• Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

    Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily...
  • miniLock - Open Source File Encryption Tool from CryptoCat Developer

    It’s the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as...
  • A BEGINNERS GUIDE TO HACKING UNIX

      *************  *       A BEGINNERS GUIDE TO:        *  *        ...
  • CASH! CASH! Hacking ATM Machines with Just a Text Message

    As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million...
  • Microsoft Word Zero-Day Vulnerability is being exploited in the Wild

    Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the...
  • Snoopy Drone Can Hack Your Smartphones

    The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for...
  • Android Privilege Escalation Flaws leave Billions of Devices vulnerable to Malware Infection

    Android - a widely used Smartphone platform offered by Google is once again suspected to affect its users with malicious software that puts...
  • Introduction to Netcat

    Introduction : So I was messing around on the internet and came across a tool called Netcat.  I've been messing with it for a couple of...
  • Google Nexus phone vulnerable to SMS-based DOS attack

    Google’s Nexus Smartphones are vulnerable to SMS-based DOS attack, where an attacker can force it to restart, freeze, or lose network...
  • Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

    A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability...

Tuesday, 15 October 2013

Top 3 Focus Areas that can help you in Data Loss Prevention

One of the most intimidating issues that gives nightmares to IT teams across organizations is data breaches or data loss. Typically, data loss happens when security is compromised and corporate sensitive data is accessed. It might fall under any of these categories:
  • Unauthorized, intentional or unintentional exfiltration of confidential information
  • Data spill or data leak
This can happen due to external security attacks like malware, hacking or sometimes even from an internal source such as a disgruntled employee. This calls for a data loss prevention (DLP) system in place that would help you contain and avoid the loss of data.
Data loss happens in many stages and can be broadly categorized into three categories:
  • Data in Motion: Data that moves through the network to the outside, in most cases using the Internet
  • Data at Rest: Data that rests in your database and other provisions for storage
  • Data at the Endpoints: Data at the endpoints of your network, say, data on USB and other plugged-in devices.
What is Data Loss Prevention?
DLP is a strategy to make sure that your sensitive data don't move outside of your network. It helps you reduce the risk of the disclosure of confidential information. With the continuous increase in cybercrime, it becomes all the more necessary to protect data breach across various stages. 

Here are some focus areas that can help you minimize data loss:

1. Identify the Top Data Loss Scenarios
If you look into all the data loss scenarios thus far, you will be able to cull out a pattern as to which are the ones that have had the highest impact. Also there may be relatively minor data loss incidents but it might be occurring multiple times in a day.

Action item: Identify and classify data based on their sensitivity and keep an eye on their flow within the network and outside. Your classification can be based on the type of data as well, for example, customer data, financial data, etc. Once this is done, based on your security and compliance requirements, you need to build security policies. It is advisable to use a SIEM security tool that will correlate and alerts you in real time upon any security breach.

2. Actively respond to Security Incidents
Once the radar is lit up, security events, tend to pile up thick and fast. It is important to have a dedicated methodology to analyze and respond to all valid security events.

Action item: As you begin to monitor the log events in real time, you would be able to quickly spot security threats. You can deploy an efficient log management tool with active response technology that can help you mitigate and remediate violations and deliver automated responses based on the security incident.

3. Comply with Policy Regulations
If you are handling sensitive and confidential information, you need to be compliant with policy regulations such as FISMA, PCI DSS, HIPAA, etc. Based on the industry in which you operate. For example, if your business involves payment card transactions, you need to be PCI compliant as you are responsible for protecting the cardholder data when you receive it.

Action item: If you are PCI Compliant you need to encrypt the cardholder data with at least a 128 bit SSL certificate to meet this standard. It requires constant assessment and reporting and employees across different levels should get involved to make it effective. SIEM tools help you quickly uncover compliance policy violations by identifying attacks, and highlighting threats with real-time log analysis and powerful cross-device and cross-event correlation covering your entire infrastructure.

SolarWinds Log and Event Manager (LEM) help you quickly uncover policy violations and performs multiple event correlation to understand relationships between dramatically different activities. With it’s with real-time log analysis and powerful cross-device/cross-event correlation, LEM lets you effectively identify and respond to threats in real time, rather than being reactive.

LEM also provides over 300 pre-built “audit-proven” templates so you can easily generate and schedule PCI and other regulatory compliance reports, as well as customize reports for your organization's specific needs.

No comments:

Post a Comment