Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
CYBER SECURITY
DATA LOSS PREVENTION
OVERVIEW
VERSION: 1.3
DATE: 24/07/2019
AUTHOR: SYLVAIN MARTINEZ
REFERENCE: ES-IDLP
CLA...
2
• Cyber Security Risk
context;
• Data breach statistics;
• Data breach cost;
• DLP dependencies;
• Data protection
lifec...
CYBER SECURITY RISK CONTEXT
3
PAST FUTURE
100%
0%
TIME
GROWTH
PAST FUTURE
100%
0%
TIME
GROWTH
PAST FUTURE
100%
0%
TIME
GRO...
DATA BREACH STATISTICS
4
EVERY DAY
6,313,865
RECORDS
EVERY HOUR
263,078
RECORDS
EVERY MINUTE
4,385
RECORDS
EVERY SECONDS
7...
INCIDENT AND DATA BREACH COST
5
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
PUBLIC
80% FINANCIAL FRAUDS
ELYSIUMSECUR...
DLP DEPENDENCIES
6
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
ORGANIZATION RISK PROFILE
REVIEWED
DOCUMENTED
COMMUNI...
DATA PROTECTION LIFECYCLE
7
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
WHEN THE DATA IS
TRANSMITED
IN TRANSITAT RES...
DLP DEFINITION
8
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
DATA LOSS PREVENTION (DLP) IS A SOLUTION TO MONITOR,
DE...
DLP OVERVIEW
9
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
DISCOVER MONITOR PROTECT
SUPPORT AND REPORT
DATA
HOST BAS...
DEFINE DLP OBJECTIVES
10
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
WHY
DEFINE THE REASONS FOR
IMPLEMENTING DLP
THR...
DEFINE DLP SCOPE
11
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
DEFINE THE EXACT LOCATION OF DATA IN SCOPE
FOR DLP
F...
DEFINE DLP POLICY
12
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
DEFINE DATA CLASSIFICATION MAPPING
NOMENCLATURE,
KE...
OVERVIEW
13
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
TECHNICAL DEPLOYMENT
DISCOVERY &
CLASSIFICATION
ENFORCE DLP ...
TECHNOLOGY DEPLOYMENT
14
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
DATA
HOST BASED
PROTECTION
COVERAGE
FEATURE
OPE...
POLICY SETUP
15
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
LIMITED ALERTS GENERATED
LIMITED SCOPE, SOME DATA IDENTI...
DATA DISCOVERY AND CLASSIFICATION
16
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
DISCOVERY CLASSIFICATION
BASIC
QUIC...
DLP MONITORING AND TUNING
17
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
MONITORING TUNING
BASIC
DEFAULT DASHBOARD
L...
DLP REPORTING AND PROTECTION
18
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
REPORTING PROTECTION
BASIC
REACTIVE REPO...
CORE DLP BENEFITS
19
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
VISIBILITY OF DATA
LOCATION/USAGE/SENSITIVITY
1
MON...
TAKE AWAY TO REMEMBER
20PUBLIC
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
DLP DEPENDENCIES1
IMPORTANCE OF DLP SCOPI...
© 2015-2019 ELYSIUMSECURITY LTD
ALL RIGHTS RESERVED
HTTPS://WWW.ELYSIUMSECURITY.COM
CONSULTING@ELYSIUMSECURITY.COM
ABOUT E...
Prochain SlideShare
Chargement dans…5
×

