SlideShare a Scribd company logo

DG for Fed

G
Greg Cranley
1 of 6
Download to read offline
White paper A Data-centric approach to federal government security
www.digitalguardian.com WHITE PAPER / 1 Federal Agencies – The Ultimate Target of Cyber Criminals For many adversaries, government agencies are the ultimate target. Agencies possess top-secret information on weapons systems, government contracts, and other sensitive information. They also collect personal data on individuals inside and outside the agencies. In August 2014, a cyber attack was reported at USIS, a firm that performs background checks for U.S. government employees. The attack compromised data of at least 25,000 workers, including some undercover investigators. The stolen information included Social Security numbers, birth dates, education and criminal history, and names and addresses of relatives and friends tied to the workers. As seen in Figure 1, over 61,000 security incidents were reported by Federal agencies in 2013, and over 25,000 of those resulted in the loss of Personally Identifiable Information (PII). http://www.scmagazine.com/at-least-25k-govt-workers-impacted-by-usis-data-breach/article/367947/ Attackers continue to evolve their techniques to disrupt normal operations and steal confidential intellectual property. They are designing increasingly advanced tactics to infiltrate and maintain a presence on IT systems, waiting for an opportunity to collect and exfiltrate data. Understanding an Adversary’s Strategy Cyber criminals vary their tactics depending on the defenses of the targeted agency and its supply chain. Some attacks are direct, targeting an agency directly. Other times, they will attempt to undermine defenses at a contractor facility, knowing that the compromised device(s) will eventually provide access to the agency itself.
www.digitalguardian.com WHITE PAPER / 2 Attack Software Introduction Command And Control Attack Software Expansion or Lateral Movement Attack Event (Exfiltration) Withdraw Planning the Attack The first step includes determining how the attack software will be introduced, the communication methods used while the attack is in progress, and how/where the data will be extracted. Social engineering is one of the most successful attack vectors because, even today, most people do not understand the risk of opening suspect emails or files or clicking on unverified links. A clever attacker can target users through social engineering attacks such as spear-phishing, where a user is tricked into opening an attachment containing malware. In sophisticated attacks, the malware needs to communicate with the attackers to send discovered information and receive additional software or tools required to continue their attack through lateral movement to other devices. Attackers assume the data they want will reside on multiple machines or be located on adjacent networks and systems. For a data-focused attack, this step usually consists of two parts. First, it will copy, obfuscate, and move the target data to an exfiltration point. Often the data will be stored in a password-protected archive or encrypted using proprietary encryption tools. Next, is the exfiltration of the compromised data via remote access tools or the network using FTP, SMTP, or other standard protocols, which help ensure the attacker remain stealth. After a data compromise is complete, the attacker will withdraw and leave attack software in place for future exploitation, or destroy it in an attempt to hide evidence of the attack. Multi-stage attacks are sophisticated, using unconventional methods and flexibility to adapt. Defending against these requires equally skillful counter-measures to identify threatening behavior by collecting and correlating attack intelligence. Stopping the attack at any stage is equally effective in preventing data breaches. A sophisticated attack typically includes a number of steps by the attacker, the first five of which must complete successfully to steal data: Digital Guardian: Data-Centric Security Digital Guardian’s data-centric approach to security is equally effective at protecting against insider threats, outsider threats, or attacks by advanced software. A data-centric approach focuses on three factors; data identification/ classification, data monitoring and data protection, to stop the attack at multiple steps. • Identify/classify sensitive data continuously – An organization cannot protect data if it does not know where that data is at all times. While many solutions can generate a point- in-time inventory of data through scanning and signatures, this information is largely invalid as soon as new data is created, or existing data is moved or modified. To protect data, an organization must consistently and continuously identify and classify data as it is created or modified.
www.digitalguardian.com WHITE PAPER / 3 • Monitor sensitive data use continuously – Data changes constantly, as business applications, users, customers, and partners interact with it. It moves between internal applications, exists on laptops and mobile devices, or in email to users inside or outside the enterprise. This is particularly important when considering the attacker’s goal of stealing data, often by first copying, obfuscating, and moving the target data to an exfiltration point. • Protect sensitive data use contextually – Protecting data requires more than simply access control or encryption (though both are obviously important). To protect data while allowing full – legitimate – use, requires a contextual understanding of three factors: what actions may be taken with the data; by whom; and, under what circumstances. Privileged users need to configure devices, but prohibited from viewing specific files on those devices. The key to Digital Guardian’s effectiveness is its kernel-based agent, which provides complete visibility to all information and actions on each device. By understanding the sensitivity of each piece of data, organizations achieve greater control without affecting business processes. Digital Guardian supports automated content classification for over 300 file types and 90 languages, including structured and unstructured data types. Digital Guardian classifies data upon its discovery, access, creation, or revision, and a classification tag is appended securely to its host file or email. Classifications can be permanent or updated with changes to content. Three methods are available for classifying content: • Context-based Data Awareness - Contextual data awareness helps classify