DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-Loaded

38 %
63 %
Information about DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP...

Published on November 13, 2013

Author: AndSor

Source: slideshare.net


Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.

For your eyes only - Encryption and DLP Erkko Skantz Symantec Finland 1


Focus on information 3

Today's System-Centric Enterprise Data Center Field Offices Point of Sale Field Headquarters 4

Today's System-Centric Enterprise Data Center Field Offices 1 in 10 people have lost a laptop, smart phone, or USB drive with corporate information on it Point of Sale 12,000 Field Headquarters Laptops lost in United States airports every week 5

Today's System-Centric Enterprise Data Center Field Offices 1/2 of corporate data resides on mobile Point of Sale devices Field Headquarters 6

Information is the most important asset you have Data Center Field Offices Point of Sale Field Headquarters 7

Where to get started? Where to implement encryption and DLP? 8

Recovey point- and time objective How much data can I afford to lose? How long does it take to get my system up again? CRASH 24 Hours 1 Hour Last backup taken 1/2 Hour Impact of data loss? 1 Hour System up again 9

The Mistakes that Companies Often Make Disk Encryption Find tactical solution Create keys Deploy infrastructure USB Encryption Find tactical solution Create keys Deploy infrastructure Mobile Encryption Find tactical solution Create keys Deploy infrastructure 10

Pay attention 11

Encryption is Easy 1) Take a document 2) Create a key and encrypt the document / file / disk • Most customers think they are buying an encryption application. Don’t make this mistake. • Ask for management platform for encryption. 12

Administration can be difficult 1) Encryption management is UNLIKE any other administrative responsibility 2) Normally, administrative responsibilities end when the user leaves / quits 3) You must manage an encryption key for as long as there is encrypted data! 13

Suggested roadmap FTP, batch, backup transfer Smartphone solutions File/folder/shared server encryption End-2-end email encryption Full disk encryption Encryption Management Server Device and media encryption Gateway email encryption 14

Full disk encryption, the easy way 15

Symantec Full Disk Encryption • Encrypts desktops, laptops, and USB drives • Protects against – Personal computer loss / theft / compromise / improper disposal • Reduces risk of data loss • Protects against reputation damage • Enables business continuity without disrupting user productivity • Demonstrates compliance to regulatory standards • Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification 16

Symantec Full Disk Encryption Deployment Encryption Management Server Clients LDAP Software Deployment Tool • Flexible .MSI and .PKG formats • Support for SMS, Zenworks, Altiris, AD GPO • Deploy to: Windows, (including Windows Server), Windows 8 (BIOS and UEFI), Mac OS X, Ubuntu, and Red Hat clients 17

Full Disk Encryption How It Works Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Policy and Provisioning Initial Encryption Pre-Boot Environment Authentication Compliance Helpdesk • User is presented with modified preboot environment on reboot (or resume from hibernation) • User logs in using passphrase or smart card • Administrators configure policy on Symantec Encryption Management Server • Deploy installation package(s) to Windows (or Mac OS X/Linux) laptops/desktops • Install Symantec Drive Encryption client • System is encrypted, blockby-block • Administrator views logs and reports on Symantec Encryption Management Server • Forgotten passwords • Unavailable employee • Machine recovery 18

It is about the information Symantec Drive Encryption Situation Product & Solution Result Bag (+computer) lost at the airport or stolen from the car. Symantec Drive Encryption: Encrypt all laptops and desktops. The laptop was encrypted and the data was inaccessible by unauthorized users. Because the data was encrypted, the company did not have to report the breach. The company did not suffer a public blackeye. 19

It is about the information THEME: Cloud Storage Situation Product & Solution Result Employees are storing confidential documents in the cloud. They are doing this for collaboration purposes. Symantec File Share Encryption: Encrypt data on internal file shares and data on cloud storage lockers. All data being stored in the cloud is encrypted prior to being sync’d into the cloud. Data is secure from 3rd party cloud companies as well as from compromise of account information to the cloud. 20

