1 year ago


data loss prevention

data loss prevention BUILT-IN PROTECTION AT THE HEART OF EVERY SECURITY STRATEGY IS THE OBJECTIVE TO PROTECT SENSITIVE INFORMATION FROM UNAUTHORISED DISCLOSURE. BUT THAT COMES WITH MANY CHALLENGES Whether designing a new security architecture or addressing the requirements of compliance standards, such as PCI-DSS, GDPR, and HIPAA, the best approach to success when evolving a security strategy requires a firm understanding of how various factors within and outside organisations interact with sensitive information. According to Salvatore Sinno, chief security architect, Unisys, there are three key activities that businesses should undertake in order to implement an effective sensitive data protection strategy: Data Discovery: "This is a key step, allowing businesses to identify the scope and complexity of the sensitive data protection task is data discovery, and it is recommended that businesses take an iterative approach towards achieving success. It's impossible to protect all data that flows through a business, and as such they should be selective. For example, businesses are advised to not spend resources protecting information that is classified as public or non-sensitive," states Sinno. Data Isolation: "From the data discovery work stream, businesses should have a good handle on how sensitive information is transmitted, stored and processed. The next key step is to isolate the people, processes and technologies that interact with that sensitive data. For example, the data discovery exercise may uncover that cardholder data traverses an entire network, lives on multiple data repositories (web servers, databases, application servers), and is accessible by a large number of individuals who do not need access to this information. In this scenario, such a large attack surface leaves businesses more susceptible to a breach. Data isolation reduces attack surfaces by using access control and encryption to ensure only authorised systems and users can access sensitive information." Data monitoring: "To avoid the possibility of changes introducing new vulnerabilities, businesses should implement a system that monitors isolated sensitive environments for changes that breach policy objectives," Sinno advises. "This process can be automated by deploying activity monitoring and event management solutions that will learn the baseline configuration and report on anomalies." Data discovery, isolation and monitoring provide businesses with the building blocks for an effective data protection strategy. "Implementation of this iterative approach to sensitive data protection strategy allows businesses to effectively manage the different phases required to achieve success." TARGETED ATTACKS SOAR There is little doubt that, in these times where data has never been more vulnerable to attack, sensitive information is increasingly leaving the safety of corporate networks, as more employees share files over consumer cloud storage services and access those files on their own mobile devices. The number of targeted cyber-attacks is soaring, with cybercriminals developing effective new methods for defeating traditional security measures and stealing corporate information. So how do you manage and protect your information in this challenging environment? And what does a successful data protection strategy look like, in the face of eroding security perimeters, increasing targeted attacks, and evolving user habits and expectations? As Piers Wilson, head of product management at Huntsman Security, readily admits: "Traditional security technology will never stop users falling victim to phishing, social engineering and other attacks based on human weakness or error. Instead, it is designed to be able to prevent the consequences; detecting and removing hostile software before it can cause any harm or data loss can occur. With attackers constantly updating their methods and weapons, the real risk is that traditional security approaches won't recognise a threat until it's too late. Essentially, such technology 12 computing security July/August 2017 @CSMagAndAwards

data loss prevention is like a museum guard that will only take action to spot and remove known thieves, while the smarter attackers will come in disguise or via a completely hidden route." The fact is, he says, traditional approaches simply won't work effectively anymore. "As such, organisations should be looking at monitoring system behaviour for any potentially suspicious activity that could indicate an attack or vulnerability being exploited - whether instigated externally or coming from an insider. For example, if the business detects that a user account accessing data that they shouldn't, they can quickly step in to prevent any harm from being done; whether the activity was an honest mistake or part of a deliberate attack." This approach means that security teams will face hundreds, if not thousands, of potential alerts a day; meaning the real challenge will be triaging to determine which represent true potential threats, and which are false alarms. "As with any other security tool, the more the system can decide for itself what represents a real threat, the easier it will be for security teams to react as appropriate. This doesn't mean that traditional security is surplus to requirements; instead, it should form part of a layered approach to security, anti-virus along with firewalls and more sophisticated analysis, to ensure that all potential routes are covered. This means that, rather than turning up to find an empty case after the heist has taken place (the Hatton Garden burglary), security teams can see an attack coming and take action before the damage is done." SHIFTING FOCUS Instead of focusing on reinforcing networks perimeters, managers should establish what cybercriminals had access to when entering the network; then look at how they can bolster the security around specific elements that put the organisation at greatest risk, suggests Marc Sollars, CTO at Teneo. Some areas he singles out for attention are: Cloud security: "Companies should work closely with their cloud service provider to put in measures to stop unwanted access, however the responsibility is shared. Start by classifying the data and applications that you are putting in the cloud according to criticality and sensitivity. This will enable you to select a provider that can support the different levels of security you require. Ensure that you've taken measures to protect user identity and access control using multi-factor authentication so that only those with permitted access can view your applications and data." Shadow IT: "According to Gartner, 28% of IT spend now occurs outside IT departments. With organisations no longer having full control of their infrastructure, any network user has the ability to install new applications that are managed outside the IT department, without IT being aware. It's common for employees to use cloud storage systems such as DropBox, to potentially transfer data to their personal devices. To combat this, IT managers should use a cloud access security broker (CASB) to safely enable cloud application." Mobile: "IT managers should implement the same security policies across all endpoints - workstations, laptops or mobile devices - and mandate security policies regardless of employee location by understanding application use and associating the traffic with users and devices. The essential consideration is how you make mobile security easy for users. Mobile workforces can enhance security rather than hindering it." Since many cybercriminals can penetrate a network, regardless of perimeter security measures, IT managers need to refocus strengthening the interior elements of the network," concludes Sollars. "By considering individual aspects of the network case by case, you will be delivering the level and type of security each of them requires." Marc Sollars, Teneo: IT managers should implement the same security policies across all endpoints. Piers Wilson, Huntsman Security: traditional security technology will never stop users falling victim. @CSMagAndAwards July/August 2017 computing security 13