Securing Organizations Confidential Data with Data Loss
Prevention Systems
Data leakage prevention is one of the key topics which
we have been talking in present. Due to the organizations moving towards big data,
financial systems, ERP and other data storage solutions which resides in cyber space, we
have seen increasing number of frauds associated with the technology revolution
in the cyberspace. It’s all about data.
This post highlights the threats and the counter measures, so
we can protect the sensitive personal data. I prefer the approach of “ Trust but
verify model ”. Because if the statistics are speaking most of the
malicious attacks are carried out with the involvement of the internal users.
Therefore we have to protect the data aligning with the security standards and
countries privacy laws. In my point of view there should be a
balance between security measurements and privacy.
Potential Threats
ID Theft Tops FTC's List of Complaints
•
For the 5th straight year, identity
theft ranked 1st of all fraud complaints.
•
10 million cases of Identity Theft annually.
•
59 percent of companies have detected some
internal abuse of their networks
Top 10 Most Frequent Incidents
- Patient
PHI sent to partner, again, and again
- Employee
401k information sent outbound and inbound
- Payroll
data being sent to home email address
- Draft
press release to outside legal council
- Financial
and M&A postings to message boards
- Source
code sent with resume to competitor
- SSNs…and
thousands of them
- Credit
Card or account numbers….and thousands of them
- Confidential
patient information
- Internal
memos and confidential information
Data Loss Prevention - Three Key Customer Challenges
- Where
is my confidential data stored?–
Data at Rest
This address the data storage and databases. - Where
is my confidential data going?–
Data in Motion
This address the data leakage protection which is done in the network layer. - How
do I fix my data loss problems? – Data Policy Enforcement
Why Data Loss Prevention is a Priority
•
Compliance
•
Brand and Reputation Protection
•
Remediation Cost
Unified Data at Rest and Data in Motion Protection
DLP Solutions
Now let’s consider the solution are available to mitigate this and secure your data. DLP solution are one of the sophisticated tool which can use to protect data while having insight of your data. Below I have add some market leading DLPs and some of the features which caught my eye. Mainly most of the DLP have the same features but depending on the vendor the products maturity and few features changes. Mainly in almost in all DLPs the data leakage protection is broken in to three layers. It is the network data protection, storage data protection and endpoint data protection.
Definition
of Data Loss Prevention
Products that, based on central policies, identify, monitor, and
protect data at rest, in motion, and in use, through deep content analysis.
-Rich
Mogull of Securosis
Identify where holes or exit points where leaks may occur
Instant messaging (Yahoo Instant Messaging, Windows Live)
P2P file sharing (e.g. LimeWire case as reported by LA
Times)
Media streaming
Web mail (Yahoo mail, Gmail, Hotmail)
USB storage devices (ZDNet story from UK)
Removable drives
Devices connected through external ports (Firewire, serial,
parallel)
FTP server
Printouts
How data are flagged and identified
Initial predefined policies
Social security numbers
Prescribed in HIPAA, SOX, GLBA, etc.(Bank account numbers,
Credit card numbers)
Customized categories based on client needs
Data Discovery
Looks into the content and not just the file type
Examine context considerations (factor in parent
directories, user group matching)
Structured data matching (SSN, credit card numbers, etc)
Unstructured data matching (diagrams, source codes,
media files)
Fingerprint the data by using one way hash and saved in the
database
Information can then be used to identify confidential data
elsewhere
Three different levels of DLP solution
Data in Motion
Data which uses HTTP, FTP, IM, P2P and SMTP protocols are
mirrored in the DLP server for inspection where visibility is enhanced
Data at Rest
Data in file servers, databases, hosts computers set for
file sharing, etc.
Data at End Points
Data which sits on end user hosts (workstations and
notebooks)
Technical Feature Considerations
Deep content analysis, monitoring and prevention
Identification and blocking capability
Centralized Management
Central policy setting, dashboard features
Broad content management across platforms and ease of
Integration
Review of information infrastructure including software for
requirement and compatibility issues
Automated remediation
Transfer confidential files, LDAP lookup, secure purging of
sensitive data
Business Environment Considerations
Matching with Business Need
Matches defined business need over feature allure
Market Presence
Major presence in the market, financial industry experience
Staffing Needs
Staffing considerations to handle additional
responsibilities
Email Security with DLP
End point Security with DLP
Nowadays DLP Solutions have couple of interesting technologies to provide endpoint Data Leakage prevention methods to assist the upcoming endpoint technologies such as BOYD (Bring Your Own Device).
The below setup is an example of how we can configure endpoint security to the mobile devices in your company network. But to function properly your excising proxy server should support the https decryption. Proxies such Squid, ISA don't support https decryption.
The below setup is an example of how we can configure endpoint security to the mobile devices in your company network. But to function properly your excising proxy server should support the https decryption. Proxies such Squid, ISA don't support https decryption.
DLP Vendor Comparison
Trust but Verify - Threat modeling
At the end of this blog i would like to remind you that DLP another example for the Trust but Threat Verify model as OWASP Threat modeling says. But again we should carefully analyse the pros and cons of the solution before implementing.