It is about the information THEME: Email Situation Product & Solution Result Email administrators are reading the email of the Executive staff Symantec Desktop Email Encryption: Encrypt and decrypt emails at the desktop level before leaving the desktop to the mail servers. Emails are secured on the desktop. Email admins can still access the emails on the mail server, but cannot read them because they are encrypted. Backups of the emails remain encrypted and secured. 21

Information encrypted Objectives • Keep data secure • Meet compliance objective • Protect the business • Control costs and liabilities Tasks • Protect data at rest Products MANAGEMENT • Product data in motion • Protect in use ENDPOINT ENCRYPTION FILE AND SERVER ENCRYPTION EMAIL ENCRYPTION 22

Complete Encryption Platform Full Disk Encryption (FDE) Device and Media Encryption FTP/Batch and Backups Management File/Folder/Shared Server Encryption Central Management of Encryption Applications Symantec Encryption Management Server Key Management PGP® Key Management Server (KMS) End-End Email Gateway Email Encryption Smartphone Solutions 23

The alternative option for encrypting everything 24

Where is your confidential data? DISCOVER How is it being used? MONITOR How best to prevent its loss? PROTECT 25

How Symantec DLP Works DATA LOSS POLICY DETECTION RESPONSE Content Context Action Notification Credit Cards Who? Notify User SSNs What? Justify Manager Intellectual Property Where? Encrypt Security Prevent Escalate Find it. Fix it. 26

Symantec Data Loss Prevention 27

Symantec Data Loss Prevention Products STORAGE Network Discover ENDPOINT Endpoint Discover NETWORK Network Monitor Endpoint Prevent Network Prevent for Email Data Insight Mobile Email Monitor Network Protect Mobile Prevent Network Prevent for Web Management Platform Symantec Data Loss Prevention Enforce Platform 28

Symantec Data Loss Prevention Architecture Secured Corporate LAN DMZ STORAGE MTA or Proxy Network Discover - Data Insight - Network Protect MGMT PLATFORM Enforce NETWORK Network Monitor - Network Prevent – Mobile Email Monitor – Mobile Prevent ENDPOINT Endpoint Discover - Endpoint Prevent SPAN Port or Tap 29

Continuous Risk Reduction 1000 Visibility Incidents Per Week 800 Remediation 600 400 Notification 200 Prevention 0 Risk Reduction Over Time Competitive Trap 30

Putting it all together 31

Defense in Depth: DLP and Encryption Gateway DLP: FIND Removable Storage ENCRYPTION: FIX File-Based 32

Thank you Questions? - erkko.skantz@symantec.com 33

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

DSS Conference: Presentations and Abstracts | DSS Events

DSS Conference: Presentations and Abstracts. Displayed Time Zone is: ...
Read more

Dark Reading | Security | Protect The Business - Enable Access

This is not only in US is is ... Attend GTEC Conference ... To save this item to your list of favorite Dark Reading content so you can ...
Read more

Registration - Usenet.nl – finest downloads since 1979

Registration. 1 / 3 . Yes, I want to learn about other offers ... your membership is automatically extended at the Usenet Relax rate of $8,25/month ...
Read more


Advertising Programmes Business Solutions +Google About Google Google.com © 2016 - Privacy - Terms ...
Read more

National Security Agency - NSA.gov

National Security Agency/Central Security Service Public Information. Back to Top. NSA.gov Site Navigation. NSA CSS. Toggle Search. Skip Search Box. Search ...
Read more

Pgp | LinkedIn

symantec. Symantec Acquires PGP and ... DSS Symantec PGP Encryption Fortress ... DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec
Read more

Pgp | LinkedIn

View 35936 • Pgp posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn ... Symantec (112 members) IBM (66 ...
Read more

Rapidgator.net: Fast, safe and secure file hosting

Rapidgator.net: Fast, safe and secure file hosting. News; ... You can however easily unsubscribe from auto renewal on your Rapidgator.net profile page. Q.
Read more