data by understanding information about the data file or email message. This includes the application used to create the file, who created/edited the file, the storage location/ repository or the email message sender, recipient, or subject. • Content Inspection – Direct inspection of the data object to identify confidential information allows organizations to apply the appropriate controls based on the content. Automated Data Classification Digital Guardian discovers, classifies, monitors and enforces security policies based on data content in over 300 data formats and 90 single and multi-byte languages, across physical or virtual servers, desktops, laptops, and email platforms. • User Classification - Digital Guardian’s User Classification complements automated data classification methods by allowing a user to classify data manually. Digital Guardian maintains classifications through data “tags” that persist with the data throughout its lifecycle, or until the classification no longer applies due to a change in the data. Tag inheritance allows classifications to follow the data. A derivative (“child”) file automatically inherits classification tags from the source (“parent”) file. Persistent and inheritable tagging maintains consistent identification, usage auditing, and policy enforcement among files of common content. This assures sensitive data remains visible to Digital Guardian, and controlled as it moves between files, allowing organizations to monitor, analyze, and manage its entire lifecycle with appropriate policies.
www.digitalguardian.com WHITE PAPER / 4 Digital Guardian agents not only classify data, they also enforce usage policies on the endpoint, on or off the network. These agents do this with an understanding of three factors: • The data being acted on. • The action being taken. • The user or application taking the action. Policy Enforcement on The Endpoint - On and Off the Network This intelligence allows unimpeded authorized use of data while preventing people or attack software from misusing data. All actions (or attempted actions) are logged in an evidentiary quality audit file for analysis and alerting. Real Time Threat Detection When information security violations occur, it is essential to respond immediately. Regulations such as the Federal Information Security Management Act (FISMA), White House Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) PII Requirements, and the National Infrastructure Protection Plan (NIPP) require immediate response to information security breaches regardless of whether they involve classified information. Digital Guardian provides real-time threat detection: the ability to detect, in real time, patterns indicative of malicious software, system compromise and user behavior, via intelligent correlation rules. These simple to complex rules allow agencies to log, alert, and retain activity in order to develop alert sequencing; a combination and/or sequence of rules indicative of malicious behavior. Rules can trigger several actions while providing incident response teams with the information they need to address attacks: • Immediate alerting to the presence of an attack (via prompts). • Quarantine the machine from the network, without impacting communication to the Digital Guardian Management Console. • Initiate the collection of forensic artifacts required to support the forensic investigation, such as detailed process information and memory analysis detail. • Stop the attack in progress by killing a process. A military term that transfers effectively to cyber threat defense is “force multiplier.” In military terms, this is a capability that when added to a combat force, significantly increases the combat potential of that force and thus enhances the probability of a successful mission. In the Defending Data from Sophisticated Attacks advanced threat world, that force multiplier is an integrated platform that can detect, correlate, and create actionable intelligence, and then quickly and effectively act on that intelligence with prevention and containment controls.
© 2014 Digital Guardian, Inc. All Rights Reserved. Digital Guardian, the Digital Guardian logo, are trademarks of Digital Guardian, Inc. All other logos are the property of their respective owners. The content of this document is subject to change without notice. CORPORATE HEADQUARTERS 860 Winter Street, Suite 3 Waltham, MA 02451 USA info@digitalguardian.com 781-788-8180 www.digitalguardian.com About Digital Guardian At Digital Guardian, we believe in data protection. We know that within your data are your company’s most valuable assets. The sum total of innovations, plans, and potential. We protect your company’s sensitive information in a way that minimizes risk without diminishing returns. For over 10 years, we’ve enabled data-rich organizations to prevent data loss at the endpoint. Our expert security team and proven Digital Guardian platform radically improve your defense against insider and outsider threats. Hundreds of customers across a wide range of industries rely on Digital Guardian to protect their critical information at the point of risk. Seven of the top ten IP holders and five of the top ten auto companies trust us with the integrity of their most valuable and vulnerable data. We take pride in knowing that, at this very moment, Digital Guardian agents are securing the sensitive data of the world’s most inventive, influential companies. Digital Guardian provides visibility, control and protection across Windows, Linux and MAC host systems, virtual environments, network, mobile and cloud. It is the only solution to address both insider and outsider threats with a single kernel level agent. Some of the world’s largest enterprises have deployed Digital Guardian, with large scale deployments in excess of 300,000 agents managed by a single server. Proven in Enterprise-Wide Deployments Digital Guardian – the only data-aware advanced threat solution with visibility from endpoint, server, and network agents – is a force multiplier. It works with other cyber defense products to provide organizations with a coordinated, multi- layered defense. Digital Guardian can consume data intelligence feeds from third party sources, as well as provide actionable threat intelligence to SIEM products, enriching the events aggregated from network devices and disparate logs. Digital Guardian also integrates real-time malware alerts from leading network security solutions such as FireEye and PaloAlto Networks to identify and contain zero-day attacks on endpoint systems.

