Transcript Trend Micro LeakProof3 NDA Presentation

Trend Micro LeakProof 3.0
Glen Kosaka
Director, DLP Marketing
November 2007
Agenda
• The Pain: Damaging Leaks of Sensitive Information
– Uneducated employees cause accidental disclosures
– Companies don’t know where sensitive data is
• The Cure: Trend Micro LeakProof 3.0
• Why Trend Micro LeakProof 3.0
• Background
Trend Micro
Confidential
7/16/2015
2
Copyright 2007 - Trend Micro Inc.
Data Leak Prevention: PAIN Worldwide
Trend Micro
Confidential
7/16/2015
3
Copyright 2007 - Trend Micro Inc.
Securing Enterprise Data
LeakProof enables companies to
reduce the risk of data breaches and
ensure privacy and compliance
LeakProof understands the
content of data at rest, in use, and in motion
on every enterprise endpoint,
providing protection of sensitive data
Trend Micro
Confidential
7/16/2015
4
Copyright 2007 - Trend Micro Inc.
The ‘Insider Threat’
Authorized
Insiders
• 78% of data
breaches come
from Authorized
Insiders
Threat
– Ponemon
Institute Study –
2006
7/16/2015
Goals
► Monitor, log,
prevent
breaches
► Assess risk continuously
► Educate
employees
Focus of
LeakProof
3.0
Trend Micro
Confidential
► Accidental or
malicious
breach
5
Copyright 2007 - Trend Micro Inc.
Un-Authorized
Outsiders
Threat
► Lost or
stolen data
Goals
► Prevent use
of data by
unauthorized
people
Scenes of Mobile Data Leakage
Scene 1
Confidential
Confidential
Product
Plan
Confidential
Plan
for Product
Next Gen
for
Next Gen
Product
Plan
Gaget
Gaget
for
Next Gen
Gadget
Kristina, at Starbucks™…
How do you know?
…edits a confidential document…
How can you tell it wasn’t a love letter?
Scene 2
…and emails it
Could you have stopped it?
149dl209y
kw9731la1
d992;f9ska
98f02l0399
USB Drive
Gary, at a branch office…
…encrypts customer data…
How do you know?
Trend Micro
Confidential
7/16/2015
Is he authorized?
6
Copyright 2007 - Trend Micro Inc.
…and copies it
Can you centrally monitor & log?
LeakProof™ Secures From the Endpoint
Protect
Client Software
Educate
ACME Customer Privacy Protection
Employees of ACME are expected
to protect…
• Intelligent
– Fingerprint, Regex,
Keyword, Meta-data
•
•
•
•
Justify
Anti-leak
Client
Interactive New 3.0
Invisible
Independent
Robust
Data Secured By Provilla Agent
Agent
Discover
`
Servers
Enterprise Management
• Policy
• Visibility
• Workflow
Data Secured By Provilla Agent
Printer
Fax
Data Secured By Provilla Agent
Agent
PDAs
External HD
Digital Cameras
Modems
Handhel
Agent
Servers
Servers
7/16/2015
Laptops
DataDNA Server
Plotter
`
Trend Micro
Confidential
Desktops
7
Desktops
Cellphones
Video Cameras
`
Desktops
Laptops
Laptops
Copyright 2007 - Trend Micro Inc.
PDAs
PDAs
External HD
External HD
Card Reader
(SD, CF…)
Card Reader
(SD, CF…)
Payment
Systems
Oth
Smart Phones
What’s New in LeakProof 3.0?
• Interactive Employee Education & Workflow
New
New
New
–
–
–
–
Log, Block, Client Alert
Education: Custom messages and URL links
Encryption for USB copying
Justification
• Discovery of Sensitive Data
New
– Stand-alone discovery/scan module
• Administrative Workflow
Enhanced
– Dashboard, Policies, and Monitoring
• Broadest Coverage at the Endpoint
New
Trend Micro
Confidential
– USB, Email, Webmail, IM, Network…
– Windows Vista / Office 2007, Yahoo IM filtering,
PrintScreen Blocking
7/16/2015
8
Copyright 2007 - Trend Micro Inc.
Unique Fingerprinting Technology
•
•
•
•
Trend Micro
Confidential
Fast
Small
Accurate
Language
independent
7/16/2015
9
Copyright 2007 - Trend Micro Inc.
Core Filtering Technology
• DataDNA™ Matching Engine
– High confidence, low false positives
– Language independent
– Multiple matching methods
•
•
•
•
NA™
Data
Confidential
149dl209y
kw9731la1
d992;f9ska
98f02l0399
Product Plan
for Next Gen
Gadget
Signature/fingerprint
Entity / Regex
Keyword
File meta-data
Fingerprinted
• Robust Anti-Leak A/L Agent
NA™
Data
– DataDNA matching engine protects
• Online OR offline
• On edited, re-saved, cut/pasted content
– Broadest coverage
BLOCKED!
• Devices, channels, applications, email
clients, network protocols
• Authorizes encryption
Confidential
Product Plan
for Next Gen
Gadget
149dl209y
kw9731la1
d992;f9ska
98f02l0399
New architecture plan
Trend Micro
Confidential
7/16/2015
10
Copyright 2007 - Trend Micro Inc.
