Home Tags Data Loss Prevention

Tag: Data Loss Prevention

Data loss prevention software that are designed to detect potential data breaches / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake. Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry.

The terms “data loss” and “data leak” are closely related and are often used interchangeably, though they are somewhat different. Data loss incidents turn into data leak incidents in cases where media containing sensitive information is lost and subsequently acquired by unauthorized party. However, a data leak is possible without the data being lost in the originating side. Some other terms associated with data leakage prevention are information leak detection and prevention (ILDP), information leak prevention (ILP), content monitoring and filtering (CMF), information protection and control (IPC), and extrusion prevention system (EPS), as opposed to intrusion prevention system.

CounterTack Adds Data Loss Prevention to Endpoint Threat Platform

The security vendor bolsters the endpoint detection and response capabilities of its Endpoint Threat Platform with the addition of data loss prevention in a bid to reduce risk.

Google upgrades G Suite with tools for IT pros

Google today bolstered its G Suite of productivity apps with new controls and tools for IT professionals.

G Suite administrators now have more access to control security key enforcement, data control with data loss prevention (DLP) for Google Drive and Gmail, and additional insights by connecting Gmail to BigQuery, Google’s enterprise data warehouse designed to enable SQL queries, according to Google.All of the changes, which are live today, are designed to elevate G Suite for the enterprise, especially among companies that need more confidence in the controls they can maintain over corporate data, according to Google.To read this article in full or to leave a comment, please click here

Mobile is still the safest place for your data

When I talk to IT managers, I almost always hear fears of mobile devices as conduits for sensitive corporate data to leave the company.
I don’t know why I keep hearing this.

There’s simply no evidence to support this fear.
In fact, there’s solid evidence that says mobile devices are not a significant—or even moderate—risk factor. Every year, I check the Identity Theft Resource Center’s database of personally identifying information (PII) breaches, which require disclosure by both state and federal laws.
I’m sure many losses go unreported, and the database doesn’t cover corporate information not containing PII.

But if mobile devices were a conduit to data loss, they should show up in this database. Mobile-linked breaches haven’t shown up in previous years, and they didn’t show up again in 2016—despite the fact that nearly everyone these days uses a smartphone. What does show up? Paper records, thumb drives, external hard drives, laptops, hacks into databases and storage systems, and successful phishing attempts. Many of the reported breaches involve lost papers, drives, and laptops, where a data thief probably wasn’t involved.

But many involve active hacking of IT systems where data theft is the goal.

And some involve insiders (contractors and ex-employees) steal data to use themselves, bring to new employers, or—least often—sell to others. None of the lost, stolen, or compromised devices were smartphones or tablets.

That’s probably because encrypted devices need not be reported; they’re presumed safe. iPhones and iPads have long encrypted their contents, and professional-grade Android devices have done that in recent years.
In both cases, a simple IT policy can enforce that encryption.
It doesn’t take a fancy mobile security tool; Microsoft Exchange can do the trick. Well, there was one data breach involving a smartphone: A former hospital manager, after resigning, took patient-identifying information by forwarding certain documents such as patient lists to her personal email account.
She had work email set up on her personal smartphone—a common BYOD scenario—and simply forwarded the work emails to her personal email account.

That’s not a mobile-specific issue—she could have done that from a work computer or a home computer. IT’s remedy for this case is the same no matter the device running the email app: Use restricted email accounts where possible and data loss prevention (DLP) tools where not to identify and perhaps prevent such odd email usage.

And don’t distribute PII or other sensitive information in routine documents in the first place! Also not in the breach list were the cloud storage services that IT managers fret about after they’re done worrying about mobile devices: Apple iCloud Drive, Box, Dropbox, Google Drive, and Microsoft OneDrive. But that omission may be misleading because if a lost (unencrypted) laptop has stored the access credentials for such services—which is common—then the data on that cloud drive is available to a data thief, just as the locally stored data is.

