Data loss prevention, the inadvertent attacker

admin Posted on 7:06 pm

Data loss prevention, the inadvertent attacker

BREAST! Means, Opportunity and Motive. When thinking about the risk of theft, be it a household item, hospital towels, library books, the perfect culprit is the person who has the means to perpetuate the act, the opportunity to do so, and a motive or reason. Surprisingly, most of the scenarios discussed in the world of information security have a parallel in our daily lives. How many times have we suspected an inside job? A homeowner can often detect or control a stranger’s attempt to enter and remove any unauthorized asset. Most likely, he or she will immediately see physical signs of a forced entry. Broken window, door kicked in, etc. Of course, it won’t be so obvious if there were no controls. As a homeowner, we do everything we can to activate our detection, detection, and prevention mechanisms when they are needed. The game changes if one does not have policies around who visits our home, what they can do in our home, how our valuables are managed in our home, and how much access that visitor has.

A visitor to your home is automatically authorized. They are given permission to be there. They are inside. Now suppose you have valuables scattered everywhere. How difficult would it be to know if that visitor left with his jewelry? Now let’s transfer this understanding for a minute to a network that has (authorized) employees, assets (financial data, personally identifiable information, intellectual property), and last but not least, a reputation to protect. The scope gets much bigger, but the concept remains the same. The infiltrator is the most dangerous to your home or network environment if not managed properly.

Gartner estimates that 70 percent of security incidents that actually cause business loss, rather than mere disruption, involve insiders. This finding should not surprise anyone.

Once again, back to the homeowner. There are things we do to protect our assets and mitigate the likelihood that they will be lost or compromised.

1. Family members are aware of the assets we have, their value, the impact on the family if they are lost. Children, for example, are trained on how to use, activate and deactivate the controls.

2. There are rules, written and unwritten, about who can be brought into the house.

3. There are policies about acceptable behavior and repercussions for misbehavior.

4. Certain information is not available to certain people, they need to know.

5. None of the above is new to anyone who has ever owned anything.

Today, with cyber breaches on the rise, we are finally tackling the most basic and obvious problem in business, the unintentional insider threat. Finally, we are seeing an acceptance of the fact that we cannot relegate cybersecurity to so-called “smart devices” if our approach to data security is not intelligent. It is evident that for a long time we focused on the outside attacker while in the back seat, the inside.

How nice it is to finally see products that put an emphasis on the interior being released. I recently started seriously looking at some Forcepoint (formerly Websense) products and came to the conclusion that someone there got it. I’m talking about Stonesoft NGFW, Sureview Analytics and Triton Risk Vision. I’m a big fan of the Next Generation Firewall. This amazing solution combines intrusion prevention, evasion prevention, and application control. It features a very easy-to-use interface and a wealth of information tied into a logical layout. Attacks have gotten more sophisticated, so a tool with proven ability to identify advanced techniques is a no-brainer for any organization.

Being a musician, the name Triton immediately caught my eye. The flagship product is the Triton. Just love it!

My favorite from Forcepoint is Sureview Insider Threat. A lot can be said about this tool. Here is a short list of what it does.

* Tracks endpoint system and user activity

* Reference “normal” activity throughout the organization

*Exposes and quantifies risk through user behavior analysis

*Enables anomaly investigation with embedded and registered data sources

*Provides incident playback, including full event endpoint video recording

*Detects policy violations hidden by encryption, whether in web traffic, email or attachments.

Another well thought out offering is Triton Risk Vision. This is as close to Artificial Intelligence as one can get. Integrated file sandboxing, behavioral analysis, threat intelligence, and a host of cutting-edge technology. In short, I believe that the Forcepoint solution is the ideal tool for the cybersecurity student. I vote to have this implemented in school/classroom safety training.

Leave a Reply

Your email address will not be published. Required fields are marked *