DATA LOSS PREVENTION OVERVIEW

84 vues

Publié le

A look at what is needed for a successful DLP Implementation

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

DATA LOSS PREVENTION OVERVIEW

  1. 1. CYBER SECURITY DATA LOSS PREVENTION OVERVIEW VERSION: 1.3 DATE: 24/07/2019 AUTHOR: SYLVAIN MARTINEZ REFERENCE: ES-IDLP CLASSIFICATION: PUBLIC
  2. 2. 2 • Cyber Security Risk context; • Data breach statistics; • Data breach cost; • DLP dependencies; • Data protection lifecycle; • DLP definition; • DLP Overview; • Define DLP objectives; • Define DLP scope; • Define DLP policy; • Overview; • Technology deployment; • Policy setup; • Data discovery and classification; • DLP monitoring and tuning; • DLP reporting and protection; CONTENTS CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT • Core DLP benefits • Take away to remember PUBLIC
  3. 3. CYBER SECURITY RISK CONTEXT 3 PAST FUTURE 100% 0% TIME GROWTH PAST FUTURE 100% 0% TIME GROWTH PAST FUTURE 100% 0% TIME GROWTH CYBER SECURITY RISKS’ PROBABILITY AND IMPACT ARE INCREASING. THEIR ABILITY TO DISRUPT COMPANIES BUSINESS OPERATION HAVE GROWING FINANCIAL, REPUTATIONAL AND LEGAL NEGATIVE CONSEQUENCES + = CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT PUBLIC
  4. 4. DATA BREACH STATISTICS 4 EVERY DAY 6,313,865 RECORDS EVERY HOUR 263,078 RECORDS EVERY MINUTE 4,385 RECORDS EVERY SECONDS 73 RECORDS DATA RECORDS ARE LOST OR STOLEN AT THE FOLLOWING FREQUENCY DATA RECORDS LOST OR STOLEN SINCE 2013 Source: Breach Level Index - May 2019 4 7 1 7 6 1 8 2 8 6, ,,1 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT PUBLIC
  5. 5. INCIDENT AND DATA BREACH COST 5 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT PUBLIC 80% FINANCIAL FRAUDS ELYSIUMSECURITY INVESTIGATIONS MAURITIUS 2018-2019 20% RANSOMWARE 100% PHISHING JAN 2018 - $0.5M AUG 2018 - $2M MAY 2019 - $1M JULY 2019 - $0M MAY 2018 - $1M APR 2019 - $0.5M JUNE 2019 - $0.5M $3.86M AVERAGE COST PER DATA BREACH $1.6M AVERAGE COST PER PHISHING ATTACK 95% OF ALL DATA BREACHES COME FROM PHISHING ATTACKS 24% OF ALL DATA BREACHES COME FROM HEALTHCARE ORGANISATIONS 197 DAYS AVERAGE INCIDENT DETECTION TIME WORLDWIDE STATISTICS WORLDWIDE STATS FROM SAFEATLAST.CO AND RETRUSTER.COM – JUNE 2019
  6. 6. DLP DEPENDENCIES 6 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT ORGANIZATION RISK PROFILE REVIEWED DOCUMENTED COMMUNICATED 1 DATA CLASSIFICATION DEFINED COMMUNICATED ENFORCED 2 TYPE OF DATA TO PROTECT IDENTIFIED LOCATED COMPATIBLE 3 PUBLIC
  7. 7. DATA PROTECTION LIFECYCLE 7 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT WHEN THE DATA IS TRANSMITED IN TRANSITAT REST IN USE WHEN THE DATA IS CREATED & CONSUMED LOCAL DISK FILE SERVER CLOUD STORAGE REMOVABLE MEDIA … DOCUMENT READ DOCUMENT MODIFICATION DOCUMENT DELETION DATABASE QUERY … DATA SENT IN EMAIL DATA SAVED TO CLOUD DATA SENT TO SERVER REMOVABLE MEDIA … WHERE THE DATA IS STORED PUBLIC