The Identity Theft Resource Center database doesn’t go into great detail of each case, but because a lost (unencrypted) laptop is presumed to be a data breach, that breach extends to any data on that laptop, including cloud-accessed data. Still, we didn’t see cases of these popular cloud storage services as the specific vector of a data breach—despite frequent IT fears to the contrary. In this day and age, IT pros have plenty of security threats to deal with.

Active hacking is the biggest threat, of course, and should get the lion’s share of the resources. The client side should be addressed but not dwelled on. Of the clients in use, mobile is the least risky.

Based on the actual risks, a good place to start is securing laptops, then external drives that people use when they don’t have access to a corporate cloud storage service.

Those devices compromise the biggest client risk.

Encryption is your main line of defense for these devices—for cloud storage, too. For the much smaller risk posed by mobile devices, mobile management tools are both mature and effective; there’s no excuse not to have them in place already.

WatchGuard Takes Guesswork Out of Wi-Fi Security With Cloud-based Solution

WatchGuard Wi-Fi Cloud delivers automated wireless threat prevention with interactive engagement and analytics18 October 2016 – WatchGuard® Technologies has announced WatchGuard Wi-Fi Cloud, a secure, scalable and feature-rich Wi-Fi management platform with a new family of high-performance, cloud-ready access points.

Deployed together, this next-generation secure wireless solution delivers a sophisticated Wireless Intrusion Prevention System (WIPS), while turning Wi-Fi hot spots into powerful consumer research, analytics and push marketing tools. WatchGuard WiFi logo Architected from the ground up to focus on ease of deployment and administration, the WatchGuard Wi-Fi Cloud simplifies even the most complex aspects of Wi-Fi management, making fast, secure and intelligent Wi-Fi accessible to organisations of all types and sizes. WatchGuard Wi-Fi Cloud delivers high-quality wireless performance, while ensuring consistent security policies across all connected devices, even at remote locations.

The patented WIPS technology built into WatchGuard’s new cloud-ready AP120 and AP320 access points automatically classifies wireless devices as Authorized, Rogue, or External, resulting in a very low false positive rate.

This advanced rogue detection process can safely and automatically shut down unauthorised access points and clients, while nearly eliminating the risk of illegally interfering with neighbouring wireless networks. “Today’s savvy businesses realise that safe and reliable Wi-Fi is a basic requirement, but many SMBs and distributed enterprise organisations struggle to deliver it. We’ve developed a comprehensive solution that dramatically simplifies how businesses deploy and manage wireless, while at the same time elevating Wi-Fi security standards,” said Ryan Orsi, director of wireless products at WatchGuard. “In addition to security, the WatchGuard Wi-Fi Cloud makes it easier for organisations to turn Wi-Fi into an extension of their brand, an interactive experience for their customers and a powerful analytics tool.” WIRELESS SECURITYMost traditional wireless network management solutions fail to stop rogue devices from connecting to their networks or block threats like wireless denial-of-service attacks.

Current WIPS technology delivers a high rate of false positives, incorrectly categorising neighbouring hotspots and innocuously connected devices as malicious, which creates unnecessary frustration and end-user complaints. In addition to automatically detecting and disabling rogue wireless devices and attacks, WatchGuard’s industry-leading WIPS also provides customers with: Secure Bring Your Own Device (BYOD) Policy Enforcement – automatically identifies on-network smart devices and blocks unapproved connections. Accurate Location Tracking – pinpoints the location of connected wireless devices or sources of interference, enabling administrators to quickly take action. Flexible Deployment – deployable in configurations to meet any security need.
It can be installed as an overlay on top of an existing WLAN infrastructure or as a stand-alone enforcement system for Wi-Fi prohibited zones. Customers can easily and cost effectively run all of their wireless network traffic through one of WatchGuard's leading network security appliances, thereby providing the same AV, IPS, web filtering, spam blocking, application control, APT blocking, data loss prevention and reputation lookup techniques to wireless traffic.

