One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8456975 |
| Date de publication | 2024-02-29 06:00:13 (vue: 2024-02-29 14:07:38) |
| Titre | Briser la chaîne d'attaque: des mouvements décisifs Break the Attack Chain: Decisive Moves |
| Texte | In our “Break the Attack Chain” blog series, we have looked at how threat actors compromise our defenses and move laterally within our networks to escalate privileges and prepare for their endgame. Now, we come to the final stage of the attack chain where it\'s necessary to broaden our outlook a little. While most external threat actors will follow the same playbook, they aren\'t our only adversaries. The modern reality is that data often just walks out of the door because our employees take it with them. More than 40% of employees admit to taking data when they leave. At the same time, careless employees who make security mistakes are responsible for more than half of insider-led data loss incidents. So, while it\'s important to detect and deter cybercriminals who want to exfiltrate our data, we must also watch out for our users. Whether they are malicious or careless, our users are just as capable of exposing sensitive data. In this third and final installment, we discuss how companies tend to lose data-and how we can better protect it from all manner of risks. Understanding data loss As with every stage in the attack chain, we must first understand threats before we can put protections in place. Let\'s start with the case of a cybercriminal following the typical attack chain. While this may not sound like a traditional insider attack, it\'s often aided by careless or reckless employees. Users expose data and open themselves and your business up to compromise in a multitude of ways, like using weak passwords, reusing credentials, forgoing security best practices and clicking on malicious links or attachments. Any of these risky moves give cybercriminals a way into your networks where they can embark on lateral movement and escalation. Incidents like these are so common that careless or compromised users cause over 80% of insider-led data loss. Malicious insiders make up the remainder. Insider threats could be a disgruntled employee looking to cause disruption, a user compromised by cybercriminals, or, increasingly, an employee who will soon leave your organization. In most cases, data exfiltration follows a three-stage pattern: Access. Users, whether malicious or compromised, will attempt to take as much information as possible. This could mean excessive downloading or copying from corporate drives or exporting data from web interfaces or client apps. Obfuscation. Both cybercriminals and malicious insiders will be aware of the kinds of activity likely to trigger alarms and will take steps to avoid them. Changing file names and extensions, deleting logs and browsing history, and encrypting files are typical strategies. Exfiltration. With targets acquired and tracks covered, data exfiltration is then carried out by copying files to a personal cloud or removable storage device and sharing files with personal or burner email accounts. Defending from the inside out As we explained in our webinar series, while the initial stage of the attack chain focuses on keeping malicious actors outside our organization, the final two stages are far more concerned with what\'s happening inside it. Therefore, any effective defense must work from the inside out. It must detect and deter suspicious activity before data can slip past internal protections and be exposed to the outside world. Of course, data can do many things-but it cannot leave an organization on its own. Whether compromised, careless or malicious, a human is integral to any data loss incident. That\'s why traditional data loss prevention (DLP) tools are not as effective as they used to be. By focusing on the content of an incident, they only address a third of the problem. Instead, a comprehensive defense against data loss must merge content classification with threat telemetry and user behavior. Proofpoint Information Protection is the only solution that uses all three across channels in a unified, cloud-native interface. With this information, security teams can identify who is accessing and moving data-when, where and why. And |
| Envoyé | Oui |
| Condensat | 100 about access accessing accounts acquired across actively activity actors adding address admit adversaries against aided alarms all also any apps are aren attachments attack attempt attempts avoid aware because before behavior best better blocks blog both break broaden browsing burner business but can cannot capable careless carried case cases cause chain chain: chain” changing channels classification clicking client cloud come common companies comprehensive compromise compromised concerned content copying corporate could course covered credentials cross crucial cybercriminal cybercriminals cyberthreats data deal decisive defend defending defense defenses deleting departing detect detects deter device discover discuss disgruntled disruption dlp does door downloading drives effective email embark employee employees encrypting endgame environments escalate escalation every excessive exfiltrate exfiltration explained exploitation exporting expose exposed exposing extensions external far file files final find first focuses focusing follow following follows forgoing fortune from full give half happening have help history how human identify important incident incidents increasingly information initial inside insider insiders installment instead integral intellectual intelligence interface interfaces internal its just keeping kinds know lateral laterally learn leave leaving led let level like likely link links little logs looked looking lose loss make malicious manner many may mean merge merges mistakes modern more most move movement moves moving much multitude must names native necessary negligent networks not now obfuscation often only open organization other out outlook outside over own passwords past pattern: people personal place placed playbook possible practices prepare prevent prevention privileges problem proofpoint property protect protection protections put reality reckless remainder removable responsible reusing risks risky same security see sensitive series sharing slip solution soon sound stage stages start steps storage strategies suspicious take taking targets teams telemetry tend than that them themselves then therefore these things third those threat threats threat telemetry and three time to: tools tracks traditional trigger trust two typical understand understanding unified used user users uses using visibility walks want watch way ways weak web webinar what when where whether who why will within work world your “break |
| Tags | Tool Threat Cloud |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.