Add to collection(s) Add to saved
  1. No category
Uploaded by mannkoffi

Endpoint DLP overview

advertisement 
Endpoint Data Loss Prevention
Microsoft 365
Information Protection & Governance
Protect and govern data – wherever it lives
Understand your data
landscape and identify
important data across your
hybrid environment
88
KNOW
%
YOUR DATA
Apply flexible
protection actions
including encryption,
access restrictions and
visual markings
Prevent accidental
oversharing of sensitive
information
PREVENT
DATA LOSS
88
PROTECT
%
YOUR DATA
GOVERN
YOUR DATA
Powered by an intelligent platform
Unified approach to automatic data classification, policy management, analytics and APIs
Automatically retain,
delete, and store data
and records in a
compliant manner
DLP Solution Overview
Comprehensive support across workloads
Exchange
Online
Teams
SharePoint,
OneDrive
Endpoint
Non-Microsoft
Clouds and
SaaS apps
On-prem
file shares
Future: Expand
to non-M365
workloads
Unified and integrated experiences
Guided
onboarding
Unified & flexible
policy management
Integrated with
MIP
Unified alerting &
Remediation
Integrated end-user
experiences
Unified and integrated experiences
End user
Admin
Easy onboarding
-
Cloud native, no on-prem infra required
Out-of-the-box analytics, no policy needed
Tailored experience for policy creation, driven by
insights from analytics (underway)
Unified, flexible
policy management
& enforcement
-
Single console to control movement of
sensitive information across devices, apps,
and services
Rich policy controls
Integrated with MIP classification &
labels
Leverage 100+ sensitive information types,
functions, custom patterns & dictionaries
Labels integrated with DLP policy (preview)
Unified alerting and
remediation
-
-
Notify data officer when sensitive data is
exposed, with rich incident details and triage
SIEM integration – API support to retrieve
audit and alert data, and remediate
Integrated end-user experiences
Native experiences in Office, Windows, Edge,
and other apps helps preserve user
productivity
Easy onboarding
Cloud native, no onprem infra required
Out-of-the-box
analytics, no policy
needed
Tailored experience for
policy creation, driven by
insights from analytics
(underway)
Unified, flexible policy management & enforcement
Configure policies across
devices, apps and services in
the Microsoft 365 Compliance
center
Lorem Ipsum (future locations)
Rich flexibility in configuring
rules and enforcement actions
Integrated with MIP classification & labels
100+ sensitive information types
40+ built-in policy templates for
common industry regulations and
compliance needs.
Labels as conditions in DLP policy
(preview)
Unified alerting and remediation
Alert : DLP rule match detected : “CCN
Rule” in “Sensitive Data Policy”
Rich detail to triage
and remediate
2
This enhanced experience is work-in-progress, not live yet
API support
enabling SIEM
integration
API for analytics, SIEM integration
Available via the Office 365 Management Activity API
•
•
•
•
REST-based API exposing audit events
ISVs can build rich compliance-oriented applications.
Customer data is not accessible unless customer grants consent to application
Documentation here: https://msdn.microsoft.com/en-us/office-365/get-started-with-office-365-management-apis
2 types of DLP events:
DLP event type
Available Data
Non-sensitive
•
•
•
•
•
Sensitive
All non-sensitive data, plus:
• Value of sensitive data (e.g. Visa 4916-6867-9255-1997)
• Context (excerpt of content including 100-300 chars)
Document or Email that triggered the hit
User that triggered the hit
Policy, Rule
Actions taken
Type of sensitive data detected (e.g. Credit card)
Exposed via this Content Type
in Activity API
Required
Permission
Audit.Exchange
Audit.SharePoint
Read Activity Data
for your
organization
Dlp.All
Read DLP policy
events including
sensitive data
Integrated end-user experiences
Built-in experiences in Office, Windows,
Edge, and other apps helps preserve user
productivity
Policy Tips help educate users when they
are about to violate a policy.
Supported across platforms: desktop,
web, and mobile apps.
Integrated end-user experiences
Built-in experiences in Office, Windows,
Edge, and other apps helps preserve user
productivity
Policy Tips help educate users when they
are about to violate a policy.
Available across platforms: desktop, web,
and mobile apps.
