web analytics

Archive for the ‘DLP’ Category

Cloud-native as the Future of Data Loss Prevention

Data loss prevention (DLP) is one of the most important tools that enterprises have to protect themselves from modern security threats like data exfiltration, data leakage, and other types of sensitive data and secrets exposure. Many organizations seem to understand this, with the DLP market expected to grow worldwide in the coming years. However, not all approaches to DLP are created equal. DLP solutions can vary in the scope of remediation options they provide as well as the security layers that they apply to. Traditionally, data loss prevention has been an on-premise or endpoint solution meant to enforce policies on devices connected over specific networks. As cloud adoption accelerates, though, the utility of these traditional approaches to DLP will substantially decrease.

Established data loss prevention solution providers have attempted to address these gaps with developments like endpoint DLP and cloud access security brokers (CASBs) which provide security teams with visibility of devices and programs running outside of their walls or sanctioned environments. While both solutions minimize security blind spots, at least relative to network layer and on-prem solutions, they can result in inconsistent enforcement. Endpoint DLPs, for example, do not provide visibility at the application layer, meaning that policy enforcement is limited to managing what programs and data are installed on a device. CASBs can be somewhat more sophisticated in determining what cloud applications are permissible on a device or network, but may still face similar shortfalls surrounding behavior and data within cloud applications.

Cloud adoption was expected to grow nearly 17% between 2019 and 2020; however, as more enterprises embrace cloud-first strategies for workforce management and business continuity during the COVID-19 pandemic, we’re likely to see even more aggressive cloud adoption. With more data in the cloud, the need for policy remediation and data visibility at the application layer will only increase and organizations will begin to seek cloud-native approaches to cloud security.

What is cloud-native data loss prevention?

The explosion of cloud technologies in the past decade has brought new architectural models for applications and computing systems. The concept of a cloud-native architecture, while not new, is a development that’s taken off in the last five years. But what exactly does cloud-native mean, and how can it apply to security products like data loss prevention (DLP)?

Cloud-native describes a growing class of platforms that are built in the cloud, for the cloud. True cloud-native data loss prevention is defined by the following features:

  • Agentless. Cloud-native DLP solutions aren’t deployed as software programs that require installation, rather they integrate with the applications they secure through APIs. This makes deployment easy and updates to such platforms effortless, without getting end-users or IT involved. 
  • API driven. Central to cloud-native data loss prevention is the API driven nature of such solutions. Connecting with cloud platforms via API means that visibility and security policies immediately apply at the application layer. API-driven solutions can derive platform-specific context & metadata, as well as provide granular, platform-specific actions, versus broad-brush blocking on the network.
  • Agnostic. True cloud-native solutions are platform, endpoint, and network agnostic in that they’re capable of integrating with cloud platforms quickly and can provide single pane of glass visibility across the cloud.
  • Automated. True cloud-native solutions don’t just provide visibility into the cloud, but help automate policies whenever possible. The sheer volume of data that moves through cloud systems combined with the always-on nature of cloud applications means that incidents can happen at any time and will require immediate remediation. Automation ensures that security teams can respond to these as quickly as possible.
  • Accurate. Finally, in order to help security teams process the massive amounts of data in the cloud, cloud-native DLP must be accurate. The accuracy of such platforms is often enabled by the same systems that make them automated — an effective use of machine learning that can quickly and accurately identify when business-critical data has been exposed.

What are the advantages of cloud-native DLP?

When you consider the capabilities listed above, cloud-native DLP is designed to help organizations get a handle on protecting the massive volumes of data moving in and out of data silos daily. With organizations understanding that the security of their data in the cloud is their responsibility, security teams are increasingly investing in tools designed to help them address visibility and policy blindspots. While it might be the case that cloud-native data loss prevention platforms aren’t the only security tools companies choose to invest in, it’s clear that they’ll be one of the most essential parts of their security toolkit.

About Nightfall

Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack & GitHub as well as IaaS platforms like AWS. You can schedule a demo with us below to see the Nightfall platform in action.

“This article is originally posted on Nightfall.ai

DLP

One of the most common definitions for the term DLP (Data Loss Prevention or Data Leakage Prevention) is “systems that identify, monitor, and protect data through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing and recipient/destination and so on) and with a centralized management framework.”