Recommended

Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 
SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)James Neo
 
Improve Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness TrainingImprove Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness TrainingTriskele Labs
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthCareManagement
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 

Recommended

Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 
SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)James Neo
 
Improve Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness TrainingImprove Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness TrainingTriskele Labs
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthCareManagement
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
Data security
Data securityData security
Data securityAbdulBasit938
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Symantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global ResultsSymantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global ResultsSymantec
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposedNumaan Huq
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber securitySweta Kumari Barnwal
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
CCA study group
CCA study groupCCA study group
CCA study groupIIBA UK Chapter
 
Isaca june 19, 2010
Isaca june 19, 2010Isaca june 19, 2010
Isaca june 19, 2010Vicky Shah
 
Week 1&2 intro_ v2-upload
Week 1&2 intro_ v2-uploadWeek 1&2 intro_ v2-upload
Week 1&2 intro_ v2-uploadVinoth Sn
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)ITNet
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 

More Related Content

What's hot

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Symantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global ResultsSymantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global ResultsSymantec
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposedNumaan Huq
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
Isaca june 19, 2010
Isaca june 19, 2010Isaca june 19, 2010
Isaca june 19, 2010Vicky Shah
 
Week 1&2 intro_ v2-upload
Week 1&2 intro_ v2-uploadWeek 1&2 intro_ v2-upload
Week 1&2 intro_ v2-uploadVinoth Sn
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)ITNet
 

What's hot (20)

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Data security
Data securityData security
Data security
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
Symantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global ResultsSymantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global Results
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposed
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Isaca june 19, 2010
Isaca june 19, 2010Isaca june 19, 2010
Isaca june 19, 2010
 
Week 1&2 intro_ v2-upload
Week 1&2 intro_ v2-uploadWeek 1&2 intro_ v2-upload
Week 1&2 intro_ v2-upload
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
Cia security model
Cia security modelCia security model
Cia security model
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)
 

Similar to DG for Fed

How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxV2Infotech1
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Digital Guardian and CDM
Digital Guardian and CDMDigital Guardian and CDM
Digital Guardian and CDMGreg Cranley
 
Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Alexander Decker
 
Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Alexander Decker
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishRSIS International
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare ApplicationCitiusTech
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wpCMR WORLD TECH
 

Similar to DG for Fed (20)

Data Security
Data SecurityData Security
Data Security
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Digital Guardian and CDM
Digital Guardian and CDMDigital Guardian and CDM
Digital Guardian and CDM
 
Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...
 
Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or Perish
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
 
COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptx
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wp
 