This protects them against malware planting, eavesdropping and data theft and prevents inappropriate or illegal use of their network. INTERACTIVE ENGAGEMENT AND ANALYTICSThe Wi-Fi Cloud provides visibility into marketing data, including insights into footfall and customer demographics visualised on customisable dashboards. Organisations can easily monetise these insights by tapping into the mobile engagement features, which allow direct and customised communication with individual customers in the form of SMS, MMS and their social network of choice. WatchGuard Wi-Fi Cloud management features also include: Custom Splash Pages and Social Wi-Fi Engagement – captive portals allow businesses to personalise customer Wi-Fi experiences by offering promotional opportunities, surveys and strong authentication through Facebook, Twitter, LinkedIn, Instagram and other social applications. Mobile Engagement – delivers custom messages to customers via SMS, MMS, and social networks, based on predefined triggers including user interaction and length of time on-network. Wi-Fi Analytics - data is collected via passive scans, active scans and user connections in and around your Wi-Fi networks.

Analyses and conceptualises this data to provide insight into traffic patterns, behaviour and demographics of your Wi-Fi users, in addition to generating a visual map of foot traffic patterns on a floor plan. “There is a strong demand among our customers for widely deployable, cloud-enabled solutions and we are excited to add WatchGuard Wi-Fi Cloud to our portfolio,” said Ian Kilpatrick, director at Wick Hill. “This new Wi-Fi cloud functionality expands our ability to sell more to existing customers and to reach brand new customers.

Additionally, Firebox and Wi-Fi Cloud installations will increase partners’ service revenues.

This represents a big win for everyone.” ADDITIONAL RESOURCES: AVAILABILITY:WatchGuard Wi-Fi Cloud subscriptions, along with the AP120 and AP320 are available now.

Customers can purchase them as a stand-alone solution, or as part of a holistic configuration that routes traffic through a Firebox or XTM appliance, to extend best-in-class security services like APT Blocker, WebBlocker, and Gateway AntiVirus into their wireless environments.

For more information, visit https://www.watchguard.com/wifi. About WatchGuard Technologies, Inc.WatchGuard® Technologies, Inc. is a global leader in network security, providing best-in-class Unified Threat Management, Next Generation Firewall, secure Wi-Fi, and network intelligence products and services to more than 75,000 customers worldwide.

The company’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America.

To learn more, visit WatchGuard.com. For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuard on Facebook, or on the LinkedIn Company page.

Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Contacts:Rowena Case, WatchGuard Technologies0203 608 9070, ukmarketing@watchguard.com Peter Rennison, PRPR01442 245030, pr@prpr.co.uk

Enterprises outsmarting themselves with security, while attackers easily use common techniques

Bad guys use common techniques to steal data, while companies focus too much on sophisticated attacks, according to the second annual Hacker's Playbook, based on an analysis of nearly 4 million breach methods. Security professionals are figuring out how to block attacks from state-sponsored, advanced, persistent adversaries, said Itzik Kotler, CTO and co-founder at penetration company SafeBreach, which produced the report. "But if you look at the different hacks, they're not all carried out by nation-states," he said. "They're carried out by script kiddies and cyber criminals." In fact, while conducting penetration tests on behalf of its customers, SafeBreach found that old standbys are extremely effective. There are few adversaries skilled enough to create zero days.

The majority of attackers use and reuse common techniques -- which is exactly what SafeBreach did when running its penetration tests. Corporate environments typically offered many exfiltration channels, including HTTP, IRC, SIP and Syslogs. Take, for example, Internet Relay Chat which dates back to before the Web was invented. "It is not sophisticated at all," he said. "And, to our knowledge, it has no business value.

But it can still be used to initiate a connection out of a company and carry data." Syslogs are event logs from network and security products sent to external aggregators for consolidation and analysis -- and are usually not scrutinized by security.

They should be limited to specific servers, encrypted, or sent via a VPN tunnel. Simiarly, SIP, which is used for voice-over-IP communication sessions, needs to be limited to specific, pre-identified servers. And HTTP is the most common type of outbound traffic, and is the easiest protocol to take advantage of, according to SafeBreach.

