Best Practices for Implementing Data Loss Prevention (DLP)

2013 ISACA Webinar Program. © 2013 ISACA. All rights reserved.
Best Practices for Implementing
Data Loss Prevention (DLP)
• Michael Avdeev DLP Solution Architect, McAfee
• John Callaghan Sr. Mgr. Engineering Research , SilverSky

2013 ISACA Webinar Program. © 2013 ISACA. All rights reserved. 2
Welcome!
• Type in questions using the Ask A Question button
• All audio is streamed over your computer
– Having technical issues? Click the ? Button
• Click Attachments button to find a printable copy of this presentation
• After the webinar, ISACA members may earn 1 CPE credit
– Find a link to the Event Home Page on the Attachments button
– Click the CPE Quiz link on the Event Home Page to access the quiz
– Once you pass the quiz, you’ll receive a link to a printable CPE
Certificate
• Tell us what you thought of this event!
– By using the FEEDBACK button
– Complete the Webinar Survey on the Attachments button
• Question or suggestion? Email them to eLearning@isaca.org

Today’s Speakers
Michael Avdeev
DLP Enterprise Solution Architect
McAfee
John J. Callaghan,
CISM, Senior Manager
Security & Engineering Research,
SilverSky

Motivations
“A world of needs…
… essential considerations”
What
• Another Tool or Governance approach
Why
• Mandate, IP, Regulatory, Compliance
When
• Immediately .vs. Planned
Where
• Across the business, by geography
How
• “By Policy”, Training, Top-Down, Inter-organizational

Considerations
“The obvious...
… and not so obvious”
• Business Goals
• Company Primary IP
• Industry & Legal Requirements
• Corporate Security Policies
• New Projects ‘rollout’ history
• Secondary IP concerns
• Business unit Practices & Repositories
• Varying adherence to Corporate Policy
• Exposed IP
• Extranet/sharing issues

Challenges
“Securing the Data…
… loss / theft / corruption”
• Today: Data = Dollars
• Crime: Cybercrime is simply Crime
• News: Success stories need to outweigh breaches
• Statistics: At the close

Data-in-Motion
Data-at-Rest
Data-in-Use
Data Types
WILDWILDWEST
Data Loss Vectors
Email Web Post Network IM Chat
Desktop/LaptopDatabase
Removable
Media
ScreenPrinter
File Share
Clipboard

DLP
Governance
Risk
Assessment
Compliance
Classification
Policies
Discovery
Remediation
Awareness
DLP Elements

Governance
Summary:
• Data Governance = confidentiality, integrity and availability of data
• Monitor the flow/storage of data in your environment
Action:
• Develop a governance structure
• Define roles & responsibility
• Create a communication plan
• Create governance metrics
Examples:
• Centralized vs. De-Centralized
• Set up a central site for document
storage & communications
• Use DLP policies to generate
metrics

Risk Assessment
Summary:
• Identify all data types, threat vectors, and potential business impact
• Prioritize ranking of risks and a list of initiatives to mitigate the risk
Action:
• Execute the RA
• Create a detailed action plan
• Assign owners to RA results
• Formalize a recurring RA plan
Examples:
• Use asset management tools to
catalog assets
• Use DLP to identify risk in systems,
applications, lines of business, etc.

Compliance
Summary:
• Sensitive information regulated by governmental and industry statutes
• Avoid fines, increased audit costs, embarrassment, or prosecution
Action:
• Identify governing bodies
• Identify statutes
• Create a data element mapping
• Create compliance metrics
Examples:
• Monitor PCI data movement both
within and outside of the company
• Use IT GRC tools to manage
compliance

Classification
Summary:
• Classify data according to its value and risk
• Protect classes of data; not individual elements
Action:
• Gather initial and new data
elements
• Develop a standard framework
• Identify data owners and users
• Identify approved data storage
systems
Examples:
• Set up workshops to gather initial
data elements
• Use DLP data discovery scans to
gather new data elements
• Catalog locations and move data
to approved storage locations

Policies
Summary:
• Flexible policies that grows with the organization over time
• User education on policies, standards, and guidelines
Action:
• Review existing policies
• Create new policies
• Socialize polices with users
• Evaluate effectiveness
Examples:
• Educate key stake holders (HR,
compliance team, biz units)
• Set up a recurring update program
to measure policy effectiveness

