Securing Cisions

Confidential Data with Data

Loss Prevention Systems

By

The Wanderers

Outline of contents

Business Problem and Requirements

[Scott]

Data Loss Prevention (DLP) Solutions

[Angel]

Proposed Solution

[Koonal]

Vendor Comparisons and Architecture [Wander]

Company implementation & Conclusion [Scott]

Business Problem
Problem

Cision needs the capability to exchange confidential information

securely and easily.

Cision
1200 Employees, 30+ offices, 8 countries
Confidential Data

Credit Card / Client Information

Customer privileged data
Employee personal data
Business Confidential data

Secure data from

Employee Error, Employee Theft

Business Solution Requirements

Required
Meet the Payment Card Industry (PCI) requirements for credit card
handling
Prevent client, business or employee data from being incorrectly
disclosed internally and externally
Global capabilities with central configuration and enforcement

Out of Scope
Anti Virus, Firewall, Intrusion Detection Systems, Email Spam Filtering
Limited Other legal requirements: No HIPPA or SOX requirements

Source: http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2008-04-techlinks/data-protection.jpg

DLP Background
Definition of Data Loss Prevention

Products that, based on central policies, identify, monitor, and protect

data at rest, in motion, and in use, through deep content analysis.
-Rich Mogull of Securosis

Other TLAs
Data Loss Protection
Data Leak Prevention/Protection
Information Loss Prevention/Protection
Information Leak Prevention/Protection
Extrusion Prevention System
Content Monitoring and Filtering
Content Monitoring and Protection

DLP Background
Identify where holes or exit points where leaks may occur
Instant messaging (Yahoo Instant Messaging, Windows Live)
P2P file sharing (e.g. LimeWire case as reported by LA Times)
Media streaming
Web mail (Yahoo mail, Gmail, Hotmail)
USB storage devices (ZDNet story from UK)
Removable drives
Devices connected through external ports (Firewire, serial, parallel)
FTP server
Printouts

DLP Background

Source: Securosis.com http://securosis.com/images/uploads/Pragmatic_Data_Security-_Data_Protection_DecisiionsV2.006_.png

DLP Background
How data are flagged and identified

Initial predefined policies

Social security numbers

Prescribed in HIPAA, SOX, GLBA, etc. (Bank account numbers, Credit card
numbers)
Customized categories based on client needs

Data Discovery

Looks into the content and not just the file type
Examine context considerations (factor in parent directories, user group
matching)
Structured data matching (SSN, credit card numbers, etc)
Unstructured data matching (diagrams, source codes, media files)

Fingerprint the data by using one way hash and saved in the database
Information can then be used to identify confidential data elsewhere

DLP Background
Three different levels of DLP
solution

Data in Motion

Data at Rest

Data which uses HTTP,

FTP, IM, P2P and SMTP
protocols are mirrored in
the DLP server for
inspection where visibility
is enhanced
Data in file servers,
databases, hosts
computers set for file
sharing, etc.

Data at End Points

Data which sits on end

user hosts (workstations
and notebooks)

DLP Background
Technical Feature Considerations

Deep content analysis, monitoring and prevention

Centralized Management

Central policy setting, dashboard features

Broad content management across platforms and ease of Integration

Identification and blocking capability

Review of information infrastructure including software for requirement and

compatibility issues

Automated remediation

Transfer confidential files, LDAP lookup, secure purging of sensitive data

Business Environment Considerations

Matching with Business Need

Market Presence

Matches defined business need over feature allure

Major presence in the market, financial industry experience

Staffing Needs

Staffing considerations to handle additional responsibilities

Solution Selection
The Selection
Given that the business problem of to be able to exchange
confidential information securely and easily,
We believe that a DLP solution have the ability to address such need
by identifying and securing confidential data in a comprehensive and
efficient manner as described in the guidelines above,
We select Websense as a representative of such DLP solution which
has met all criteria mentioned above.

Websense
Global leader in integrated Web security, data security, and email
security solutions.
Protects approximately 40 million employees at more than 40,000
organizations worldwide
Core strength in Web filtering, discovery and classification of content

Source: http://www.websense.com/content/aboutus.aspx

DLP Solution:
Websense Data Security Suite
Data Discovery
Data Protect
Data Monitor
Data Endpoint

DLP Solution:
Data Discovery
Software-based solution that remotely scans specified network file
shares, databases, email servers, data repositories, and desktops to
discover and classify confidential data on these systems
Automated remediation of unsecured confidential data on data
repositories, such as encryption, file removal, etc
370 different types of file definitions

DLP Solution:
Data Protection
Protects data with policy-based controls that map to business
processes
Automated, policy-based enforcement options including block,
quarantine, file removal, encrypt, audit and log, user notification in
real time.

DLP Solution:
Data Monitor
Monitors and identifies what customer data is at risk; who is using
the data in real time; and where this data is going
Precise ID technology

DLP Solution:
Data Endpoint
Provides endpoint security and control over what confidential data
is and should be stored (through local discovery)
Who is using it
How it is being used (with what applications)
Where it is being transferred (USB storage, printer)

DLP Solution:
Websense Data Security Suite
in Action
(Case: Miss Bea Haven)

Alternative Vendors (Considerations)

Alternative Vendors (Comparison)

Vendor

Strengths

Weaknesses

Symantec

Industry-leading network discovery and

endpoint protection
Supports localization in 16 languages
Mature deployment methodology

Most expensive enterprise license costs

Admin Console is not localized (English
only)

Websense

Robust on network discovery and endpoint

protection
Supports localization in multiple languages and
already has global presence
Subscription based or perpetual licensing

Most appealing to current WebSense

clients wishing to leverage existing
products

RSA(EMC)

Robust on network discovery

Providing a broad range of DLP inspection
capabilities
Document fingerprinting content-inspection
capabilities.

Weak on endpoint protection

Limited localized detection and support

DLP Solution
Deployment Architecture

Windows Enterprise Network

500 2,500 Users

DLP Solution
Deployment Architecture

Windows Enterprise Network

500 2,500 Users

Company Implementation
Project Implementation Cost Estimates
1st Year Fees / Component
Websense Data Security Suites
Estimated Discount (25% of list)
Implementation Consulting

Qty
1200

Price
$65

Total
$78,300

1200

-$16

-$19,575

80

$175

$14,000

Hardware

$18,000

Totals

$90,725

Ongoing Fees / Component (Yearly)

Websense Data Security Suites
Estimated Discount (25% of list)
Totals

Qty

Price

Total

1200

$65

$78,300

1200

-$16

-$19,575
$58,725

Company Feasibility
Requirements Support
Requirement

Websense
Supported Notes

Legal Requirements
Regional / Language Requirements

X
X

Centralized Administration
Auto Identify Confidential Data
Limit End Point data actions
Industry Recognized Leader

X
X
X
X

Other Considerations
Limitations / Concerns
Software sold as subscription software (yearly ongoing costs)
Websense cannot detect data within image
Will users be able to easily create new controlled data sets
Data Privacy rules are regional and may conflict

PCI
8 countries

Conclusion
Cision needs to add DLP capabilities to their
current security solutions to meet the
business needs.
Websense meets the requirements
Websense is well positioned to grow with
Cisions future needs.
Your mileage may vary

Questions? Preguntas? Pangutana?

Tanong? Perguntas? ?

DONT BE A MISS BEA HAVIN!