How Do You Detect Information Leakage?

Information leakage or data exfiltration can occur in your company in many ways. Consider these two scenarios:

  1. An employee accidentally or intentionally sends a spreadsheet containing confidential information via email to an unauthorised person
  2. An employee accesses a confidential system across the network for the purpose of copying intellectual property to another system for exfiltration via other means

So how could you detect these two scenarios?

In the first scenario, Data Leak Prevention (DLP) products can be used, which can be either agent-based or network-based. The agents will provide different levels of sophistication, either looking for certain activity, documents that have certain attributes or permission on who can access and distribute data. An adequately deployed DLP technology could detect and prevent the accidental or intentional attempt to leak information.

The second scenario could be more difficult to detect. The use of DLP and deep packet inspection technology may be able to detect and prevent this type of information leakage but there is a strong possibility it will not. One reason is that it may be the action of an attacker that has already compromised your network and is now trying to leak information. Most network-based DLP solutions will not be able to inspect any form of encrypted traffic, making the technology irrelevant. To detect and prevent this type of activity more reliably will require a multifaceted approach, which may include technologies such as packet and session reconstruction, intelligence data feeds (such as Command and Control servers and known malware), traffic anomaly detection and statistical baseline of network traffic. To provide this type of in-depth analysis and investigative capabilities requires collecting data from different sources and feeding it into an analytics platform that can take in the different intelligence feeds, typically a security information and event management platform (SIEM).

There is no silver bullet when it comes to detecting information leakage. Instead, companies need a platform capable of handling the vast amount of data with real-time statistical and correlation capabilities to detect potential exfiltration.

 

Authors

Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone

Try AccelOps FREE for 30 Days

 

Get a Live Product Demo

 

Tags

cloud security big data RSA analytics compliance Q&A PCI DSS HIPAA Sarbanes Oxley (SOX) Target breach

About Accelops

AccelOps provides the leading IT operations analytics platform for the modern data center. The virtual appliance software monitors security, performance and compliance in cloud and virtualized infrastructures – all from a single screen.

 

AccelOps automatically discovers, analyzes and automates IT issues in machine and big data across organizations’ data centers and cloud resources, spanning servers, storage, networks, security, applications and users. AccelOps’ patented analytics engine with cross-correlation and statistical anomaly detection sends real-time alerts when deviations occur that indicate a security or performance-impacting event.

 

The AccelOps platform scales seamlessly and provides unmatched delivery of proactive security and operational intelligence, allowing organizations to be more responsive and competitive as they expand their IT capabilities. 

Keep Social

twitter facebook linkedin