企业DLP数据安全保护解决方案

1、1企业DLP数据安全保护解决方案为什么需要DLP？什么是DLP？Agenda赛门铁克是怎么做的？2为什么需要DLP？Data Loss Prevention 势在必行内部员工或合作伙伴带来的威胁引起了大多数数据泄漏事件68% 的事件是由于员工的疏忽大意或系统自身缺陷合规要求法律法规可能带来的罚款名誉损失HIPAA, PCI, SOX, Gramm-Leach-Bliley外部威胁APT攻击日益严峻经济或政治利益驱动的攻击客户期望名誉损失客户流失经济损失3什么是DLP？DATA LOSS PREVENTION (DLP)DISCOVERPROTECTMONITOR如何阻止泄漏？它怎样被使用？机密

2、数据在哪？4How it Works: 建立策略5检测响应警告申辩重定向阻止内容环境动作通知用户经理安全员逐级上升 Who?What?Where?Data Loss Prevention PolicyMANAGEMANAGEDISCOVER定义扫描目标发现网络和终端上的敏感数据定义策略模板补救和报告，降低泄漏风险MONITOR123PROTECT45检查正在发送的监控网络和终端上的事件阻断、移动或加密隔离或替换敏感文件通知雇员和经理How it Works: 发现和矫正数据6The New Standard for DLP Detection7DescribeFingerprintLearnD

3、escribed Content Matching保护结构和非结构化数据使用关键字、数据标识符、正则表达式、文件属性Vector Machine Learning保护动态的、非结构化的数据通过样本文件建立统计模型Indexed Document Matching保护非结构化数据源代码、图纸Exact Data Matching保护结构化数据数据数据库、表格MANAGE Broad scan coverage High performance Identify data owners Extensive remediation options Cover all exit points and

4、user activities Understand content and context Work with other security products Educate users in real time Prevent confidential data loss Enforce policies anywhereDISCOVERPROTECTMONITORDetect content accuratelyComprehensive reporting and remediation workflowKey Data Loss Prevention Capabilities8Fra

5、mework for policy authoring and tuningSymantec DLP Product SuiteManagement Platform Enforce PlatformSTORAGEENDPOINTNetwork DiscoverData InsightNetwork ProtectEndpoint DiscoverEndpoint PreventMobileNetwork MonitorNetwork Prevent for EmailNetwork Prevent for WebNETWORK9DLP DemystifiedData Loss Prevent

6、ion for Storage10包括文件服务器、数据库、邮件、网站、NAS等扫描管理：计划扫描、增量扫描、并发扫描、带宽管理识别敏感数据的频繁用户访问、访问权限补救措施: 加密、 自定义动作Symantec AdvantageStorageNetwork DiscoverData Insight EnterpriseNetwork Protect覆盖度：内容感知USB, CD/DVD, Copy/Paste, Print, Fax and Trusted Device controlApplications such as IM, Facebook, Twitter and Citrix自动

7、补救提示/ 通知 / 申辩/ 隔离/阻断/加密 Integrate and Customize through FlexResponse最小影响智能、轻量的Agent设计集中化的Agent配置、监控和Troubleshooting最小终端和网络影响Symantec AdvantageData Loss Prevention for EndpointEndpointEndpoint DiscoverEndpoint Prevent12Symantec AdvantageData Loss Prevention for Network高性能网络监控云和社交应用保护集成MTAs, gateways,

8、 and web proxies企业邮件和Web保护（包括手机和平板）NetworkNetwork MonitorNetwork Prevent for EmailNetwork Prevent for WebArchitecture DetailsDLP Demystified13Monitors and prevents data in motionDiscovers, monitors and prevents data at restDiscovers, monitors and prevents data on the EndpointMobile DLPMonitors and p

9、revents mobile dataNetwork Prevent for MobileArchitecture Overview14Architecture Overview15EndpointNetworkStorageManagementArchitecture Overview IIMonitor: SMTP HTTP IM FTP Any TCP- BasedPrevent: SMTP HTTP/HTTPS FTP File Servers Databases Collaboration Platforms Web Sites Desktops LaptopsStorage Pol

10、icies Workflow Reporting RemediationManagementNetworkDiscover DataMonitor/Block: USB, CD / DVD Network (email, Web, FTP, IM) Print / Fax, Copy / Paste Network Shares App File AccessEndpointEnforce and Detection ServersPoliciesWorkflowReportingAdministrationDetectionDetectionDetectionDetection18Sampl

11、e System RequirementsEnforceNetwork Monitor, Network PreventDiscover, Protect, & EndpointEndpoint AgentNetwork InterfaceTo communicate with detection servers: 1 Copper or Fiber 1Gb/100Mb EthernetTo communicate with Enforce Platform*: 1 Copper or Fiber 1Gb/100Mb EthernetTo communicate with Enforce Pl

12、atform: 1 Copper or Fiber 1Gb/100Mb EthernetTo communicate with Endpoint Server: 10/100MbDisk SpaceRecommended:500GB, Recommended:140 GB Ultra-fast SCSIRecommended:140 GB Ultra-fast SCSIRecommended:1.5 GB Available disk spaceOperating SystemMicrosoft Windows Server 2008 Standard and EnterpriseMicros

13、oft Windows Server 2012 Standard, Enterprise, and Data CenterRed Hat Enterprise Linux 5.8, 5.9, 5.10, 5.11, 6.4, 6.5, 6.6VMware ESX 4.x and later (not supported for DLP Network Monitor)Apple Mac OS X 10.8, 10.9, 10.10 (64-bit)Microsoft Windows Server 2003 and 2008Microsoft Windows 7 Enterprise, Prof