Leading Agent Performance and Technology
Performance/
Footprint
Provilla A/L Agent
CPU cycles
2.54% (1/2)
Run-time Memory
8,280K (1/5)
• Fast and light
• Fastest matching engine
Search
Provilla A/L Agent
Competition
Keywords: 1000
12.0 MB/s (10x)
1.3 MB/s
Entity –SSN,
Phone, Date
190 MB/s (40x)
4.75 MB/s
• Smallest signatures
Fixed Signature Size
• Unobtrusive, Invisible
– Not in task manager
– Not in service list
– Hidden files/directory
Signature Size (bytes)
10000000
1000000
100000
Competition
Provilla Now
Provilla 1H'08
10000
1000
100
10
1
10 MB
100 MB
1 GB
Original Document Size
Trend Micro
Confidential
7/16/2015
11
Copyright 2007 - Trend Micro Inc.
Enterprise Workflow & Policy
• Leak Protection Policies
–
–
–
–
Logging, alerting, blocking
Education, Encryption, Justification
By endpoint, user, or group
By data classification
DATA
IN MOTION
DATA
AT REST
• HIPAA, Customer, SOX, SS#
Confidential
Product Plan
for Next Gen
Gadget
– Separate online and offline policies
• Inventory & Forensics
– Discovery
• By endpoint, group, policy
– Investigate events, see actual sensitive
content
• Scalability, Availability
Dashboard &
Reporting
– Server clustering
– Agent monitoring
Trend Micro
Confidential
7/16/2015
12
Copyright 2007 - Trend Micro Inc.
DATA
IN USE
Compelling Results
• Sony Ericsson: Global mobile handset manufacturer
– Over 100 security violation incidents in first 3 weeks
• ISSI: Technology manufacturer
– Detected large number of file copies after employee resigned
• Leading financial services company
– Protected customer privacy to address compliance regulations GLBA
etc
Trend Micro LeakProof distribution partners
Trend Micro
Confidential
7/16/2015
13
Copyright 2007 - Trend Micro Inc.
Discussion
Background
Data Security & Protection
• Why Data
Security?
• Data is more
mobile
• Mobile devices
more powerful
• Difficult to
secure the
‘infrastructure’
in a mobile
world
Laptops
Employee & Client
Information and
Intellectual Property
(R&D, HR)
USB
CD
DVD
Documents,
Sensitive Data
PDAs
Email, Contacts,
Documents
Smart
Phones
Cell
Phones
Contacts,
Calendar
Content Sensitivity & Threat Potential
(source: InfoLock)
According to Gartner, 47% of corporate data resides on mobile devices, and
350,000 mobile devices were lost or stolen in
the U.S. over a two-year period
Trend Micro
Confidential
7/16/2015
15
Copyright 2007 - Trend Micro Inc.
Mobile Insecurity
• Desktop and Mobile
Leakage
Enterprise Mobile Device
Market Penetration Over Time
100
Top Leakage Concerns
% Penetration
80
USB
Corporate Email
Email on the Public Internet
WiFi
Mobile
Population
60
Anchored Desktop
40
20
CD / DVD
0
PDA
2000
Bluetooth / Infrared
2005
Printer
1
2
3
Source: Market Research International
Trend Micro
Confidential
7/16/2015
16
4
5
6
Copyright 2007 - Trend Micro Inc.
Source: The 451 Group and
Infolock
2010
New Dashboard and Workflow
Trend Micro
Confidential
7/16/2015
17
Copyright 2007 - Trend Micro Inc.
Employee Education
Brandable
Custom Links
Logo and custom
messages
Company
Policies
ACME Customer Privacy Protection
Employees of ACME are expected
to protect sensitive information
containing customer information
such as names, account numbers,
social security numbers etc.
Please report any …
Call the helpdesk or email.
Severity:
Blocked,
Warn & Log,
Info only
Trend Micro
Confidential
7/16/2015
Custom Alert Messages
File {name} contains {class} data
and should not be sent via {channel}
18
Copyright 2007 - Trend Micro Inc.
Protection of Intellectual Property
The IP of ACME is very valuable to
us, and we expect all employees to
help protect this data. Files containing IP secrets should not be
emailed, copied to USB, …
If you have any questions about
this, please contact HR at …
Trend Micro
Confidential
7/16/2015
19
Copyright 2007 - Trend Micro Inc.
Patented DataDNA Technology
• Superior endpoint-based enforcement
Copy-Detection:
Byte-based
DataDNA:
Char-extraction
Text tokenization +
Token-based sliding
window +
Hash
Byte-based sliding
window +
Hash
Character-based
mathematical
analysis
File size/content
dependent
Potentially huge
database
File size/content
dependent
Potentially huge
database
Fixed, tunable
size
Smallest
database
Language Support
Language dependent
Language
independent
Language
independent
Endpoint Capable
Not practical
Slow
Huge footprint
Not practical
Slow
Huge footprint
Optimized
Fast
Small footprint
PortAuthority, Vontu,
Reconnex
Code Green
LeakProof
Signature Engine
Comparisons
Algorithm Method
Signature Profile
Company
Trend Micro
Confidential
7/16/2015
Copy-Detection:
Shingling-based
20
Copyright 2007 - Trend Micro Inc.