These communications need to be monitored and inspected by data loss prevention platforms. When it comes to getting into a company in the first place, companies are still not locking down many common approaches. For example, executable files in attachments were successful in a quarter of all attempts.
So were Microsoft Office macros and visual Basic scripts. And one of the oldest tricks in the book -- encrypted zip files downloaded via HTTP -- still works. The kinds of files should be limited by policy or inspected by next-generation firewalls, SafeBreach recommended. And the top five most successful malware kits have been around for a year or more, including Citadel, Dridex, Hesperbot, SpyEye and Cryptolocker. Finally, human error was a common problem.

The most damaging mistake was misconfiguring malware sandboxes and proxies.

For example, sandboxes were often not set up to cover all ports, protocols, file formats, and encrypted traffic.

And misconfigured proxies allow attackers to move laterally within corporate networks. This story, "Enterprises outsmarting themselves with security, while attackers easily use common techniques" was originally published by CSO.

Fourth Region Added To Nuvias EMEA Structure

Nuvias acquires value-added distribution business in DubaiLondon, UK: 7/9/16: Specialist EMEA distributor, the Nuvias Group, announces it has added a fourth region, MEA, to its regional EMEA structure.

The other three Nuvias Group regions are Northern, Central and Southern Europe. Paul Eccleston Head of Nuvias Group Nuvias has acquired SCD, a distributor operating out of Dubai.

The new office will now act as a hub for Nuvias’ MEA activities, covering all parts of the Gulf Co-operation Council[1] (GCC) area, Pakistan and Afghanistan. This is the latest development in the strong growth and development plans of Nuvias, which was established in July 2016. Nuvias is building an EMEA-wide, high-value, specialist distribution business, with a common proposition and consistent delivery.

The strategy is to redefine value distribution to the channel, enabling the channel and vendor community to deliver exceptional business value to their customers and creating new standards of channel success. Also being announced today is the setting up of the Nuvias Cyber Security Practice at the Dubai office, which includes vendors Unitrends (cloud empowered continuity solutions), Malwarebytes (advanced malware prevention and remediation), Black Duck (open source security and management) and Netskope (cloud data loss prevention). Other recent vendor signings for Nuvias in the MEA region include JetNEXUS (load balancing), Lifesize (videoconferencing) and Tintri (VM-aware storage for virtualisation and the cloud). Nuvias has already recruited several new staff for the MEA office bringing the current total up to 16.

These include recent recruit Muneeb Anjum, the new sales director.

Anjum has twelve years’ experience in the IT sector, with a proven track record in managing channel partners across the Middle East and extensive experience in successfully introducing new solutions to market. Paul Eccleston, head of Nuvias Group, commented: “We are delighted to be announcing today the opening of our Middle East and Africa (MEA) region, completing our regional coverage of EMEA. MEA is a very important part of the region and a significant opportunity for us, our vendor partners and our customers. “We have been working hard to bring the cyber security, advanced networking and unified comms capability of Wick Hill and Zycko to this region. With the acquisition of the business in Dubai, operating across the region, and the recruitment of Muneeb Anjum, which will be followed by further additions to the team very soon, this is an exciting development for Nuvias and we look forward to bringing more capability and vendors to the region quickly.” Alasdair Kilgour, regional VP MEA for Nuvias, commented: “It's both exciting and a privilege to be part of the Nuvias team and I look forward to leading the growth of the business across MEA and beyond. We will do this firstly by enabling our vendor partners locally to experience the same high standard of value-added service they already receive from the Group across Europe; secondly by expanding our channel partner community through our solution distribution philosophy; and thirdly by geographic expansion. We are exhibiting at Gitex in October at the Dubai World Trade Centre, which will give us a great platform to show the industry what Nuvias in the MEA region can offer.” [1] Gulf Co-operation Council (GCC)A regional, political organisation consisting of six middle eastern countries – Saudi Arabia, Kuwait, the United Arab Emirates, Oman, Qatar and Bahrain. About Nuvias GroupNuvias Group is the pan-EMEA, high value distribution business being built by Rigby Private Equity (RPE), to redefine international, specialist value distribution in IT.