14、essional and UltimateMicrosoft Windows 8 EnterpriseMicrosoft Windows 8.1 EnterpriseProcessorRecommended: 2 x 3.0 GHz Dual Core CPU(Consider increasing CPU for faster Discover scan processing.)Minimum 300 MHz CPU, x86 architectureMemoryRecommended: 6-8 GB RAM. (EDM / IDM size can increase memory requ

15、irements.)Minimum 256 MB RAMPerformance StatisticsNetwork Monitor: 1Gb/sec (using an Endace card for 350 Mbps on Windows or 650 Mbps on Linux)Network Prevent (Email): 20 emails/secNetwork Prevent (Web): 20 posts/secNetwork Discover: Up to 750 GB/24hrsEndpoint Discover: 5GB/hour (assumes no fingerpri

16、nting detection)Endpoint Agents per Endpoint Server: 10K (assumes no fingerprinting detection)* Based on hardware, traffic/file filters, number of policies, and if fingerprinting detection is used19SSE+ Technical Architecture: 11Enforce Platform Administration ConsoleMain DashboardSSE+ Technical Arc

17、hitecture: 1120Enforce PlatformAdministration ConsolePolicy Builder at Manage | Policies | Policy ListSSE+ Technical Architecture: 1121Enforce PlatformAdministration ConsoleSystem Overview at System | Servers | Overview SSE+ Technical Architecture: 1122Defense-In-Depth: Encryption + Data Loss Preven

18、tion23Network DLP / Email Gateway Encryption自动加密包含敏感数据的邮件实时告知员工、经理数据违反策略及加密策略Storage DLP / File Share Encryption自动发现共享的文件的位置并加密对用户透明，减轻IT员工负担Endpoint DLP / Endpoint Encryption面向高风险用户，发现笔记本电脑上的敏感数据自动加密拷贝到USB设备上的敏感文件赛门铁克DLP系统优势总结从产品推出至今，一直处于所有评测机构的排名第一位置。连续8年在Gartner评比第一。全球市场份额（38%）及中国市场份额（30%）保持第一拥有国

19、内最多的DLP客户成功实施案例，涉及金融、电信、能源、制造业等几乎所有行业。国内10万规模用户以上的案例最多。具备经验丰富的原厂本地信息防泄漏咨询、实施服务团队，拥有业界最丰富的项目建设经验技术方案在业界功能领先，最全面、最灵活，可以和Symantec 及第三方产品(含国内厂家)做整合。Symantec DLP方案涵盖: 内容感知信息防泄漏，加密，终端安全，移动终端信息防泄漏等多种信息防泄漏解决方案，覆盖度最广。2425赛门铁克DLP的技术优势DLP整体方案，覆盖最全面Data in Motion，Data at rest，Data in use支持多种语言支持多种协议支持最广泛的数据存储库终

20、端覆盖技术多种多样专利的检测技术指纹匹配无需理解数据内容准确率高支持相似度匹配VML策略灵活、适应性强26最佳实践与丰富的项目经验Months创建例外评估策略精准度建立相适应的规章制度和操作流程建立和业务部门及员工的沟通和教育机制10008006004002000Number of Incidents0Baseline Period1 to 34 to 67 to 910 to 12Prevention/Protection找出有缺陷的业务流程并修正RemediationBaseline发送者收到自动通知Notification业务部门风险记分板Refine Policies创建初始策略Ref

21、ine PoliciesRefine Policies评估违规频度修正通知阻断监控27赛门铁克DLP国内部分典型成功案例广东移动，广州移动，福建移动，辽宁移动，吉林移动，河南移动，甘肃移动，四川移动，青海移动，内蒙古移动，云南移动，山东移动，中国移动（深圳）分公司，重庆移动，新疆移动，贵州移动、重庆移动、浙江移动、陕西移动云南电力四川电力APT威胁防护28互联网出口流量终端SGSTD 28 Threat DefenseInternet Blacklist Vantage Insight AV Mobile InsightBLACKLISTReal-time Inspection结合终端、网关、

22、邮件，APT检测. In-line = block; TAP-mode = inspect only1Symantec Cloud提交可疑文件到Cynic分析2Cynic在沙箱中评估文件行为3CynicSymantec big dataintelligenceEmail & Endpoint (ESS, SEPM)Synapse Correlation利用全球安全数据进行分析，包括恶意邮件数据、终端恶意软件数据、恶意IP&URL4Conviction, Actionable intelligence对可疑文件进行判决，并生成报告5:Proven Choice of Global Market

23、Leaders2946 FORTUNE 100 companies use WHY SYMANTEC: INNOVATION AND MARKET LEADERSHIP8 Consecutive Years of Technology LeadershipUsed by over half ofthe Fortune 100The Global Market Leader in DLPSymantec Template How-To-Guide31Symantec Named as a Leader in 2009-2013Gartner Magic Quadrant for Content-Aware Data Loss Prevention32APT威胁防护33互联网出口流量终端SGSTD 33 Threat DefenseInternet Blacklist Vantage Insight AV Mobile InsightBLACKLISTReal-time Inspection结合终端、网关、邮件，APT检测. In-line = block; TAP-mode = inspect only1Symantec Cloud提交可疑文件到Cynic分析2Cynic在沙箱中评估