DG for Fed

  • 1. White paper A Data-centric approach to federal government security
  • 2. www.digitalguardian.com WHITE PAPER / 1 Federal Agencies – The Ultimate Target of Cyber Criminals For many adversaries, government agencies are the ultimate target. Agencies possess top-secret information on weapons systems, government contracts, and other sensitive information. They also collect personal data on individuals inside and outside the agencies. In August 2014, a cyber attack was reported at USIS, a firm that performs background checks for U.S. government employees. The attack compromised data of at least 25,000 workers, including some undercover investigators. The stolen information included Social Security numbers, birth dates, education and criminal history, and names and addresses of relatives and friends tied to the workers. As seen in Figure 1, over 61,000 security incidents were reported by Federal agencies in 2013, and over 25,000 of those resulted in the loss of Personally Identifiable Information (PII). http://www.scmagazine.com/at-least-25k-govt-workers-impacted-by-usis-data-breach/article/367947/ Attackers continue to evolve their techniques to disrupt normal operations and steal confidential intellectual property. They are designing increasingly advanced tactics to infiltrate and maintain a presence on IT systems, waiting for an opportunity to collect and exfiltrate data. Understanding an Adversary’s Strategy Cyber criminals vary their tactics depending on the defenses of the targeted agency and its supply chain. Some attacks are direct, targeting an agency directly. Other times, they will attempt to undermine defenses at a contractor facility, knowing that the compromised device(s) will eventually provide access to the agency itself.
  • 3. www.digitalguardian.com WHITE PAPER / 2 Attack Software Introduction Command And Control Attack Software Expansion or Lateral Movement Attack Event (Exfiltration) Withdraw Planning the Attack The first step includes determining how the attack software will be introduced, the communication methods used while the attack is in progress, and how/where the data will be extracted. Social engineering is one of the most successful attack vectors because, even today, most people do not understand the risk of opening suspect emails or files or clicking on unverified links. A clever attacker can target users through social engineering attacks such as spear-phishing, where a user is tricked into opening an attachment containing malware. In sophisticated attacks, the malware needs to communicate with the attackers to send discovered information and receive additional software or tools required to continue their attack through lateral movement to other devices. Attackers assume the data they want will reside on multiple machines or be located on adjacent networks and systems. For a data-focused attack, this step usually consists of two parts. First, it will copy, obfuscate, and move the target data to an exfiltration point. Often the data will be stored in a password-protected archive or encrypted using proprietary encryption tools. Next, is the exfiltration of the compromised data via remote access tools or the network using FTP, SMTP, or other standard protocols, which help ensure the attacker remain stealth. After a data compromise is complete, the attacker will withdraw and leave attack software in place for future exploitation, or destroy it in an attempt to hide evidence of the attack. Multi-stage attacks are sophisticated, using unconventional methods and flexibility to adapt. Defending against these requires equally skillful counter-measures to identify threatening behavior by collecting and correlating attack intelligence. Stopping the attack at any stage is equally effective in preventing data breaches. A sophisticated attack typically includes a number of steps by the attacker, the first five of which must complete successfully to steal data: Digital Guardian: Data-Centric Security Digital Guardian’s data-centric approach to security is equally effective at protecting against insider threats, outsider threats, or attacks by advanced software. A data-centric approach focuses on three factors; data identification/ classification, data monitoring and data protection, to stop the attack at multiple steps. • Identify/classify sensitive data continuously – An organization cannot protect data if it does not know where that data is at all times. While many solutions can generate a point- in-time inventory of data through scanning and signatures, this information is largely invalid as soon as new data is created, or existing data is moved or modified. To protect data, an organization must consistently and continuously identify and classify data as it is created or modified.
  • 4. www.digitalguardian.com WHITE PAPER / 3 • Monitor sensitive data use continuously – Data changes constantly, as business applications, users, customers, and partners interact with it. It moves between internal applications, exists on laptops and mobile devices, or in email to users inside or outside the enterprise. This is particularly important when considering the attacker’s goal of stealing data, often by first copying, obfuscating, and moving the target data to an exfiltration point. • Protect sensitive data use contextually – Protecting data requires more than simply access control or encryption (though both are obviously important). To protect data while allowing full – legitimate – use, requires a contextual understanding of three factors: what actions may be taken with the data; by whom; and, under what circumstances. Privileged users need to configure devices, but prohibited from viewing specific files on those devices. The key to Digital Guardian’s effectiveness is its kernel-based agent, which provides complete visibility to all information and actions on each device. By understanding the sensitivity of each piece of data, organizations achieve greater control without affecting business processes. Digital Guardian supports automated content classification for over 300 file types and 90 languages, including structured and unstructured data types. Digital Guardian classifies data upon its discovery, access, creation, or revision, and a classification tag is appended securely to its host file or email. Classifications can be permanent or updated with changes to content. Three methods are available for classifying content: • Context-based Data Awareness - Contextual data awareness helps classify data by understanding information