The Group provides a common proposition and consistent delivery across EMEA, allowing channel and vendor communities to deliver exceptional business value to customers, and enabling new standards of channel success. The Group today consists of Wick Hill, an award-winning, value-added distributor with a strong specialisation in security; and Zycko, an award-winning, specialist EMEA distributor, with a focus on advanced networking.

Both companies have proven experience at providing innovative technology solutions from world-class vendors, and delivering market growth for vendor and reseller partners alike.

The Group has fourteen regional offices across EMEA and turnover is in excess of US$ 300 million. ENDS For further press information, please contact Annabelle Brown on +44 (0) 1326 318212, email abpublicrelations@btinternet.com. Wick Hill https://www.wickhill.com/ Zycko http://www.zycko.com/

Review: Top tools for preventing data leaks

Most security tools are focused on keeping external attackers at bay.

But what about the sensitive data that lives inside your network? How do you make sure it doesn't get out, either intentionally or by accident? That's where Data Loss Prevention (DLP...

New air-gap jumper covertly transmits data in hard-drive sounds

Cyber Security Labs @ Ben Gurion Universityreader comments 18 Share this story Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of s...

Identity Finder Rebrands as Spirion, Brings In New CEO

A new CEO takes the reins as the company changes its name to Spirion to raise its profile as a provider of data loss prevention technology. Identity Finder has been helping organizations with data loss prevention since 2006. On July 28, the company off...

Hacked in a public space? Thanks, HTTPS

Kali Linux, laptop, coffee - hack on! Have you ever bothered to look at who your browser trusts? The padlock of a HTTPS connection doesn't mean anything if you can't trust the other end of the connection and its upstream signatories.

Do you trust CNNIC (China Internet Network Information Centre). What about Turkistan trust or many other “who are they” type certificate authorities? Even if you do trust whoever issued the certificate it doesn't mean much if the network cannot be trusted.

A lot of experts claim “HTTPS is broken” and here is one small example of why.
If you sit in a coffee shop and go surfing you can quite easily end up being the victim of a man-in-the-middle (MitM) attack.

All a potential attacker needs is a copy of Kali Linux, a reasonably powerful laptop and coffee! But wait, you cry, aren't certificates supposed to protect us from exactly this type of thing? Yes but... essentially in our coffee-shop scenario the connection can be forced to run via the MitM laptop using a program called SSLstrip to copy the data as it is passed back and forth to Gmail. We get the traffic from the victim by poisoning the ARP cache and pretending to be the router.
SSLStrip forces a victim's browser into communicating via an attacker’s laptop in plain-text over HTTP, with the adversary proxies the modified content from an HTTPS server. Of course, you need to hack the coffee shop's router, too. The HTTPS between Gmail and you is now readable because you get the derypted plain text data before it is encrypted and sent to Gmail. It isn't just coffee shops that present this risk.

Frequently, SSL Inspection is used in offices of larger companies to monitor staff web activity.
Several companies such as FireEye and Bluecoat provide specialised appliances to do this at wirespeed, essentially rendering them unnoticeable.

Governments can also do the same using FinFisher or other tools running on ISP networks. This is one of the main reasons I tell people not to check their web mail on their work computer.

Employers probably have the right do that written into their employment terms and conditions.

Companies do, however, have other more legitimate reasons for breaking SSL scanning for malware-related traffic and data loss prevention (DLP being the new hot ticket item).
If you couldn't look inside an encrypted packet you would have no idea what's flowing across the network most of the time other than source and destination. What are the mitigations against all these for the average Joe user? In reality not a lot. Use your common sense when connecting to a Wi-Fi hotspot.

Ask yourself: Do I know I am connecting to the correct Wi-Fi hotspot? Do I trust that hotspot and its owners? Where possible use a VPN thereby somewhat mitigating against MitM attacks On a larger scale there are a few things that can be done but require effort.
If a site provides only HTTPS then sslstrip would fail as it can't fall back to HTTP.

