Tag Archives: Security

Data Loss Prevention (DLP) for Structured Data Sources

When people think of Data Loss Prevention, we usually think of Endpoint protection, such as Symantec Endpoint Security solution, preventing the upload of data to web sites, or downloaded to a USB device. The data being “illegally” transferred typically conforms to a particular pattern such as Personal Identifiable Information (PII), i.e. Social Security numbers.

Using a client for local monitoring of the endpoint, the agent detects the transfer of information as a last line of defense for external distribution. EndPoint solutions could monitor suspicious activity and/or proactively cancel the data transfer in progress.

Moving closer to the source of the data loss, monitoring databases filled with Personal Identifying Information (PII) has its advantages and disadvantages. One may argue there is no data loss until the employee attempts to export the data outside the corporate network, and the data is in-flight. In addition, extracted PII data may be “properly utilized” within the corporate network for analysis.

There is a database solution that provides similar “endpoint” monitoring and protection, e.g. identifying PII data extraction, with real-time query cancellation upon detection, leveraging “out of the box” data patterns, Teleran Technologies. Teleran supports relational databases such as Oracle, and Microsoft SQL Server, both on-prem, and cloud solutions.

Updates in Data Management Policies

Identifying the data loss points of origination provides opportunities to update the gaps in data management policy and the implementation of additional controls over data. Data classification is done dynamically based on common data mask structures. Users may build additional rules to cover custom structures. So, for example, a business analyst executes a query against a database that appears to fit predefined data masks, such as SSN, the query may be canceled before it’s even executed, and/or this “suspicious” activity can be flagged for the Chief Information Officer and/or Chief Security Officer (CSO)

Bar none, I’ve seen only one firm that defends a company’s data assets closer to the probable leak of information, the database, Teleran Technologies, See what they have to offer your organization for data protection and compliance.

Prevalent Remote Work Changes Endpoint Strategy

Endpoints in our corporate environments of prevalent remote working may highlight the need that relying on endpoints may be too late to enforce data protection. We may need to bring potential data loss detection into the inner sanctum of the corporate networks and need prevention closer to the source of data being extracted. How are “semi-trusted” third parties such as staff augmentation from offshore dealt?

Endpoint DLP – Available Breach Tactics

Endpoint DLP may capture and contain attempts to extract PII data, for example, parsing text files for SSNs, or other data masks. However, there are ways around the transfer detection, making it lofty to identify, such as screen captures of data, converting from text into images. Some Endpoint providers boast about their Optical Character Recognition (OCR), however, turning on this feature may produce many false positives, too many to sift through in monitoring, and unmanageable to control. The best DLP defense is to monitor and control closer to the data source, and perhaps, flag data requests from employees, e.g. after SELECT statement entered, UI Pops up a “Reason for Request?” if PII extraction is identified in real-time, with auditable events that can flow into Splunk.

Cloud-native as the Future of Data Loss Prevention – Nightfall AI

An interesting approach to Data Loss Prevention (DLP)

Data loss prevention (DLP) is one of the most important tools that enterprises have to protect themselves from modern security threats like data exfiltration, data leakage, and other types of sensitive data and secrets exposure. Many organizations seem to understand this, with the DLP market expected to grow worldwide in the coming years. However, not all approaches to DLP are created equal. DLP solutions can vary in the scope of remediation options they provide as well as the security layers that they apply to. Traditionally, data loss prevention has been an on-premise or endpoint solution meant to enforce policies on devices connected over specific networks. As cloud adoption accelerates, though, the utility of these traditional approaches to DLP will substantially decrease.

Established data loss prevention solution providers have attempted to address these gaps with developments like endpoint DLP and cloud access security brokers (CASBs) which provide security teams with visibility of devices and programs running outside of their walls or sanctioned environments. While both solutions minimize security blind spots, at least relative to network layer and on-prem solutions, they can result in inconsistent enforcement. Endpoint DLPs, for example, do not provide visibility at the application layer, meaning that policy enforcement is limited to managing what programs and data are installed on a device. CASBs can be somewhat more sophisticated in determining what cloud applications are permissible on a device or network, but may still face similar shortfalls surrounding behavior and data within cloud applications.

Cloud adoption was expected to grow nearly 17% between 2019 and 2020; however, as more enterprises embrace cloud-first strategies for workforce management and business continuity during the COVID-19 pandemic, we’re likely to see even more aggressive cloud adoption. With more data in the cloud, the need for policy remediation and data visibility at the application layer will only increase and organizations will begin to seek cloud-native approaches to cloud security.

Source: Cloud-native as the Future of Data Loss Prevention – Nightfall AI

Best Password Encryption, Tight As a Singularity

So I was perusing this article in the New York Times, How to Devise Passwords That Drive Hackers Away, and saw this picture, sorry NYT, I paid my subscription, so if you want, I will yank out the picture, let me know, else I will consider public domain.  See the below image.  That’s when I said, wow, neat idea. It’s like those Hershey’s Reese’s pieces commercials, peanut butter and chocolate, well, look at the below image, now if the user can use a Hasbro® Rubik’s Cube type device, that fits on your key chain, like an RSA key, and turns the 6 sides of the cube to the right combination.  The Cube can be the size that fits in the palm of your hand.  You set the key with all different colors, and letter combinations, then place it in a small docking station, which attaches to the computer via a USB slot.  Even add a sensor in the middle of the cube center square  which reads your finger print, and poof.  It gets stolen, no problem, don’t have your finger print, and the letter combinations on the colors help you remember the order.  So how strong is a 6 sided cube with 9 inner squares, an alphanumeric character overlay, and optionally a finger print reader?  You can also make it an application using 3 dimensional software to manipulate the object, hey, throw in Google Glasses, you can manipulate that object in virtual space.  Easy implementation, is the 3 dimensional graphics generator and optionally use the finger print reader already on your computer, if you feel it is reliable.  I liked the portability of the physical object, such as a physical, compact cube that fits in your hand and a docking station.  To knock it out of the park, put in SD memory into the card, and then you can use it to transport information.  The bits of information are only stored on a particular point within a cube, once the pattern is locked, so it would be necessary to have the combination to access the information.  Secure, on the go, information, and probably cheap to manufacturer.  You of course, can expand the number of cubes on each side, color variations.  Of course, depending on the set of alphanumeric characters you allow increases the encryption protection. Also, for ease, of use, you may align up corners, and only remember 24 characters, six (sides) times four (corners).

A simple 9 squared cube,
One bit associated with each combination (1/0)
1st bit) 6 sides times 9 squares = 54 total squares,
2nd bit) 54 total squares (Red,Yellow,Green,Blue) times 4 colors = 216
3rd bit) 216 times 128 (e.g.7F) ASCII Hex combinations = 27,648 potential combinations

Equals three bit combinations, which can then be applied with software to cycle the bits, increase the number of bits.  A utility like this can be easily manufactured, implemented and integrated with any applications (e.g. email) with a flexible Security API

As compared to today’s Advanced Encryption Standards,
256 bits times 14 cycles using the latest encryption (ASE) = 3,584 bits

Rubik's Cube
Encryption Key with USB and Optional Finger Reader