Organizations are striving to achieve revenue increases, accelerate digital transformations, and comply with regulatory mandates – all while keeping customer loyalties in check. Achieving all of this is easier said than done. Each of these goals translates into a set of challenges for today’s enterprises.
To name a few, organizations need to deal with
Massive magnitude of data growth
New regulations for data privacy
Increased operational complexities
Lack of skilled cybersecurity professionals
One of the major ways corporations and businesses seek increased revenue is through growth in their network, connectivity, and computational power to maximize the advantages of latest available applications and solutions. All of this means more and more exponential growth of information, as well as sources and consumers of data on the network. Both end-users and enterprises are demanding and placing high premiums on their data being properly protected. Thebecame enforceable in May of 2018, and privacy laws and regulations around the globe continue to evolve and expand. According to latest surveys, one of the most , followed by attaining trained staff to enforce an organization’s cybersecurity mandates. It is clear that the regulations and general actions taken by the security communities are intended to improve the overall data privacy of organizations globally. All of this adds more operational complexity, requirement for skilled cybersecurity professionals, and more complex data communication security. One way to combat this endless cycle is cybersecurity assessment solutions that can provide actionable insight in a scalable manner.
I have covered a number of significant pillars of such solutions in my past blogs, includingfrom a cybersecurity point of view. Getting a handle on state of enterprise sensitive data and security policies that are in place in relation to them is the other important element of a successful security strategy. After all, malicious attackers are mainly after interfering with normal network behavior of the enterprise and/or exfiltrating and extracting data, thereby taking advantage of organization’s sensitive information.
This sensitive information can range from organization’s intellectual properties to consumers’ personal information such as social security numbers, credit card numbers, and so forth. There are security solutions that can be deployed to enforce policies preventing sensitive data to leave or enter the network. Next, we will discuss how one solution fromcan help in proactive assessment of data leak prevention policies.
CF DBA Sensitive Data
CyberFlood Data Breach Assessment is an emulation-based solution that proactively provides in-depth, continuous and automated assessments of an enterprise’s security posture by safely assessing inline security devices with actual attacks, malware, applications and other network data.
One of the categories of threat assessment scenarios provided with this solution is emulation of “Sensitive Data” that may include corporate intellectual properties or end-user private data. This allows organizations to ensure sensitive data does not escape loss prevention policies defined in security solution sensors and filters.
As an example, let’s assume an organization has a policy in place to stop exfiltration of PDF documents that contain social security numbers transported over HTTP. In this organization, similar documents can be exchanged over other transports such as SMTP. We can observe details of an assessment done through CF DBA below.
CF DBA reports the emulated transport of document.pdf containing social security number over HTTP was detected and “Blocked” whereas same document transported over SMTP was “Not Blocked”.
We can confirm above reporting from CF DBA with packet capture in Wireshark (see document.pdf in File Export Objects HTTP … document.pdf).
Also, we can compare that with the policy that was configured and blocked on the security platform, Fortinet Data Loss Prevention (DLP sensor, filter and firewall policy that includes the DLP sensor).
The event that was triggered above and was reported as “Matched” can be verified too (Splunk logged the event corresponding to the file transfer over HTTP).
Using CF DBA allows emulation of file transports that are representative of organization’s sensitive data and intellectual properties to ensure proper security policies are in place. Additionally, users can upload their own proprietary file sets to assess the accuracy of DLP policies in their networks.
Learn more about howcan help in validating enterprise network infrastructure security postures.