device ControlEncryption
DatabaseSecurity
Web & EmailGateway
SIEM
MobileDLP
MDM/EMM
Mobile DLP prevent data andintellectual property loss via SecureContainers.
Device ControlDLP integration helps control andaudit of external USB Storagedevices on the endpoint.
Endpoint EncryptionDLP integration with EEFF, EERMfor remediation and to protectinformation base on content.
Database SecurityDatabase monitor for DLP audit andcontrol of data leak.
Web & Email GatewayDLP integration with MWG and MEG analyzesemail and ICAP traffic using its realtime ruleengine and enforces actions (Block, Allow,Encrypt…).
You Cannot Protect What You Don’t Know!
October 29, 201314
1101010111000100101011101000101010010001001010111010100010010000100100111100011100010011010101110001001010111010001010100100010010101110101000100100001001001111000111000100110101011100010010101110100010101001000100101011101010001001000010010011110001110
101011101010001001000010010011110001110001001101010111000100101011101000101010010001001010111010100010010000100100111100011100010011010101110001001010111010001010100100010010101110101000100100001001001111000111000101
1101010111000100101011101000101010010001001010111010100010010000100100111100011100010011010101110001001010111010001010100100010010101110101000100100001001001111000111000100110101011100010010101110100010101001000100101011101010001001000010010011110001110
101011101010001001000010010011110001110001001101010111000100101011101000101010010001001010111010100010010000100100111100011100010011010101110001001010111010001010100100010010101110101000100100001001001111000111000101
Understanding How & What Data is Leaving Your Organization.
ViolationsViolations
PolicyPolicy
CapturedData
CapturedData
Data Analytics
CapturedData
CapturedData
Define Policy
Test Policy
Tune Rules
ViolationsViolations
Data
Data Discovery
1000’s of Servers Millions of files Unknown content
“I’d like to deploy DLP, butwhere do I start?”
“I don’t know where all my data sitsand on which servers.”
Inventory withMetadata
Categorization &Classification
RemediationPrioritized
17
PCI Data
Sensitive IP
Encrypt
Delete
Move
Endpoint ProtectionProtected Finance Share
Applications
Tagged
TaggedCopied
Download
Endpoint Enforcement
Copy/PasteSave as/Rename
Web posting
Copy to media/device
Enhanced Protection for IP
Screen Capture protection• Protect screen capture by any
configured apps (e.g. Snipping tool,SnagIt)e.g. pasting of the screen capture willsucceed, but will provide a blurredimage
Clipboard Protection• Prevent paste of sensitive information
TO designed appse.g. block PCI info being pasted TOSkype
McAfee DLP Layout
Switch
Databases orRepositories
DLP PreventFirewall
DLP Prevent
DLP Monitor
Web Gateway
Email Gateway
DLP DiscoverMcAfee ePO
Data-in-Use
DLP Endpoint
Data-in-Motion
Data-at-Rest
Data-in-Use
Data-in-Motion
Layout
MyDLP
CommunityEdition
EnterpriseEdition
Commercial Support - VVirtual Appliance V VWeb V VMail V VBlock and Log Actions V VQuarantine and Archive Actions - VIRM Actions - VCustomizable Dashboard V VSimple Reporting V VExporting to Microsoft Excel V VFull-text search with SOLR Integration - VMail Archive - VPolicy Revisioning V VE-mail Notifications V VCustomizable Notification Messages - V
CommunityEdition
EnterpriseEdition
Removable Storage Devices V VRemovable Storage Encryption - VRemovable Storage Inbound DataMonitor - V
Printer Protection V VScreenshot Protection V VDiscovery ( Data at Rest ) V VOn Demand Workstation Discovery - VMyDLP API - VRemovable Storage Inbound Archive - VOffline Endpoint Protection - V
CommunityEdition
EnterpriseEdition
Microsoft Active Directory Integration V VDatabase Integration (SQL / JDBC) V VICAP Integration V VSMTP Gateway Integration V V
Native Syslog Integration - V
CommunityEdition
EnterpriseEdition
Keywords V VPredefined Dictionaries V VRegular Expressions V VPartial (Approximate) DocumentMatching V V
Document hashes V VPredefined Data Types (e.g. CreditCard Numbers) V V
National Identification and SocialSecurity Numbers V V
Source Code Identification V VDistance (Partial Context Grouping) - VPredefined Policies V VCustom Content Definition V V
Demo
Thank you!