  8. 8. DLP DEFINITION 8 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT DATA LOSS PREVENTION (DLP) IS A SOLUTION TO MONITOR, DETECT AND PREVENT POTENTIAL DATA LOSSES (BREACHES/EX- FILTRATION) WHILST DATA IS IN USE, IN TRANSIT AND/OR AT REST. PUBLIC
  9. 9. DLP OVERVIEW 9 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT DISCOVER MONITOR PROTECT SUPPORT AND REPORT DATA HOST BASED PROTECTION APP BASED PROTECTION NETWORK BASED PROTECTION DLP SERVICE DLP SOLUTION PUBLIC
  10. 10. DEFINE DLP OBJECTIVES 10 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT WHY DEFINE THE REASONS FOR IMPLEMENTING DLP THREATS, REGULATION, ETC WHAT DEFINE THE TYPE AND FORM OF DATA IN SCOPE FOR DLP CONTRACTS, PII, ETC. DOCS, RAW DATA, ETC. WHERE DEFINE THE TYPE OF LOCATIONS IN SCOPE FOR DLP FILE SERVER, CLOUD, APPLICATION, DB, ETC. WHEN DEFINE THE TIME DLP WILL BE NEEDED IMMEDIATELY AS DATA IS CREATED, DURATION, ETC. PUBLIC
  11. 11. DEFINE DLP SCOPE 11 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT DEFINE THE EXACT LOCATION OF DATA IN SCOPE FOR DLP FILE SERVER NAMES/IP, APP NAME, CLOUD PROVIDER, ETC. DEFINE THE INFRASTRUCTURE DIAGRAM IN SCOPE FOR DLP SYSTEM AND NETWORK DIAGRAMS DEFINE THE DATA FLOW IN SCOPE FOR DLP BUSINESS AND OPERATION LOGIC, DATA FLOW DIAGRAMS, ETC. PUBLIC
  12. 12. DEFINE DLP POLICY 12 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT DEFINE DATA CLASSIFICATION MAPPING NOMENCLATURE, KEYWORDS, ETC. DEFINE THE DIFFERENT ROLES OWNER, CUSTODIAN, CONSUMER, ETC. DEFINE THE DIFFERENT RESTRICTIONS REQUIRED EXPORT/SAVE AS, PRINT, EDIT, READ, COPY, ETC. DEFINE THE ALERT AND REPORTING PROCESS TEAM, PRIORITIES, COMMUNICATION, ETC. PUBLIC
  13. 13. OVERVIEW 13 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT TECHNICAL DEPLOYMENT DISCOVERY & CLASSIFICATION ENFORCE DLP POLICY MONITOR DLP EVENTS REPORTING & TUNING POLICY SETUP BASIC PARTIAL FULL DISCOVER MONITOR PROTECT SUPPORT AND REPORT DLP SERVICE PUBLIC
  14. 14. TECHNOLOGY DEPLOYMENT 14 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT DATA HOST BASED PROTECTION COVERAGE FEATURE OPERATIONAL IMPACT NETWORK BASED PROTECTION EGRESS POINTS VISIBILITY OPERATIONAL IMPACT APP BASED PROTECTION COMPATIBILITY CONFLICT VISIBILITY PUBLIC DLP IMPLEMENTATION
  15. 15. POLICY SETUP 15 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT LIMITED ALERTS GENERATED LIMITED SCOPE, SOME DATA IDENTIFIED AND CLASSIFIED NO RESTRICTION ENFORCED BASIC ALERTS GENERATED MOST DATA IDENTIFIED AND CLASSIFIED SOME RESTRICTIONS ENFORCED PARTIAL ALERTS GENERATED ALL DATA IDENTIFIED AND CLASSIFIED FULL RESTRICTIONS ENFORCED FULL PUBLIC DLP IMPLEMENTATION
