Securing Cision’s

Confidential Data with Data
Loss Prevention Systems


The Wanderers

Outline of contents

Business Problem and Requirements


Data Loss Prevention (DLP) Solutions


Proposed Solution


Vendor Comparisons and Architecture [Wander]

Company implementation & Conclusion [Scott]

Business Problem

Cision needs the capability to exchange confidential information
securely and easily.

1200 Employees, 30+ offices, 8 countries
 Confidential Data

Credit Card / Client Information
Customer privileged data
Employee personal data
Business Confidential data

Secure data from

Employee Error, Employee Theft

Firewall.Business Solution Requirements Required Meet the Payment Card Industry (PCI) requirements for credit card handling  Prevent client. business or employee data from being incorrectly disclosed internally and externally  Global capabilities with central configuration and enforcement  Out of Scope Anti Virus. Intrusion Detection Systems. Email Spam Filtering  Limited Other legal requirements: No HIPPA or SOX requirements  .

jpg .cam.Source:

in motion. through deep content analysis. based on central policies. and in use. monitor.DLP Background Definition of Data Loss Prevention  Products that. -Rich Mogull of Securosis Other TLAs Data Loss Protection  Data Leak Prevention/Protection  Information Loss Prevention/Protection  Information Leak Prevention/Protection  Extrusion Prevention System  Content Monitoring and Filtering  Content Monitoring and Protection  . identify. and protect data at rest.

DLP Background Identify where holes or exit points where leaks may occur Instant messaging (Yahoo Instant Messaging. serial. LimeWire case as reported by LA Times)  Media streaming  Web mail (Yahoo mail. Hotmail)  USB storage devices (ZDNet story from UK)  Removable drives  Devices connected through external ports (Firewire.g. Gmail. parallel)  FTP server  Printouts  . Windows Live)  P2P file sharing (e.

DLP Background Source: http://securosis.

(Bank account numbers. SOX.DLP Background How data are flagged and identified  Initial predefined policies     Social security numbers Prescribed in HIPAA. credit card numbers. source codes. GLBA. Credit card numbers) Customized categories based on client needs Data Discovery     Looks into the content and not just the file type Examine context considerations (factor in parent directories. user group matching) Structured data matching (SSN. media files)   Fingerprint the data by using one way hash and saved in the database Information can then be used to identify confidential data elsewhere . etc. etc) Unstructured data matching (diagrams.

databases. FTP. P2P and SMTP protocols are mirrored in the DLP server for inspection where visibility is enhanced Data in file servers. hosts computers set for file sharing.DLP Background Three different levels of DLP solution  Data in Motion   Data at Rest   Data which uses HTTP. Data at End Points  Data which sits on end user hosts (workstations and notebooks) . IM. etc.

monitoring and prevention   Centralized Management   Central policy setting. LDAP lookup. secure purging of sensitive data Business Environment Considerations  Matching with Business Need   Market Presence   Matches defined business need over feature allure Major presence in the market.DLP Background Technical Feature Considerations  Deep content analysis. dashboard features Broad content management across platforms and ease of Integration   Identification and blocking capability Review of information infrastructure including software for requirement and compatibility issues Automated remediation  Transfer confidential files. financial industry experience Staffing Needs  Staffing considerations to handle additional responsibilities .

Solution Selection The Selection Given that the business problem of to be able to exchange confidential information securely and easily.  We select Websense as a representative of such DLP solution which has met all criteria mentioned above.  Protects approximately 40 million employees at more than 40. and email security solutions. data  Websense Global leader in integrated Web security.000 organizations worldwide  Core strength in Web filtering. discovery and classification of content  Source: http://www.aspx .  We believe that a DLP solution have the ability to address such need by identifying and securing confidential data in a comprehensive and efficient manner as described in the guidelines above.

DLP Solution: Websense Data Security Suite Data Discovery  Data Protect  Data Monitor  Data Endpoint  .

email servers. such as encryption. etc  370 different types of file definitions  . file removal. data repositories. and desktops to discover and classify confidential data on these systems  Automated remediation of unsecured confidential data on data repositories. databases.DLP Solution: Data Discovery Software-based solution that remotely scans specified network file shares.

 . policy-based enforcement options including block. quarantine.DLP Solution: Data Protection Protects data with policy-based controls that map to business processes  Automated. file removal. encrypt. user notification in real time. audit and log.


who is using the data in real time. and where this data is going  Precise ID technology  .DLP Solution: Data Monitor Monitors and identifies what customer data is at risk.

printer)  .DLP Solution: Data Endpoint Provides endpoint security and control over what confidential data is and should be stored (through local discovery)  Who is using it  How it is being used (with what applications)  Where it is being transferred (USB storage.


DLP Solution: Websense Data Security Suite in Action (Case: Miss Bea Haven) .

Alternative Vendors (Considerations) .

Alternative Vendors (Comparison) Vendor Strengths Weaknesses Symantec Industry-leading network discovery and endpoint protection Supports localization in 16 languages Mature deployment methodology Most expensive enterprise license costs Admin Console is not localized (English only) Websense Robust on network discovery and endpoint protection Supports localization in multiple languages and already has global presence Subscription based or perpetual licensing Most appealing to current WebSense clients wishing to leverage existing products RSA(EMC) Robust on network discovery Providing a broad range of DLP inspection capabilities Document fingerprinting content-inspection capabilities. Weak on endpoint protection Limited localized detection and support .

DLP Solution Deployment Architecture   Windows Enterprise Network 500 – 2.500 Users .

DLP Solution Deployment Architecture   Windows Enterprise Network 500 – 2.500 Users .

000 Totals $90.300 1200 -$16 -$19.Company Implementation Project Implementation Cost Estimates 1st Year Fees / Component Websense Data Security Suites Estimated Discount (25% of list) Implementation Consulting Qty 1200 Price $65 Total $78.000 Hardware $18.575 80 $175 $14.725 Ongoing Fees / Component (Yearly) Websense Data Security Suites Estimated Discount (25% of list) Totals Qty Price Total 1200 $65 $78.725 .300 1200 -$16 -$19.575 $58.


Company Feasibility Requirements Support Requirement Websense Supported Notes Legal Requirements Regional / Language Requirements X X Centralized Administration Auto Identify Confidential Data Limit End Point data actions Industry Recognized Leader X X X X Other Considerations Limitations / Concerns Software sold as subscription software (yearly ongoing costs) Websense cannot detect data within image Will users be able to easily create new controlled data sets Data Privacy rules are regional and may conflict PCI 8 countries .

 Websense meets the requirements  Websense is well positioned to grow with Cision’s future needs.Conclusion Cision needs to add DLP capabilities to their current security solutions to meet the business needs.  Your mileage may vary  .

Questions? Preguntas? Pangutana? Tanong? Perguntas? क्वेस्चन्स? .