DLP enforcement across devices, apps, services
Email & chat
Documents
DLP policies for
Exchange Online,
Microsoft Teams
DLP policies for Office apps,
SharePoint Online,
OneDrive for Business
Cloud services
Microsoft Cloud App Security
DLP policies for sensitive
information in 3rd-party cloud
services
Announcing Endpoint Data Loss Prevention
Identify and protect information on endpoints
Native protection
Built-in to Windows 10, Office Apps, Edge – no agent required
Seamless deployment
Cloud-delivered, lightweight configuration leads to immediate value
Integrated
Integrations (e.g. with Microsoft Information Protection)
build on existing capabilities and focus on risks that matter
Key customer pain points
Friction
Difficult to manage
Effectiveness
On-prem infrastructure
“You can’t protect what you can’t see”
Heavy handed lockdown
Endpoint agent
Complicated policies
Siloed solution
DLP from the ‘outside-in’
Large system footprint
Next generation Endpoint DLP
Quick time to value
Seamless
Data-centric,
Risk-aware
Seamless
Cloud delivered
Built into Microsoft apps
No on-premise infrastructure
Reliable and performant DLP from the inside
Built into Windows 10
Plug & play for MDATP customers
No agent on Windows
Just own the license
Quick time to value
Discover sensitive data on devices on day 1
•
Audit activity of common file types with rich context
•
Data classification without any policy
•
Data driven policy orchestration
Integrated to MIP
•
Managed through Microsoft Compliance Center
•
Single click extends existing DLP policies to devices
Data-centric,Risk-aware
Data-centric protection
•
Content-centric auditing and enforcement
•
Apply sensitivity label and encryption (future)
DLP
Threat Protection
•
Prioritize incident response based on data sensitivity
•
DLP sensors and data exfil detection in MDATP
•
Risk-aware DLP policies (future)
•
Serves as Insider Risk Management endpoint sensor
Demo
Video
Endpoint Data Loss Prevention
Identify and protect information on endpoints
Native protection
Built-in to Windows 10 (1809+), Office Apps, Edge – no agent
required
From private preview customers
Seamless deployment
Cloud-delivered, lightweight configuration leads to immediate value
Integrated
Integrations (e.g. with Microsoft Information Protection)
build on existing capabilities and focus on risks that matter
Public preview
GA
July 30 (ETA)
Q4 CY20
“Deployment is a breeze”
“It plugs into my M365 DLP ecosystem”
“Bridges the visibility gap for data
on endpoints”
Endpoint Data Loss Prevention
Technical Requirements
Operation System
Windows 10, builds 1809 and up.
License
•
Microsoft 365 E5/A5
•
Microsoft 365 E5/A5 Compliance
• Microsoft 365 E5/A5 Information Protection and Governance
•
Microsoft 365 E5 Information Protection + DLP (add-on)
Endpoint DLP Licensing
•
•
•
•
Microsoft 365 E5/A5
Microsoft 365 E5/A5 Compliance
Microsoft 365 E5/A5 Information Protection and Governance
Microsoft 365 E5 Information Protection + DLP (add-on)
Microsoft 365 E5 Compliance
Pre-req: M365 E3/A3 or Office 365 E3 + EMS E3
M365 E5 Info Protection & Governance
Information Protection and Governance:
•
Records Management
•
Rules-based automatic classification
and retention
•
Machine Learning-based automatic
classification and retention
Microsoft Cloud App Security (MCAS)
M365 E5 Insider Risk Management
Insider Risk Management
Communication Compliance
M365 E5 eDiscovery and Audit
Advanced Audit
Advanced eDiscovery
Information Barriers
Customer Lockbox
Privileged Access Management
Communication DLP (Teams chat)
Endpoint DLP
Customer Key
Advanced Message Encryption
Pre-req: Any M365 plan or [any Office 365
plan + Azure Info Protection Plan 1/EMS]
Pre-req: Any M365 or Office 365 plan
Pre-req: Any M365 or Office 365 plan
See Microsoft 365 licensing guidance for security & compliance for detailed guidance and license perquisites
Endpoint DLP Roadmap
Improvements to MIP integration
Data-centric protection
Cross-Platform, cross-browser
Enhanced visibility
Data-aware threat protection,
Risk-aware DLP policies
Advanced data classification
Q&A
Thank you!
Related documents
Google Classroom Notice - Daily Learning Plan
Google Classroom Notice - Daily Learning Plan
Advanced Computing Security
Advanced Computing Security
Monthly News, updates, and tips from the SecureCarolina project team April 2015
Monthly News, updates, and tips from the SecureCarolina project team April 2015
Data Centric Security - Information Technology and Management
Data Centric Security - Information Technology and Management
Week 1: Unit One: Fiction and Nonfiction. Week 2 and 3: Week 3 and
Week 1: Unit One: Fiction and Nonfiction. Week 2 and 3: Week 3 and
Download
advertisement