賽門鐵克DLP方案介紹_第1頁
賽門鐵克DLP方案介紹_第2頁
賽門鐵克DLP方案介紹_第3頁
賽門鐵克DLP方案介紹_第4頁
賽門鐵克DLP方案介紹_第5頁
已閱讀5頁,還剩58頁未讀, 繼續(xù)免費閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報或認(rèn)領(lǐng)

文檔簡介

Symantec?

Confidenceinaconnectedworld

Symantec數(shù)據(jù)防泄密技介

海波

Haibo_yan@

Agenda,Symantec,

Vontu的及爭分析

Vontu的硬件配置需求

?如何排除常異

LiveDemo&BestPracticePolicy

2

It'sAboutTheDataSymantec.

DataLossPrevention力,Symantec?

/

CustomerDataCorporateDataIntellectualProperty

機密數(shù)據(jù)?型NationalIDNumbersFinancialsSourceCode

CreditCardNumbersMergersandAcquisitionsDesignDocuments

ProtectedHealthInfoEmployeeDataPricing

內(nèi)部的威

失爭

■力

信譽/公的尬

"Ifseparatecategoriesconcernedwiththelossofcustomerandproprietarydataarelumped

together,however,thenthatcombinedcategorywouldbethesecondworsecauseoffinancialloss."

Source:CSIComputerCrimeandSecuritySurvey2007

,Symantec,

-每400封件中就有1封包含機密信息

-每50份通ra的文件中就有1份包含機密數(shù)據(jù)

-50%的USB中包含機密信息

-80%的公司在失筆本后會生泄密事件

在美國平均每次數(shù)據(jù)泄密事件致的失高達(dá)630萬美金

(PonemonInstitute,2007)

-數(shù)據(jù)泄漏致客流失的比例正在以每年11%的速率上升

SOX,HIPPA,PCI以及中國的企內(nèi)控基本范都要求企保機密信息

信息保正日益成安全管理和控制的核心內(nèi)容

OOOOOOOOOOOOOO

Askyourself,Symantec?

Where機密數(shù)據(jù)存放在那里?

How機密數(shù)據(jù)是怎被使用的?

How我是如何防止數(shù)據(jù)失的?

Agenda,Symantec?

Vontu可以幫助您…,Symantec?

A

機密信息在什位置數(shù)據(jù)在網(wǎng)中如何流?如何來防止數(shù)據(jù)泄漏?

DISCOVERYMONITORINGENFORCEMENT

DATALOSSPREVENTION(DLP)

8

VontuDLP8ArchitectureSymantec.

Vontu

Network

DiscoverVontu

Network

Vontu

Monitor

Network

Protect

FileserversMonitor:9

DatabasesSMTP

CollaborationplatformsVontu

EnforceHTTP

WebsitesPlatformIM

、Laptops/desktopsFTP

AnyTCP-based

Policies

Vontu

EndpointWorkflow

DiscoverVontu

ReportingNetwork

VontuPrevent

EndpointAdministration

Prevent

DiscoverdataMonitor/block:

MonitordatadownloadsSMTP

Monitor/blockUSB,HTTPandHTTPS

CD/DVD

FTP

SecuredCorporateLANDMZ

,Symantec.

Confidenceinaconnectedworld.

HowItWorks?

DataLossPolicies,Symantec?

Vontu

Network

Discover

Vontu

Network

Protect

Vontu

Enforce

Platform

Vontu

Endpoint

Discover

Vontu

Endpoint

Prevent

Disconnected

SecuredCorporateLAN

11

數(shù)據(jù)防泄密策略Symantec.

DataLossPolicy

?自定?策略或者從60

+策略模板中?取

保存在Enforce月艮■

器上,并且及■推送

到Detection服,器

響???

1.兩方法探,通知

字,數(shù)據(jù)符,正表達(dá)式,文件?送件到件人,上理,IT管理

?屏幕出消息框

2.指數(shù)據(jù)

匹配到的文件

?構(gòu)化數(shù)據(jù)

?系日志告警

?機密數(shù)據(jù),件人和收件人?阻止

?非利化數(shù)據(jù)?SMTP,HTTP/S,FTP,USB,CD/DVD等

?相似度匹配■修改

?And/or/if運算,包括exception?修改機密信息文件

,檔文件

12

網(wǎng)控和保,Symantec,

取I?

Broadprotocolcoverage

TrueMatch?detection

Integratedreporting

■控阻止

全面控,包括email,web,IM,FTP,PTP,■全面的防,包括SMTP,HTTP/S,andFTP

和通常的TCP?可的件路由和加密

基于名的(不根據(jù)文件型),與Web2.0websites和用無交互

自的sender/manager通矢u?MTA以及WebProxy集成(MTA:SMTP

準(zhǔn))

,再教育工

更新中斷的流程(其他的數(shù)據(jù)安全管理方

式都會中斷流程)

,Symantec?

Vontu

Network

Discover

Vontu

Network

Protect

Vontu

EnfoPlatf

ormrce

Vontu

Endpoint

Discover

Vontu

Endpoint

Prevent

Disconnected

SecuredCorporateLAN

HowNetworkPreventforEmailWorks,Symantec?

Vontu

行件,如果件反Network

了策略籽會被修改Prevent

MTA將件Vontu服器將

路由到件送回MTA

Vontu服器?