Discovery
Summary:
• Find sensitive data in areas you don’t expect it to.
• Identify broken process, bad actors, and “data drift”
Action:
• Create a data discover program
• Define data storage type
• Define data categories
• Define data owners
Examples:
• Identify “data drift” in “data-at-rest”
(file servers, database)
• Identify “data drift” in “data-in-use”
(local disks on laptops and
desktops)

Remediation
Summary:
• More than fixing the data – look at the people and the process
• Remediation is NOT done until root causes are identified and risk is
mitigated
Action:
• Develop data/incident response
programs
• Perform system/data clean-up
• Implement mitigation actions
Examples:
• Root caused PCI data leakage due
to a broken business process
• Automatically encrypt all patient
data via outbound email traffic

Awareness
Summary:
• Your employees are a critical line of defense
• Embed employee education into your DLP program
Action:
• Develop a security awareness
program for employees
• Develop specific data protection
training for data owners
Examples:
• Posters
• Webpage with guidelines
• Quick situational videos

Approaching the Task
Deployment Best Practices
• Solid preparation
• Understand the data & rules
• Be realistic with the project plan
• Communication, communication, communication
Protecting Data is a Process
Problem…

Deployment Best Practices
• Scope the hardware appropriately
• Get buy-in from key stakeholders early
• Evaluate DLP endpoint strategies
• Have a realistic test environment so you can see problems early
Solid
Preparation
• Privacy rules differ state by state, country by country
• Understand how data is being used in your company before building policies
• Understand chain-of-custody implications of collecting evidence in a DLP
solution
Understand the
Data & Rules
• You can’t watch everything - prioritize what’s important
• Start small and grow your coverage
• Know what you need to watch for and what you cannot watch for
• Document well and define key statistical performance metrics
Be Realistic
• Weekly calls (technical level & governance level calls with senior management)
• Define departmental champions to help overcome roadblocks
• Keep the CISO actively involved
• Train downstream – don’t limit it to just security
Good
Communication

Who? What? When? How?
Data Type Risk Level Findings
PCI Data Exposed User Ignorance of Policy
PII Data Exposed
PII data sent, received and
stored UNENCRYPTED
Intellectual Property Leaks
“Confidential” files sent to
questionable destinations
State Privacy Law
Violations
Broken business process
You cannot protect the data
you don’t know about!

Streamline Policies
 Fine tune and test policies without interrupting business
Define Policy
Test Policy
Tune Rules
Data
Analytics
Violations
Data

Inventory with
Metadata
Categorization &
Classification
Remediation
Prioritized
Discovery Best Practices
PCI Data
Sensitive IP
Encrypt
Delete
Move

Management ModelProactiveReactive
Decentralized Centralized
• Complex IP environment
• Business driven needs
• Small security team
Business Flex Dedicated Team
Light Coverage Part-Timer
• High regulatory requirements
• Mature business model
• Strong security team
• Low regulatory environment
• Low business drivers
• Small security team
• High business drivers
• Little management buy-in
• Strong security team

What You Learned Today
• The 8 Essential DLP Elements
• DLP Deployment Best Practices & Examples
• Different DLP Management Models
Remember …
You cannot protect the data you don’t know about!
Start small and be realistic about your project plan.
Get buy-in from business users early.
Protecting data is a process problem.

Resource & Tools
• Verizon Data Breach Investigation report:
http://www.verizonenterprise.com/DBIR/2013/
• “Implementing and Managing a DLP Solution” Whitepaper
http://mcaf.ee/dphvg -> White Papers
To find out more about McAfee DLP solution
• Public page http://mcaf.ee/dphvg
• Regulation link http://www.mcafee.com/data-protection-laws
• Data Risk Assessment http://dataprotection.mcafee.com/forms/RiskAssessment
• Blogs http://siblog.mcafee.com/category/data-protection
• Videos http://www.youtube.com/McafeeDLP
• Twitter handle @McAfeeDLP

Questions?

Thank You!
Michael Avdeev, michael_avdeev@mcafee.com
John Callaghan, jcallaghan@silversky.com

Best Practices for Implementing Data Loss Prevention (DLP)

More Related Content

What's hot (20)

Similar to Best Practices for Implementing Data Loss Prevention (DLP) (20)

Recently uploaded (20)

Best Practices for Implementing Data Loss Prevention (DLP)