Purpose of this article
Organizations are interested to protect their sensitive data, and DLP provides them with the framework to do that. So far no news… However, the DLP world is a bit more complicated than that and the purpose of this article is to highlight few basic domains and areas that are worth thinking about when considering DLP solutions.

Common Data Locations and States

  • Data in motion – Any data that is moving through the network to destinations outside the local / corporate LAN via the Internet
  • Data at rest – Data that resides in files systems, databases and other storage methods
  • Data at the endpoint – Data at the endpoints of the network (e.g. data on USB devices, external drives, MP3 players, laptops, and other highly-mobile devices)

Examples of sensitive data:

  • Confidential and/or proprietary data, for example: processes, methodologies, development code and etc.
  • Customer and employee data
  • Financial data
  • Data that is regulated by regional and national laws such as HIPAA, SOX and GLBA

Common Data Leakage Channels:
Technical side:

  • Email Traffic – SMTP from mail servers
  • Web mail (Gmail, Yahoo, etc)
  • Uploading files to internet destinations (HTTP, HTTPS, FTP)
  • Posting on internet sites (blogs, social media, forums)
  • Instant messaging (gTalk, MSN, Yahoo, Skype)
  • P2P networks
  • Wi-Fi networks
  • Key loggers, Trojan horses
  • Multiple platform (Windows, Linux, MAC, etc)
  • Application permissions (ERP, database, SaaS platforms, SharePoint)

Physical:

  • Mobile devices
  • Non-encrypted hard drives
  • USB drives (Disk on key, external hard drives)
  • Portable media (CD/DVD, floppy drive, backup tapes)
  • Physical security (hard copy of documents)

Human factor:

  • Lack of employee awareness to security risks
  • Partners, suppliers, temporary employees and visitors
  • Working from home, remote locations, internet cafe

Company’s needs to protect themselves from scenarios as mentioned below:

  • Inadvertent forwarding of email containing product development or business plans to another email recipient
  • An employee extracts data from a secure system and conducts the analysis on a less secure system
  • Sending unreleased pricing information to the wrong email address
  • Customer or competitive information sent by an employee to a third-party for financial gain
  • A disgruntled employee with privileged access to sensitive information acts maliciously and steals information
  • Proprietary information sent to a distributor, who might then forward it on to competitors
  • Backup tapes are stored in a non-secure environment and curious intruder removes the tape to examine the content
  • Incorrect settings of permissions of file and directory structure could allow anyone access the information

DLP solutions prevent confidential data loss by:

  • Monitoring communications going outside of the organization
  • Encrypting email containing confidential content
  • Enabling compliance with global privacy and data security mandates
  • Securing outsourcing and partner communications
  • Protecting intellectual property
  • Preventing malware-related data harvesting
  • Enforcing acceptable use policies
  • Providing a deterrent for malicious users (by creating the possibility of being caught)

How to implement DLP solution:

  1. Perform risk assessment to find out:
    • What type of data exists in the organization?
    • Where is the data located/saved?
    • How valuable is the data to the organization?
    • What type of loss is the organization willing to accept?
    • What are the regulatory and privacy gaps for the organization?
  2. Classify the organization data:
    • Top secret
    • Secret
    • Confidential
    • Restricted
    • Unclassified
  3. Decide what information does the organization would like to search and protect:
    • Pattern, keyword matching and dictionaries
    • Document fingerprinting
    • Database fingerprinting
  4. Prepare data loss prevention plan:
    • How to limit the damage to the organization
    • How to avoid similar incidents from happening in the future
    • How to report to the management, stock holders and media on the current data loss incident
  5. Prepare policies, standards and procedures for handling data loss incidents:
    • Scan HTTPS traffic on the gateway
    • Block data from leaving the organization
    • Encrypt sensitive information inside database
    • Full disk encryption
    • Encrypt data before sending to partners/suppliers
    • Prevent use of portable media
    • Employee awareness training
  6. Deploy the DLP solution:
    • Install a product on the gateway
    • Configure SSL termination – recommended
    • Configure encryption gateway for SMTP traffic – recommended
    • Deploy agents on the end-points – highly recommended
  7. Ongoing monitoring:
    • Review incidents on regular basis (daily/weekly)
    • Fine-tune the product to raise alerts on important incidents and collect all other incidents.
    • Create reports on regular basis to locate top senders/targets
    • Perform data discovery on regular basis (daily/weekly/month) on network shares, servers, end-points, etc.