件服器將件到

MTA

端用送件

Internet

MTA

端用Email服器

如果件沒有被修改,MTA會將他送到外

部。如果header被修改了,MTA會作出反

:隔離,重路由,告警或者棄

CorporateLANDMZ

HowNetworkPreventforWebWorks,Symantec?

v9-EnforceDemo-BetalVM▼W▼-&

個uhttps://enforg&x

VVontuDataLossPreventionAdministratorlogoutIprofllelhelp

AllRepo版]Netwofl'

ReportsReportRun7/6/09-1:20AM區(qū)西

IncidentSnapshot00003142

SavedReports

Status?INew▼ISeverityHigh▼\VP曲i「后|Report▼

MainDashboard

BusinessUnitthenPolicyRemediation改由恬JLaunchIny^tigati咀jNo的蜘and熾J

GlobalNetworkIncidents

Policy的\比卜

HighestRiskEndpoints

_JEmail/SMTPCustomerDataProtection260?

UserJustificationsByPoky(SSN$)[viewuoIlM

VIncidentContext

機宓

ServerVontuMonErOne

NetworkAgentResponse?MessageBlocked

CorrelationsFind聊ar

Exec.Summary-NetworkOccurredOn9/15/07-11:55AM

ReportedOn3/15/07-11:55AMValue#Ina&nh伸da”/7/30All

Incidents?All

Incidents?NewMachineIPS?rickf

(Corporate)

PolicySummaryiuser@>acme,com0027

Senderluser@

PolicyRecipientlNrr@anothen:cmpany,cc>mRKipieni

larry@anothercompany.com0025

PoliciesSubject$$n

AttachmentsSublet

ResponseRules

苞CustomersForPfocessinqWest,xkssn004

DiscoverTargets

、MessageBody

DiscoverServersCustornersForProcessing-West.xl0011-

ProtectedContent

Policy

ExactDatariirknmftrRabaDr^erUnnfUGIr'?Q-<

??趀nOriqinXMe$56qe

IndexedDocumentsAttributesQuS

AttributeValue

,CListomersForProcessing?West.xls159Matches

AdministrationEmployeeInfo

EtnployeeID63M21

...420-08-353030809RAULPA5HAL46844519864999308000...om

System(930)750-079153395-9820dOIeNxBJcB650-22-089330811ORALEISURELastWsme螞

4132673384929420G006...om(293)561-780729795-8233ZEUtDkPkNj

OverviewFirstN軸eJoe

561-97-251430812JAMESHINTZ48033316978195400004...om(714)803-9738

Events03706-1340kelcCsttij203-36-929330813GOLDIEPURVIS4409094843938080PtioneNuirib&r415M55-7662

E0…om(693)473-072215222-7590HwbwUgKGqD373-18-266030814SUSAN

AlertsEmptoy.eeEmail

WILLIAMS4083121379497770E...rg(795)656-890635020-5521DHaNHERKoc

Traffic

156-65-870330816MEITOKAR4915759347313980H00658...rg(503)627-1556VHistory例

WebArchive54724-8334KlssvmSnob627-12-928830817DANIELSMITH4718214769659850

FOO...om(288)878-261652330-7274vjhqstGEan178-52-615130818HAZEL3/15/07AdministratorNotificationSent上

HANSEN4836195836003030G00...om(751)998-894946561-9934ExrcVIkyUT-11:57Incidentnotificationsentto

Agents098-01-826330819JOSEPHNICHOLS4468381105299690A...om(463)501-6809AMjmanager@.

22348-6262BxUsvEZkAe501-15-659230820VIRGINIACAMACHO

AgentManagementConsole3/15/07AdministratorNotificationSent

4855420530088610...om(792)972-188090980-4172JHYkcHEhJs572-85-3278

Overview30821JOHNTHOMPSON4501523428889320E0...om(278)469-618141334-0064-11:55Incidentnotificationsentto

kvJGGusOfP469-94-073630822PETERCLARK4608121971967830B002..,omAMrTSecurity@.

Events

(936)554-446448795-6024ucaTOWOLHY354-83-196430823OSCARFERGUSON

3/15/07AdministratorNotificationSent

4029460039835530A...om(964)205-188499656-5757uBEckPdYim405-61-0672

-11:55Incidentnotificationsentto

Settings30824BESSIEHOLZHAUER4270959499061360...rg(472)947-823627894-6559

titccccr?.c、.??-tcr,c—JAMnKAr(?h.arrnprnrn

VontuDataLossPreventionfroaSyMantccWindowsInternetExplorer匚洞區(qū)

v

ho.P:://iOSS1.243/ProtectMono<er7Inci<ientDet&ildo?value(v*riablol)=incident,id&value(operatorl)=ixt&v?lue(op?randl)=63.e證書罐誤▼,公

女件(E)翱蜴CE)查看9收就夾(A)工具d)幫助(M)

6VontuDataLossPravontionfromSynantoc號■",?-頁面9,工具?)▼

VontuDataLossPreventionAdmini?tr?toclogoutIprofileIMo

AURcpoQ]上午必3)

ReportsIncidentSnapshot00000063teportRun9/13/03-7:57

SavedReportsStatus?PrsvIJfaext)1Rjeport

INYD

Remediation

VNetwork

Exec.Summary-Network

IDO

Inodents?Al?HTTP

100

Incidents-NewVIncidentContext

PokeySummarymcidenr..mor?tot.id厘Htortor

StatusbyPokyVCorreiations

incident*date9/18/08-7:28上午

HighRskSenders?Last30DaysV?lu*"Ino

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論