Data Loss Prevention and Mobile Endpoint Protection

What is Data Security and Protection?

Protecting the:

• Confidentiality

• Integrity

• Availability

  Of Data:

• In transit

• At rest

  • Databases
  • Unstructured Data (files)
  • On endpoints

What are we protecting against?

Deliberate attack:

• Hackers

• Denial of Service

  Inadvertent attacks:

• Operator error

• Natural disaster

• Component failure

Data Security Top Challenges

• Explosive data growth
• New privacy regulations (GDPR, Brazil’s LGPD etc.)
• Operational complexity
• Cybersecurity skills shortage

Data Security Common Pitfalls

Five epic fails in Data Security:

• Failure to move beyond compliance
• Failure to recognize the need for centralized data security
• Failure to define who owns the responsibility for the data itself
• Failure to address known vulnerabilities
• Failure to prioritize and leverage data activity monitoring

Industry Specific Data Security Challenges

Healthcare

• Process and store combination of personal health information and payment card data.
• Subject to strict data privacy regulations such as HIPAA.
• May also be subject to financial standards and regulations.
• Highest cost per breach record.
• Data security critical for both business and regulatory compliance.

Transportation

• Critical part of national infrastructure
• Combines financially sensitive information and personal identification
• Relies on distributed IT infrastructure and third party vendors

Financial industries and insurance

• Most targeted industry: 19% of cyberattacks in 2018
• Strong financial motivation for both external and internal attacks
• Numerous industry-specific regulations require complex compliance measures

Retail

• Among the most highly targeted groups for data breaches
• Large number of access points in retail data lifecycle
• Customers and associates access and share sensitive data in physical outlets, online, mobile applications

Capabilities of Data Protection

The Top 12 critical data protection capabilities:

1. Data Discovery

• Where sensitive data resides
• Cross-silo, centralized efforts

2. Data Classification

• Parse discovered data sources to determine the kind of data

3. Vulnerability Assessment

• Determine areas of weakness
• Iterative process

4. Data Risk analysis

• Identify data sources with the greatest risk exposure or audit failure and help prioritize where to focus first
• Build on classification and vulnerability assessment

5. Data and file activity monitoring

• Capture and record real-time data access activity
• Centralized policies
• Resource intensive

6. Real-time Alerting
7. Blocking Masking, and Quarantining

• Obscure data and/or blocking further action by risky users when activities deviate from regular baseline or pre-defined policies
• Provide only level of access to data necessary

8. Active Analytics

• Capture insight into key threats such as, SQL injections, malicious stored procedures, DoS, Data leakage, Account takeover, data tampering, schema tampering etc
• Develop recommendations for actions to reduce risk

9. Encryption
10. Tokenization

• A special type of format-preserving encryption that substitutes sensitive data with a token, which can be mapped to the original value

11. Key Management

• Securely distribute keys across complex encryption landscape
• Centralize key management
• Enable organized, secure key management that keeps data private and compliant

12. Automated Compliance Report

• Pre-built capabilities mapped to specific regulations such as GDPR, HIPAA, PCI-DSS, CCPA and so on
• Includes:
  • Audit workflows to streamline approval processes
  • Out-of-the-box reports
  • Pre-built classification patterns for regulated data
  • Tamper-proof audit repository

Data Protection – Industry Example

Guardium support the data protection journey

Guardium – Data Security and Privacy

• Protect all data against unauthorized access
• Enable organizations to comply with government regulations and industry standards

Mobile Endpoint Protection

iOS

• Developed by Apple

• Launched in 2007

• ~13% of devices (based on usage)

• ~60% of tablets worldwide run iOS/iPadOS

• MDM capabilities available since iOS 6

  Android

• Android Inc. was a small team working on an alternative to Symbian and Windows Mobile OS.

• Purchased by Google in 2005 – the Linux kernel became the base of the Android OS. Now developed primarily by Google and a consortium known as Open Handset Alliance.

• First public release in 2008

• ~86% of smartphones and ~39% of tablets run some form of Android.

• MDM capabilities since Android 2.2.

How do mobile endpoints differ from traditional endpoints?

• Users don’t interface directly with the OS.
• A series of applications act as a broker between the user and the OS.
• OS stability can be easily monitored, and any anomalies reported that present risk.
• Antivirus software can “see” the apps that are installed on a device, and reach certain signatures, but can not peek inside at their contents.

Primary Threats To Mobile Endpoints

System based:

• Jailbreaking and Rooting exploit vulnerabilities to provide root access to the system.

• Systems that were previously read-only can be altered in malicious ways.

• One primary function is to gain access to apps that are not approved or booting.

• Vulnerabilities and exploits in the core code can open devices to remote attacks that provide root access.

  App based threats:

• Phishing scams – via SMS or email

• Malicious code

• Apps may request access to hardware features irrelevant to their functionality

• Web content in mobile browsers, especially those that prompt for app installations, can be the root cause of many attacks

  External:

• Network based attacks

• Tethering devices to external media can be exploited for vulnerabilities

• Social engineering to unauthorized access to the device

Protection mobile assets

• MDM: Control the content allowed on the devices, restrict access to potentially dangerous features.
• App security: Report on the health and reliability of applications, oftentimes before they even make it on the devices.
• User Training

Day-to-day operations

While it may seem like a lot to monitor hundreds, thousands, or hundreds of thousands of devices daily, much of the information can be digested by automated systems and action taken without much admin interactions.