Scribd Logo
Upload

Welcome to Scribd!

  • 7453 RSA Data Discovery For Archer - Customer Presentation v4

    Uploaded by

    Tarpan Stefan Alexandru
    22 views19 pages

    Original Title

    7453_RSA_Data_Discovery_For_Archer_-_Customer_Presentation_v4

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views19 pages

    7453 RSA Data Discovery For Archer - Customer Presentation v4

    Uploaded by

    Tarpan Stefan Alexandru

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    READ ME FIRST

    Use these slides in an Archer presentation to facilitate discussions about asset and data discovery
    and information risk management.

    Read the FAQs doc here for more information on how to sell and deploy RSA Data Discovery
    for Archer.

    © Copyright 2012 EMC Corporation. All rights reserved. 1


    RSA Data Discovery for RSA
    Archer
    Gain Visibility Into IT Assets
    Dec, 2012

    © Copyright 2012 EMC Corporation. All rights reserved. 2


    Before Scenario

    Limited view of IT assets Lack of visibility into data


    (data repositories) stored in IT assets

    SharePoint File Server


    PII

    File Servers

    Repositories PCPCI
    SharePoint I

    © Copyright 2012 EMC Corporation. All rights reserved. 3


    Need For Information Risk Management

    Information Security Officer Risk Officer Information Governance Officer

    • Cost-effective audits
    Better Information Risk
    Management Programs • Better information governance
    • Risk based prioritization for security projects

    © Copyright 2012 EMC Corporation. All rights reserved. 4


    RSA Data Discovery for Archer
    • 170+ out-of-the box information classification policies.
    Powerful • Scans organization wide IT assets (100TB+ data).
    Classification Tool • Exceptionally fast scanning (grid based technology)

    • Based on mature RSA DLP technology


    Mature Discovery
    • Purpose built UI for scanning administration
    Technology
    • Supports multiple languages for content analysis

    • Add new assets to Devices Catalog in Archer


    Enrich Archer IT Asset
    • Add information risk rating
    Information
    • Update IT assets with asset type, information type, etc.

    © Copyright 2012 EMC Corporation. All rights reserved. 5


    RSA Data Discovery for Archer

    Risk Officer
    Information Risk
    Management
    Business users • Gain visibility into
    RSA Archer information risk of
    Information Risk Mgmt. Dashboard assets
    • Automate process of
    identifying assets and
    RSA Data sensitive data
    Discovery
    • Simplify information
    Discover Sensitive Data governance

    SharePoint File Servers Databases NAS/SAN Endpoints

    © Copyright 2012 EMC Corporation. All rights reserved. 6


    Data Classification Techniques
    RSA Classification Framework

    File Attributes Identity Analysis Described Content Fingerprinting


     170+ policies
     Keywords  Binary
     File metadata  File owner
     Regex  Full text match
     Headers, etc.  Device owner
     Entities  Partial-text match
     Usage data*  Data owner
     Pluggable entities  Database match

     Logical rule sets

    Contextual Analysis Content Analysis

    © Copyright 2012 EMC Corporation. All rights reserved. 7


    Policy Library & Methodology
    170+ built-in policies you can use Knowledge Engineering

    Sample Profile of a
    Retail Healthcare Telecom/Tech Knowledge
    Engineer
    • PCI DSS • HIPAA • CPNI
    • MA CMR 201 • Caldicott (UK) • Source Code
    • CA AB 1298 • PIPEDA • Design Docs Work Exp: 12 years
    Certifications: 18 regulations
    Languages : Four
    Manufacturing Financial Serv Other Background: Linguistics, artificial
    intelligence, search
    • ITAR • GLBA • NERC technologies
    • Patent Apps • FCRA • Global PII Education: Library sciences,
    • EAR • NASD • 401k & 403b Computer science
    Dedicated Knowledge Engineering team
    develops and maintains policies

    © Copyright 2012 EMC Corporation. All rights reserved. 8


    Built-in Reporting & Dashboards

    Analyze and report on your risk posture in a variety of views

    Discovered Information Reports Information Risk Trend Assets by Risk

    © Copyright 2012 EMC Corporation. All rights reserved. 9


    Key Benefits

    Gain IT Asset • Classify IT assets based on information stored in IT assets.


    Visibility (PII, PCI, HIPAA, PHI, NERC, EU Data Privacy, etc)

    Report Information
    • Report information risk associated with IT assets.
    Risk

    Content-Aware Risk
    • Add content awareness to all risk management programs
    Management

    © Copyright 2012 EMC Corporation. All rights reserved. 10


    2 new ODAs:
    Information Risk
    Information Risk Trend

    © Copyright 2012 EMC Corporation. All rights reserved. 11


    “New” Information Risk tab
    Information Risk tab is introduced under Devices page
    • Displays details about information found on the IT asset along with
    “Information Risk Rating”.

    © Copyright 2012 EMC Corporation. All rights reserved. 12


    Information Risk Reports
    Step 1: Address Lack of visibility
    Step 2: What is the risk of IT asset.
    into IT assets.
    – Check Information Risk Rating
    – What is the asset type?
    – More policy violations => Higher
    – What information is in the IT
    Information Risk Rating
    asset?

    • Step 3: Understand overall information about IT asset.


    – Business context of IT asset + Asset Criticality + Information Risk Rating

    © Copyright 2012 EMC Corporation. All rights reserved. 13


    Step 1: Address Lack of visibility into IT assets.

    Asset “types” discovered Information “types” discovered


    • SharePoint, Lotus Notes, Exchange, • Credit Card numbers (PCI), US Social
    Database, File Server, etc. Security numbers (PII), etc.

    © Copyright 2012 EMC Corporation. All rights reserved. 14


    Step 2: What is the risk of IT asset.
    Check Information Risk Rating
    • How many policy violations were detected -> More Violations => High
    Information Risk Rating

    © Copyright 2012 EMC Corporation. All rights reserved. 15


    Step 3: Understand overall information about IT asset.
    Business context of IT asset + Asset Criticality + Information Risk Rating
    • IT asset ownership (business unit, facility)
    • Is the asset critical for organization
    • What is the information risk associated with the IT asset

    © Copyright 2012 EMC Corporation. All rights reserved. 16


    Information Risk Trends

    What is the information risk trend at What is the information risk trend at
    organization level? business unit level?

    © Copyright 2012 EMC Corporation. All rights reserved. 17


    Thank You

    The Security Division of EMC

    © Copyright 2012 EMC Corporation. All rights reserved. 18


    RSA Data Discovery Scanning Architecture

    Database

    Main Data Center

    SharePoint
    Administrator Secondary Data Center

    RSA Agents

    Note: All RSA Data Discovery components are offered as software Remote Offices

    © Copyright 2012 EMC Corporation. All rights reserved. 19

    You might also like