Page 34 - Check Point 2013 Security Report
Basic HTML Version
035
CHECK POINT 2013 SECURITY REPORT
04
_ DATA LOSS INCIDENTS IN YOUR NETWORK
Data Classification Engine
High accuracy in identifying sensitive data is a critical
component of a DLP solution. The DLP solution must be
able to detect personally identifiable information (PII),
compliance-related data (HIPAA, SOX, PCI data, etc.),
and confidential business data. It should be inspecting
content flows and enforcing policies in the most widely
used TCP protocols, including SMTP, FTP, HTTP,
HTTPS and webmail. The DLP solution should also be
able to inspect by pattern matching and file classification,
in order to identify content types regardless of the
extension applied to the file or compression.
In addition, the DLP solution must be able to recognize and
protect sensitive forms, based on predefined templates and
file/formmatching. An important feature of a DLP solution
is the ability to create custom data types for maximum
flexibility, along with the vendor’s out-of-the-box data types.
Empower Users to Remediate Incidents
Traditional DLP solutions can detect, classify and even
recognize specific documents and various file types, but they
cannot capture the user’s intent behind the sharing of sensitive
information. Technology alone is not enough, because it cannot
identify this intention and respond to it. Hence, a good DLP
solution must engage the users in order to get optimal results.
One such way is to empower users to remediate incidents
in real time – the DLP solution should inform the user that
his action might result in a potential data leak incident, and
empower the user to decide to discard the message or to send
it anyway. This improves security with raised awareness of
data usage policies by alerting users of potential mistakes and
allowing for instant remediation, while it allows for quick
authorization of legitimate communications. This also makes
management easier. While the administrator can track DLP
events for analysis, there is no need to personally attend in real
time to every request to send data outside the company.
Protection Against Internal Data Breaches
Another important DLP capability is the ability not
only to control sensitive data from leaving the company,
but also to inspect and control sensitive emails between
departments. Policies can then be defined to prevent
confidential data from leaking to the wrong departments.
Examples of data that might need protecting from
accidental leakage to other departments are compensation
plans, confidential human resource documents, mergers
and acquisition documents, or medical forms.
Data Protection for Endpoint Hard Drives
Companies must secure data on their laptops as part of a
comprehensive security policy.Without securing data, outsiders
can obtain valuable data through lost or stolen laptops which
can result in legal and financial repercussions. A proper solution
should prevent unauthorized users from accessing information
by encrypting the data on all endpoint hard drives, including
user data, operating system files and temporary and erased files.
Data Protection for Removable Media
To stop incidences of corporate data ending up in the wrong
hands via USB storage devices and other removable media,
encryption and prevention of unauthorized access are required
for these devices. Employees are oftenmixing personal files such
as music, pictures, and documents with business files such as
finance or human resource files on portable media whichmakes
it even more challenging to maintain control over corporate
data. By encrypting removable storage devices, security breaches
can be minimized in case devices are compromised.
Document Protection
Business documents are uploaded to the web by file-storage
applications, sent to personal smartphones, copied to removable
media devices and shared externally with business partners
on a regular basis. Each of these operations put sensitive data
at risk of being lost or used improperly or accessed by non-
authorized individuals. In order to keep corporate documents
secured and protected, a security solution must be able to
enforce a document encryption policy and grant access only to
authorized individuals.
Event Management
Defining DLP rules to meet the organization’s data usage
policies should go with good monitoring and reporting
capabilities. To minimize the potential of data leakage in an
organization, the security solution must include monitoring
and analysis of real-time and historical DLP events. This gives
the security administrator a clear and broad visibility into the
information being sent outside, their sources and the ability
to act in real time when needed.
