甚么是资料遗失预防(DLP)?
数据丢失预防(DLP)是由安全组织实施的一种策略,用于防止安全数据的泄漏和潜在的恶意泄露. According to the Information Systems Audit 和 Control Association (ISACA), 实现强大的DLP解决方案对于检测和防止未经授权的DLP解决方案至关重要 数据泄漏 和 sharing, thus safeguarding sensitive information.
该组织还表示,了解数据存在的位置非常重要, 以及在何处实现或增强适用的安全性和隐私控制的功能区域的指示.
数据丢失防护的类型
- 端点DLP focuses primarily on monitoring network endpoint devices. 它使安全团队能够指定他们可能认为敏感的数据,从而制定阻止特定数据离开端点的策略.
- 网络DLP 放大并查看通过内部和外部基于云的网络传输的数据. When putting a network DLP strategy in place, 为了避免潜在的错误配置,有必要在更深层次上理解网络协议.
- 云DLP monitors data going to 和 from the cloud, as it is in an especially precarious position for malicious exfiltration, once an attacker has breached a network. A 安全运营中心(SOC) 自动化大部分数据泄漏发现以及响应性DLP协议以应对潜在泄露是明智的吗.
Why is Data Loss Prevention Important?
DLP之所以重要,原因有很多,其中最重要的是关乎公司的底线. 利益相关者和/或股东有既定的经济利益,不希望看到公司的关键数据被盗,或者被勒索赎金(这会花费很多钱),或者永远影响企业的声誉(导致客户信任的侵蚀,并在很短的时间内损失很多钱)。.
Blocking an attacker from breaching a 系统 或网络 is easier said than done, 尤其是在这个时代 云安全 和操作. 有效的DLP解决方案可以解决两种主要类型的违法者:内部和外部. Malicious actors who are also employees of a business certainly exist, but typically when an internal offender is the source of 数据泄漏, it occurs unknowingly on the part of that source.
这些天, 几乎每个人都知道,敏感信息通过云传输,并多次返回, 很多次. 这就是我们今天的生活方式. 通常, 虽然, we don’t underst和 how data is transmitted or otherwise used in the organization.
另外, 这些组织可能没有意识到某些通信或工作流趋势可能使组织处于不必要的风险中. 例如, 企业的财务部门可能会参与一个工作流程,通过电子邮件或即时消息等公共通信渠道传输极其敏感的数据.
外部攻击者通常清楚地知道他们在做什么:试图突破公司安全组织的防御,窃取敏感数据,然后——如前所述——保留它 赎金 和/or sell it to the highest bidder on the 黑暗的网络.
主要原因如下, DLP解决方案能够检测数据何时何地离开和进入网络,并帮助分析师优先保护可能比其他数据更敏感的数据,这一点至关重要.
资料外泄的原因
让我们来看看静态或传输中的数据可能从端点“泄漏”的一些主要原因, 系统, 和 networks 和 into the h和s of bad actors.
- 诚实的错误如前所述, company employees can also be offenders, unknowingly leaving data vulnerable in one way or another, 和 ultimately allowing it to leak into the h和s of attackers. This could be the result of becoming an unwitting victim of a 网络钓鱼 campaign, reusing passwords or using unsophisticated passwords, or granting internal 网络访问 to supply chain partners or outside vendors.
- 恶意软件/ 赎金ware攻击者本可以实施攻击 恶意软件 几个月前被设计用来利用一个网络漏洞——而且侥幸没有被发现. 在这个场景中, they have the time to cherry-pick the data they wish to exfiltrate, 和 deliver a 赎金 dem和 for that data. And keep in mind that it might not end there; increasingly attackers are dipping into double-extortion策略 so they can try to extract the most money possible for their efforts.
- 维护旧数据: Whether intentional or not – 和 if not, 归档的数据应该作为离线备份存储——维护那些已经过时的数据可能是数据泄露的潜在来源,也是一个大漏洞. Even if the data is no longer useful to the security organization or company, it can still be very useful to bad actors. If an attacker manages to gain access to an endpoint, 系统, 或网络, 存档的数据——比如旧的凭证或过去包含敏感信息的电子邮件——可能正是他们实施攻击所需要的.
- 云配置错误: This can also be attributable to human error, 但如果关键操作是, 好吧, operating on misconfigured – 和 therefore inherently flawed – cloud infrastructure, 然后,这些数据就会暴露出来,因此可能会“泄露”到多个地方,比如面向公众的互联网或第三方服务器.
What are the Benefits of a Data Loss Prevention Solution?
DLP解决方案的好处是显而易见的,并且可以更好地保护数据免受意外暴露和盗窃. Let's break down a few key benefits 和 how they specifically affect a network.
增加可见性
监视网络端点设备、分析流量和可疑活动交互的能力将加速整个环境的可见性,并改善安全状况. 监控网络的数据丢失也可以帮助消除以前看不见的盲点-内部和连接到网络的设备之间-只是等待被利用.
使用IAM解决方案加固网络
身份和访问管理(IAM) 对于DLP解决方案至关重要 网络安全 在一般情况下. IAM有助于确保正确的人访问正确的端点或网络系统. By instituting IAM policies on critical 系统 和 endpoints, the network perimeter becomes harder to breach, which in turn can help the business remain in 合规 with both internal 和 external regulatory st和ards.
Increase the St和ard for Organizing 和 Classifying Data
Data classification should be as simple 和 straightforward as possible. Let's look at a tiered-structure example:
- 1级: This is data for public consumption 和 that may be freely disclosed.
- 2级: This is internal data not for public disclosure.
- 3级这是敏感的内部数据,如果被披露,可能会对公司产生负面影响.
- 4级: This is highly sensitive corporate, employee, 和 customer data.
基于这种分类, it’s clear that storing the wrong data at the wrong level, 或分类, could have potentially disastrous effects. 如果存在不同分类级别的数据必须驻留在同一服务器上的情况, 混合数据应使用最高的分类等级进行标记和分类,从而进行相应的保护. Automating this process will also help to ensure it occurs with efficiency 和 speed.
数据丢失预防最佳实践
实现DLP解决方案的最佳实践将有助于将其校准为特定的环境. 根据ISACA,有许多最佳实践可以帮助确保DLP战略的成功部署:
人
- Do not leave sensitive data unattended.
- Do not permit copying of sensitive data onto removable media.
- Provide view-only access to sensitive information.
管理
- Implement a data management life cycle to organize data 和 manage storage 和 use.
- Regularly update data risk profiles to be aware of new threats.
- St和ardize the endpoints to make deployment more manageable.
部署
- Deploy DLP in prioritized waves for quick-wins.
- Start with a minimal base to h和le false-positives, help identify the critical or sensitive data, 微调民主劳动党政策.
- Test implementation in a small, controlled unit before going full scale.
IT-restrictive控制
- Do not allow unauthorized devices in the network.
- Block files containing personally identifiable information (PII).
- 以所需的频率(或按需)执行DLP发现扫描,以审计和维护对安全状态的了解.
产品选择
- Check the DLP product to see if it supports the enterprise's data formats.
- Scan data stores for sensitive information 和, if necessary, take remedial action.
- 使用DLP工具自动查找未加密的敏感资料,将资料加密(数据加密),并根据企业的策略删除该信息或执行其他补救.