Websense-数据防泄露方案与应用介绍

•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyleTRITON数据安全模块三个简单步骤部署数据泄漏防护1•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle外设管控入侵防护磁盘加密邮件加密URL过滤它们有什么共同特点无法感知内容访问控制您的网络中已部署了哪些解决方案？•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle以集中策略为基础，采用深层内容分析，对静态数据，动态数据及使用中的数据进行识别，监控，保护的相关产品。RichMogull–数据泄漏防护？引用Gartner前任DLP分析师•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyleIdentify•PCPD•PII•PHI•PCI-DSS•HIPAA•SOXMonitor•Network•SMTP,HTTP,FTP•Endpoint•Email,Web,USB,Apps,Printing•Storage•DB,Mailbox,FilesShares,SharepointProtect•Block•Quarantine•Encrypt•QuarantineThenEncrypt•NotifyandAlert•ConfirmandJustify•Remediation3个简单步骤TRITONUnifiedSecurityCenterCentralPolicyFrameworkandReporting•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle数据识别技术5WebsenseDLPSolution•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle•超过1,400个策略规则且仍在不断增加•内建针对不同数据类型和法规的模版•使用地理区域和行业过滤器，快速找到相关模版出厂默认策略模版•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle•PreciseID™–PreciseID™NaturalLanguageProcessing自然语言分析处理(任意数据)–PreciseID™FingerprintingforDatabaseRecords数据库记录指纹(结构化数据)–PreciseID™FingerprintingforFileandDirectories文件和目录指纹(非结构化数据)PreciseID™数据识别技术•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle•任意数据–什么是您的敏感数据？•同一行业内的敏感数据是独特的•没有任何两个企业的敏感数据是完全相同的–提供PreciseIDNLP策略定制•允许准确识别•定制策略服务，为特定客户需求创建定制策略•由Websense安全团队设计并测试•高度灵活–足够的工具箱，用于描绘敏感数据–借用准确度高的预定义策略来搭建8PreciseID™NaturalLanguageProcessing自然语言分析处理业界唯一，来自Websense•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle•智能(基于状态的)检测–检测多次发生的少量数据泄漏•可配置具有一定时间跨度的策略•检测多个事件结果的叠加可能导致的大量数据泄漏的问题–管理员可以管理业务策略，而不单单是事件9PreciseID™NaturalLanguageProcessing自然语言分析处理业界唯一，来自Websense•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle•数据库记录中的结构化数据–仅需简单指定需包括的字段–采用ODBC或CSV与数据库连接•直接从数据库中提取指纹•当数据库增长时，执行增量指纹更新•不必将内容拷贝至外部文件，增加敏感数据潜在暴露风险–适用于所有通道PreciseID™Fingerprinting指纹•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle•文件和文档中的非结构化数据–来自文件共享/Sharepoint–精确vs.部份内容匹配，抵抗内容伪造–可同时应用于网络与终端通道–在终端上完成数据分析•无论在线或是离线•无需敏感数据在网络中穿越分析–轻量化•1,000:1压缩比(1KB指纹可识别1MB数据)PreciseID™Fingerprinting指纹•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle采用逻辑条件混合内容分类器•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle网络监控13WebsenseDLPSolution•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle•单条策略—所有可适用的通道•一条策略可被应用至单个通道，也可应用于所有适用的通道–邮件–Web(网络/终端)–打印机(网络/终端)–终端•局域网共享•移动存储(+临时加密)•终端应用程序(浏览器,CD刻录应用,FTP,即时通讯,P2P及其他更多)–剪切,复制,粘贴,文件访问和PrtSc*•简化策略创建和部署•监控其他通道时无需重新建立策略监控使用和传输中的数据•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle保护(强制执行)WebsenseDLPSolution•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle补救措施–动态数据•多项内建补救措施，适用于多个通道–事件记录–告警通知–允许通过–阻止–网络•邮件隔离•邮件加密•邮件隔离&加密，释放–终端•终端－确认•终端－临时加密移动存储上的数据•其他措施–补救脚本•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle•定义违反特定规则后的响应动作–每个通道分别定义细粒度的响应–支持响应脚本，提供更好的灵活度和扩展性•可根据严重性定义不同的响应动作–不同的违规严重性可应用不同的响应动作动作计划•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle集中管理与报告18WebsenseDLPSolution•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle事件管理—详细事件列表•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle•关注验证产品或解决方案概念–通常更注意“漏报”而非“误报”•―系统没能检测到18位中国身份证号！‖–厂商在PoC时往往将策略敏感度调致最宽•真实世界部署–误报将严重破坏业务流程•―系统检测到545654361121441233,这只是随意的18位数字，而非真正的中国身份证号码!‖–PoC中使用的过于宽松的策略敏感度由于误报太高而根本无法使用区别对待：产品测试vs.真实世界部署•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle21管理数据泄漏防护的多个方面WhoHumanResourcesCustomerServiceFinanceAccountingLegalSalesMarketingTechnicalSupportEngineeringWhatSourceCodeBusinessPlansM&APlansEmployeeSalaryPatientInformationFinancialStatementsCustomerRecordsTechnicalDocumentationCompetitiveInformationWhereBenefitsProviderPersonalWebStorageBlogCustomerUSBSpywareSiteBusinessPartnerCompetitorAnalystHowFileTransferInstantMessagingPeer-to-PeerPrintEmailWebAuditNotifyRemoveQuarantineEncryptBlockRemovableMediaCopy/PastePrintScreenActionConfirm•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel»FifthlevelClicktoeditMastersubtitlestyle内置设备之间的负载分担•为了保证设备的高效稳定运行，Websense甚至可以基于协议进行设备间的负载分担•ClicktoeditMastertextstyles–Secondlevel•Thirdlevel–Fourthlevel