One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2803912 |
| Date de publication | 2021-05-18 05:01:00 (vue: 2021-05-18 07:05:40) |
| Titre | What is data loss prevention? |
| Texte | This article was written by an independent guest author. DLP security strategies, benefits explained The threat landscape is a constantly evolving challenge for enterprise security professionals – the number of cyberattacks is continuing to rise, data exfiltration is now included in 70% of ransomware attacks, and insiders are responsible for 30% of all data breaches. As a result, enterprises are constantly looking for ways to reduce the risk of sensitive data being leaked outside the company. And with so many potential weak points, it’s necessary for organizations to put controls and solutions in place that not just monitor for inappropriate egress of corporate data, but also mitigate the risks as close to entirely as possible. To do this, the most common solutions enterprises turn to is Data Loss Prevention. What is data loss prevention? In its broadest terms, Data Loss Prevention (DLP) is a set of tools and processes that allow businesses to detect and prevent data breaches, exfiltration, and the malicious destruction or misuse of sensitive data. DLP solutions allow you to monitor and analyze data traffic on your network to spot potential anomalies, this includes inspecting data sent via email or instant messaging, analyzing data streams on your network, checking how data is being used on a managed endpoint, and monitoring data at rest in on-premises file servers or cloud applications and storage. DLP is typically used by organizations in the following scenarios: To protect Personally Identifiable Information (PII) and comply with regulatory requirements specific to the organization’s field of operation To protect Intellectual Property that is critical to the organization Help secure data on cloud systems Help secure an increasingly mobile and disparate workforce Enforce security in Bring Your Own Device (BYOD) environments If a potential violation is found, a DLP solution will trigger a remediation based on policies and rules defined by the organization, for example alerting IT, automatically enforcing encryption of data, or locking down a user to prevent sharing data that could put the organization at risk. DLP solutions will also produce reporting that can help the organization meet regulatory compliance. Explaining data protection complexities and requirements This sounds great in principle, however preventing the inappropriate leakage of sensitive data isn’t a simple process; data types must be established, data must be identified, rules must be defined based on role and data type, implementations must be tested to ensure a balance of security and productivity, and more. So, it’s necessary to ensure that your DLP efforts work to meet your data protection requirements, and that any prospective DLP solution can help you achieve this. SANS provides a rather comprehensive list of key requirements that you need to consider when starting your DLP journey. So, you need ensure any potential vendor includes these: Discovery, Retention, Searching – Analyze your networks for data At Rest (on endpoints, servers, and file shares), In Use, and In Motion (on the network, over email, and in web traffic, as well as any data being copied onto external devices). Monitoring – Discover, identify, correlate, analyze, and log every instance of sensitive data movement or use (removal, modification, or attempted transmission). Alerting – Define and implement actions that ne |
| Envoyé | Oui |
| Condensat | data e – detect ability access achieve actions actually add additional additionally advise against agents alerting alerts all allow also analyze analyzing anomalies answer antivirus any application applications apps are around article attacks attempted attempts author authorization automate automatically available balance barrier based behaving being benefits block both breaches bring broad broadest building built business businesses but byod can can’t casbs categories: cater centrally challenge changes checking classification close cloud comes common compact company complexities compliance comply comprehensive conditional configuration conjunction connections consider constantly constitute consultant content context continuing controls copied copy corporate correlate could counterpart create critical cyberattacks data data; define defined degree delete dependent deploy deploying desktops destruction detect detected detection device devices different differing differs discover discovery disparate dlp dlp down drop easy ecm edge effective efforts egress email emerged employ encrypt encryption end endpoint endpoints enforce enforcement enforcing ensure enterprise enterprises entirely environment environments establish established etc event events every everything evolving example exfiltration expert explained explaining external factors fall far features field file first flexible following found from full functionality gateways get getting going great guest has have help helps highest hiring holistic how however huge identifiable identified identify ids implement implementations important inappropriate incident included includes including including: increasingly independent information initiative insider insiders inspecting instance instant integrated integrating intellectual intrusion isn’t it’s its journey just key know knowing landscape layered leak leakage leaked leaving list location locking log looking loss made mail malicious manage managed management managing many markers/registration meet messaging methodologies might misuse mitigate mobile modification monitor monitoring more most motion movement must nature necessary need needs network networks not now number offering offers onto operation operations organization organization’s organizational organizations organizations’ other outside outsider over own part personally physical pii place platforms play points policies policy possible potential potentially premises prevent preventative preventing prevention principle private process; processes produce productivity professionals property prospective protect protection protective provide provides providing public put quarantine ransomware rather reaching real reduce regulatory reject remediation remote removal reporting requirements resides residing resources responsible rest result retention rise risk risks role rule rules safeguard safeguarding sans sase scenarios: searching secure security seg send sensitive sensitive data sent seriously servers services set shares sharing should siem simple single software solution solutions sounds specific spot starting storage strategies strategy streams such support suspicious swg system systems taken techniques technologies terms tested these these: those threat threats time today tools traffic transmission trigger trust turn two type types typically unique until use used user users uses value vendor violation virtual viruses visibility into ways weak web well what what’s when where whether which will without work workforce written you’re you: your zero |
| Tags | Ransomware Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.