spirent.com

How Corporations can Take Control and Secure Sensitive Data

Secure sensitive corporate dataOrganizations are striving to achieve revenue increases, accelerate digital transformations, and comply with regulatory mandates – all while keeping customer loyalties in check. Achieving all of this is easier said than done. Each of these goals translates into a set of challenges for today’s enterprises.

To name a few, organizations need to deal with

  • Massive magnitude of data growth
  • New regulations for data privacy
  • Increased operational complexities
  • Lack of skilled cybersecurity professionals

One of the major ways corporations and businesses seek increased revenue is through growth in their network, connectivity, and computational power to maximize the advantages of latest available applications and solutions. All of this means more and more exponential growth of information, as well as sources and consumers of data on the network. Both end-users and enterprises are demanding and placing high premiums on their data being properly protected. The EU’s General Data Protection Regulation (GDPR) became enforceable in May of 2018, and privacy laws and regulations around the globe continue to evolve and expand. According to latest surveys, one of the most significant challenges for GDPR compliance is meeting data security requirement, followed by attaining trained staff to enforce an organization’s cybersecurity mandates. It is clear that the regulations and general actions taken by the security communities are intended to improve the overall data privacy of organizations globally. All of this adds more operational complexity, requirement for skilled cybersecurity professionals, and more complex data communication security. One way to combat this endless cycle is cybersecurity assessment solutions that can provide actionable insight in a scalable manner.

I have covered a number of significant pillars of such solutions in my past blogs, including proactive hardening of networks and endpoints from a cybersecurity point of view. Getting a handle on state of enterprise sensitive data and security policies that are in place in relation to them is the other important element of a successful security strategy. After all, malicious attackers are mainly after interfering with normal network behavior of the enterprise and/or exfiltrating and extracting data, thereby taking advantage of organization’s sensitive information.

This sensitive information can range from organization’s intellectual properties to consumers’ personal information such as social security numbers, credit card numbers, and so forth. There are security solutions that can be deployed to enforce policies preventing sensitive data to leave or enter the network. Next, we will discuss how one solution from Spirent CyberFlood Data Breach Assessment (CF DBA) can help in proactive assessment of data leak prevention policies.

CF DBA Sensitive Data

CyberFlood Data Breach Assessment is an emulation-based solution that proactively provides in-depth, continuous and automated assessments of an enterprise’s security posture by safely assessing inline security devices with actual attacks, malware, applications and other network data.

One of the categories of threat assessment scenarios provided with this solution is emulation of “Sensitive Data” that may include corporate intellectual properties or end-user private data. This allows organizations to ensure sensitive data does not escape loss prevention policies defined in security solution sensors and filters.

As an example, let’s assume an organization has a policy in place to stop exfiltration of PDF documents that contain social security numbers transported over HTTP. In this organization, similar documents can be exchanged over other transports such as SMTP. We can observe details of an assessment done through CF DBA below.

  1. CF DBA reports the emulated transport of document.pdf containing social security number over HTTP was detected and “Blocked” whereas same document transported over SMTP was “Not Blocked”.
  2. Cybersecurity emulated transport of PDF document

  3. We can confirm above reporting from CF DBA with packet capture in Wireshark (see document.pdf in File > Export Objects > HTTP … document.pdf).

  4. Also, we can compare that with the policy that was configured and blocked on the security platform, Fortinet Data Loss Prevention (DLP sensor, filter and firewall policy that includes the DLP sensor).

  5. The event that was triggered above and was reported as “Matched” can be verified too (Splunk logged the event corresponding to the file transfer over HTTP).

PDF Export packet capture detection

DLP SSN sensor

Cybersecurity emulation of file transports

Using CF DBA allows emulation of file transports that are representative of organization’s sensitive data and intellectual properties to ensure proper security policies are in place. Additionally, users can upload their own proprietary file sets to assess the accuracy of DLP policies in their networks.

Please visit us at www.spirent.com/go/cyberflooddba to learn more about how Spirent CyberFlood Data Breach Assessment can help in validating enterprise network infrastructure security postures.

 

comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.