Also browsers are becoming better at dealing with these types of issues. Some browsers such as Chrome use a new technique called certificate pinning.

Certificate pinning, though, is limited to Google sites at present.

This technique creates a digital fingerprint for each HTTPS site visited and afterwards compares it to the certificate being presented.
It will warn the user if things don’t look as they should.

Another method that site owners can use to protect their clients is HSTS.

This tells the browser on first visit that the site is HTTPS only and therefore the browser should only ever connect to via HTTPS for a determined length of time. Any attempt to redirect the browser to an HTTP version of the site will be stopped by the browser.

The one weakness with this technology is that the browser has to have first visited the genuine site to receive the HSTS response.

But if you make sure you've visited a site that supports HSTS on a trusted network, your browser will then ensure it is never redirected to HTTP. A site owner who knows they will only ever use HTTPS and uses HSTS (HTTP Strict Transport Security) can have their website added to a HSTS preloaded list in the Chromium project.

Getting your site added to that list means that Chromium will never allow an unencrypted connection to your site. A lot of companies who deploy monitoring will often install their own root certificates on company computers.

This lets the proxy devices to self-sign certificates for any domain and be trusted by the computers. HTTPS is not the silver-bullet online defence shield a lot of users believe it to be on public networks, meaning activities such as online banking and shopping are done at their own risk. While there are some additional steps you can take, you should - therefore - continue to exercise caution when using a network you don’t control and think about the type of information that you may be sharing with people you may not want to. ® Sponsored: Rise of the machines

Microsoft Tightens the Lid on Office 365 Data

The company readies new data loss prevention features for Office 365, SharePoint Online and OneDrive for Business. Microsoft is helping its growing Office 365 customer base plug potential data leaks. Following up on the launch of data loss prevention (DLP) capabilities in SharePoint Online and OneDrive, the company announced that it is expanding those protections to a broader set of software and cloud-delivered Office services. DLP describes computer security solutions that detect and prevent unauthorized attempts to transmit sensitive data, such as Social Security and credit card numbers. "Starting in early 2015, we will enable DLP natively in Microsoft applications that your users are very familiar with," wrote Shobhit Sahay, an Office 365 technical product manager, and Jack Kabat, an Office 365 principal program manager, in an Oct. 28 Office Blogs post. "This will enable you to enforce policies for content creation and sharing rights at the time of content creation, and will provide users with policy tips, similar to the experience they already receive in Outlook and OWA when they try to share sensitive content." The feature will first appear in Excel. Word and PowerPoint will gain similar functionality sometime later in the year. Microsoft also plans to leverage Windows File Server's automated file management feature, called file classification infrastructure (FCI), to enhance security on select services. The jointly authored post revealed that Microsoft is "enabling the detection of Windows FCI content classifications for Office documents in Exchange Online, SharePoint Online and OneDrive for Business" in the first quarter of 2015. This newfound FCI awareness can help organizations avoid potentially costly lapses in regulatory compliance. Sahay and Kabat explained that administrators "will be able to create an Exchange transport rule that is able to detect the FCI classified Office document as Protected Health Information, and apply appropriate action to prevent disclosure."   Over the next few months, Microsoft is enabling "active policy evaluation and enforcement" on sensitive data stored on SharePoint Online and OneDrive for Business, they added. "This includes policy actions to restrict and block access, as well as user education with email notifications." DLP is gaining ground with companies that build solutions for secure cloud computing environments. In January, CipherCloud announced that it had acquired CloudUp Networks to help bolster its cloud security platform's DLP capabilities. Earlier this summer, Trend Micro announced new security offerings that integrate with Office 365 and help safeguard data with DLP, encryption and malware scanning.

ArmstrongAdams wins Imperva partner award

Online security project nets win for second year in a row Basingstoke, UK: 28 October 2014 - ArmstrongAdams, an Accumuli company, has won the Imperva Project of the Year award for the second year running. The award was given for ArmstrongAdams' work w...