about the data file or email message. This includes the application used to create the file, who created/edited the file, the storage location/ repository or the email message sender, recipient, or subject. • Content Inspection – Direct inspection of the data object to identify confidential information allows organizations to apply the appropriate controls based on the content. Automated Data Classification Digital Guardian discovers, classifies, monitors and enforces security policies based on data content in over 300 data formats and 90 single and multi-byte languages, across physical or virtual servers, desktops, laptops, and email platforms. • User Classification - Digital Guardian’s User Classification complements automated data classification methods by allowing a user to classify data manually. Digital Guardian maintains classifications through data “tags” that persist with the data throughout its lifecycle, or until the classification no longer applies due to a change in the data. Tag inheritance allows classifications to follow the data. A derivative (“child”) file automatically inherits classification tags from the source (“parent”) file. Persistent and inheritable tagging maintains consistent identification, usage auditing, and policy enforcement among files of common content. This assures sensitive data remains visible to Digital Guardian, and controlled as it moves between files, allowing organizations to monitor, analyze, and manage its entire lifecycle with appropriate policies.
  • 5. www.digitalguardian.com WHITE PAPER / 4 Digital Guardian agents not only classify data, they also enforce usage policies on the endpoint, on or off the network. These agents do this with an understanding of three factors: • The data being acted on. • The action being taken. • The user or application taking the action. Policy Enforcement on The Endpoint - On and Off the Network This intelligence allows unimpeded authorized use of data while preventing people or attack software from misusing data. All actions (or attempted actions) are logged in an evidentiary quality audit file for analysis and alerting. Real Time Threat Detection When information security violations occur, it is essential to respond immediately. Regulations such as the Federal Information Security Management Act (FISMA), White House Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) PII Requirements, and the National Infrastructure Protection Plan (NIPP) require immediate response to information security breaches regardless of whether they involve classified information. Digital Guardian provides real-time threat detection: the ability to detect, in real time, patterns indicative of malicious software, system compromise and user behavior, via intelligent correlation rules. These simple to complex rules allow agencies to log, alert, and retain activity in order to develop alert sequencing; a combination and/or sequence of rules indicative of malicious behavior. Rules can trigger several actions while providing incident response teams with the information they need to address attacks: • Immediate alerting to the presence of an attack (via prompts). • Quarantine the machine from the network, without impacting communication to the Digital Guardian Management Console. • Initiate the collection of forensic artifacts required to support the forensic investigation, such as detailed process information and memory analysis detail. • Stop the attack in progress by killing a process. A military term that transfers effectively to cyber threat defense is “force multiplier.” In military terms, this is a capability that when added to a combat force, significantly increases the combat potential of that force and thus enhances the probability of a successful mission. In the Defending Data from Sophisticated Attacks advanced threat world, that force multiplier is an integrated platform that can detect, correlate, and create actionable intelligence, and then quickly and effectively act on that intelligence with prevention and containment controls.
  • 6. © 2014 Digital Guardian, Inc. All Rights Reserved. Digital Guardian, the Digital Guardian logo, are trademarks of Digital Guardian, Inc. All other logos are the property of their respective owners. The content of this document is subject to change without notice. CORPORATE HEADQUARTERS 860 Winter Street, Suite 3 Waltham, MA 02451 USA info@digitalguardian.com 781-788-8180 www.digitalguardian.com About Digital Guardian At Digital Guardian, we believe in data protection. We know that within your data are your company’s most valuable assets. The sum total of innovations, plans, and potential. We protect your company’s sensitive information in a way that minimizes risk without diminishing returns. For over 10 years, we’ve enabled data-rich organizations to prevent data loss at the endpoint. Our expert security team and proven Digital Guardian platform radically improve your defense against insider and outsider threats. Hundreds of customers across a wide range of industries rely on Digital Guardian to protect their critical information at the point of risk. Seven of the top ten IP holders and five of the top ten auto companies trust us with the integrity of their most valuable and vulnerable data. We take pride in knowing that, at this very moment, Digital Guardian agents are securing the sensitive data of the world’s most inventive, influential companies. Digital Guardian provides visibility, control and protection across Windows, Linux and MAC host systems, virtual environments, network, mobile and cloud. It is the only solution to address both insider and outsider threats with a single kernel level agent. Some of the world’s largest enterprises have deployed Digital Guardian, with large scale deployments in excess of 300,000 agents managed by a single server. Proven in Enterprise-Wide Deployments Digital Guardian – the only data-aware advanced threat solution with visibility from endpoint, server, and network agents – is a force multiplier. It works with other cyber defense products to provide organizations with a coordinated, multi- layered defense. Digital Guardian can consume data intelligence feeds from third party sources, as well as provide actionable threat intelligence to SIEM products, enriching the events aggregated from network devices and disparate logs. Digital Guardian also integrates real-time malware alerts from leading network security solutions such as FireEye and PaloAlto Networks to identify and contain zero-day attacks on endpoint systems.