  16. 16. DATA DISCOVERY AND CLASSIFICATION 16 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT DISCOVERY CLASSIFICATION BASIC QUICK WINS KEY EGRESS POINTS KEY FILE SHARES SOME DATA TYPES CRITICAL DATA ONLY IN SCOPE SIMPLE DETECTION (KEYWORDS) REPORTING ONLY PARTIAL ALL EGRESS POINTS SOME HOSTS/SERVERS SOME APPS MOST DATA TYPES ALL DATA CLASSIFICATION IN SCOPE COMPLEX DETECTION AUTO LABELLING FULL ALL EGRESS POINTS ALL HOSTS/SERVERS ALL APPS ALL DATA TYPES ALL DATA CLASSIFICATION IN SCOPE MACHINE LEARNING DETECTION AUTO LABELLING ALL DATA PUBLIC DLP IMPLEMENTATION
  17. 17. DLP MONITORING AND TUNING 17 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT MONITORING TUNING BASIC DEFAULT DASHBOARD LIMITED VISIBILITY AD-HOC LOT OF FALSE POSITIVES AD-HOC MANUAL PARTIAL CUSTOMISED DASHBAORD IMPROVED VISIBILITY REGULAR SOME FALSE POSITIVES REGULAR MANUAL FULL FULLY CUSTOMISED DASHBOARD FULL VISIBILITY REGULAR LIMITED FALSE POSITIVES REGULAR MANUAL AND AUTOMATED PUBLIC DLP IMPLEMENTATION
  18. 18. DLP REPORTING AND PROTECTION 18 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT REPORTING PROTECTION BASIC REACTIVE REPORTING LIMITED REPORTING AD-HOC REPORTING MANUAL REPORTING LIMITED VISIBILITY LIMITED ALERTS NO USER FEEDBACK NO RESTRICTIONS PARTIAL SOME PRO-ACTIVE REPORTING DETAILED REPORTING REGULAR REPORTING SOME AUTOMATED REPORTING MOST DATA VISIBILITY USEFUL ALERTS SOME USER FEEDBACK SOME RESTRICTIONS FULL PRO-ACTIVE REPORTING COMPREHENSIVE REPORTING REGULAR REPORTING AUTOMATED REPORTING FULL VISIBILITY COMPREHENSIVE ALERTS USER AND ADMIN FEEDBACK RESTRICTIONS ENFORCED PUBLIC DLP IMPLEMENTATION
  19. 19. CORE DLP BENEFITS 19 CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT VISIBILITY OF DATA LOCATION/USAGE/SENSITIVITY 1 MONITORING AND ALERTING OF DATA SUSPICIOUS ACTIVITIES 2 IMPROVED DATA PROTECTION3 PUBLIC
  20. 20. TAKE AWAY TO REMEMBER 20PUBLIC CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT DLP DEPENDENCIES1 IMPORTANCE OF DLP SCOPING2 IMPORTANCE OF DLP PREPARATION3 PROGRESSIVE IMPLEMENTATION4 CONTINUOUS IMPROVEMENT5
  21. 21. © 2015-2019 ELYSIUMSECURITY LTD ALL RIGHTS RESERVED HTTPS://WWW.ELYSIUMSECURITY.COM CONSULTING@ELYSIUMSECURITY.COM ABOUT ELYSIUMSECURITY LTD. ELYSIUMSECURITY PROVIDES PRACTICAL EXPERTISE TO IDENTIFY VULNERABILITIES, ASSESS THEIR RISKS AND IMPACT, REMEDIATE THOSE RISKS, PREPARE AND RESPOND TO INCIDENTS AS WELL AS RAISE SECURITY AWARENESS THROUGH AN ORGANIZATION. ELYSIUMSECURITY PROVIDES HIGH LEVEL EXPERTISE GATHERED THROUGH YEARS OF BEST PRACTICES EXPERIENCE IN LARGE INTERNATIONAL COMPANIES ALLOWING US TO PROVIDE ADVICE BEST SUITED TO YOUR BUSINESS OPERATIONAL MODEL AND PRIORITIES. ELYSIUMSECURITY PROVIDES A PORTFOLIO OF STRATEGIC AND TACTICAL SERVICES TO HELP COMPANIES PROTECT AND RESPOND AGAINST CYBER SECURITY THREATS. WE DIFFERENTIATE OURSELVES BY OFFERING DISCREET, TAILORED AND SPECIALIZED ENGAGEMENTS. ELYSIUMSECURITY OPERATES IN MAURITIUS AND IN EUROPE, A BOUTIQUE STYLE APPROACH MEANS WE CAN EASILY ADAPT TO YOUR BUSINESS OPERATIONAL MODEL AND REQUIREMENTS TO PROVIDE A PERSONALIZED SERVICE THAT FITS YOUR WORKING ENVIRONMENT.

×