Académique Documents
Professionnel Documents
Culture Documents
McAfee Confidential
Why Data Protection Matters
2
New Compliance Laws Draw Boardroom Attention
Collection Use
Retention
McAfee Data Exfiltration Study: Actors, Tactics, and Detection, September 2016
3
4
2017 Cost of Data Breach Study: Global Analysis, Ponemon Institute, June2017
4
Understand Data Exfiltration
Who wants the data? How are thieves getting data out?
2/3 1/3
of breachesoccur occur in cloud
on traditional infrastructures
networks
5
Comprehensive Portfolio
Cloud
File
DLP Encryption
Common
Policy,
Console
and Keys
Device Disk
Control Encryption
7
DLP Business Profile
Key Stats andFacts
8
Award Winning Technology
DLP Prevent
Data-in-Motion
DLP Monitor McAfee Skyhigh
101101100110101001
Email/I Web Post Network Traffic Cloud
M
DLP Discover
Data-at-Rest McAfee Skyhigh
011001101010011011 Drive Encryption
File Share Database Desktop/Laptop Cloud Storage
DLP Endpoint
Data-in-Use
File and removable McAfee Skyhigh
1011011001101001
Removable/Devices Email/IM Cloud Apps File & Clipboard Media Encryption
Device Control
10
McAfee DLP solution McAfee ePolicy Orchestrator
Cover Endpoints, Networks, and Cloud Environments
• Central web based administration console for all
McAfee products
McAfee ePO • Enterprise class – highly scalable - RBAC
• DLP Policy is created here and pushed out to
DLPEndpoint
various control points
• Incidents are aggregated here for and available
for analysis
• Powerful reporting engine
11
McAfee DLP solution DLP Endpoint Agent
Cover Endpoints, Networks, and Cloud Environments • Covers Windows and Macintosh platforms
• Policy is enforced even when system is
disconnected.
McAfee ePO • Vectors Covered: Email, Web, Cloud, Removable
storage, Network transfers, Printing, Clipboard,
DLPEndpoint
Screen Capture
• Local discovery of File system and Mailboxes
• Provides for User Coaching dialogs
• Provides more visibility &Control than network
can, due to proximity to data origin.
Endpoint Data Protection
DLPDiscover
12
McAfee DLP solution DLP Prevent
Cover Endpoints, Networks, and Cloud Environments • Network appliance (Hardware or VM)
• Inspects out bound email and Web traffic against
your DLP Policy and passes Allow / Block decision
McAfee ePO to outbound Mail and Web Gateways
• Feeds DLP incidents back to ePO
DLPEndpoint • Works with any ICAP capableProxy
• Works with any SMTP mail Gateway
• Can receive SSLDecrypted Session from Proxy for
inspection
13
McAfee DLP solution
Cover Endpoints, Networks, and Cloud Environments DLP Monitor
• Network Appliance (Hardware or VM)
• Passive device that monitors traffic and generates
McAfee ePO incidents, but can not block.
DLPEndpoint • Receives copy of outbound traffic from switch via
a SPAN or TAP.
• Monitors more protocols than Web/Email
• Last line of defense (Belt and suspenders)
• Can not decrypt SSL
14
McAfee DLP solution
DLP Discover
Cover Endpoints, Networks, and Cloud Environments
• Software based server.deployed to a windows
server OS via ePO
McAfee ePO • Scans large Data repositories looking for files that
match your DLP policy
DLPEndpoint • Supports CIFS shares, Sharepoint, MS-SQL,
MySQL, Oracle and Cloud repositories
• Remediation actions include Report, Copy, Move,
Apply Rights Management, Fingerprint, and apply
classification (Tag)
Endpoint Data Protection
DLPDiscover
15
Coach and Monitor End-user behavior
Educates employees; alleviate administrative burden; reduce risky behavior
16
Protecting Data Moving To/From the Cloud
Uploading Downloading
17
ePO
18
ePO
19
ePO
DLP Monitor Workflow
4
1. The switch receives network DLP Monitor
packets from internal users
and servers
2
2. McAfee DLP Monitor receives
copies of network packets via
Span/TAP and analyzes them. Span / Tap
1 3
3. The switch also sends packets
through firewall to internet. Users / Servers EgressSwitch Firewall
20
Main Office
Sharepoint
OneDrive
Endpoints
DLPe File Servers, DLP Discover
Sharepoint, Box
Databases
SystemsManagement
Network Devices
ePolicy Orchestrator
Switches DLP Prevent Web WebGateway
SPAN / Tap
Internet
Exchange DLP Prevent Email EmailGateway
CloudServices
DLPMonitor
21
DLP Policy Construction elements
Definitions Classifications Protection Rules
Building blocks for policy creation Use definitions to build out Tie classifications to specific protection
customized logic for identifyingdata vectors (email, web, clipboard, Print
DATA: Screen, Printing, Cloud, Network, etc)
RegEx, Dictionary, Doc properties, File • Automatic Classification based on
Extension, File information, True File type, • Application • Condition – Match condition for the
Validation Algorithms • File location rule
• Content Inspection • Exception – Exceptions to the match
• Manual Classification conditions
SOURCE / DESTINATION:
• Content fingerprinting • Reaction - Expected outcome for the
Application, Network Share, URL List, Email
rule
List, User list, Device, File Repositories