Blog Posts Tagged with "DLP"
DLP and Business Needs
April 16, 2013 Added by:Scott Thomas
Most non-IT people know about DLP only when the IT organization contacts them to let them know they did something they shouldn't have. For those of us that have to deal with the policies, the alerts, and sending those notices, it can be more complicated.
Comments (0)
DEUCE: Bypassing DLP with Cookies
July 19, 2012 Added by:f8lerror
DEUCE went from simple concept to a multi-encoding and encryption DLP bypass tool. The program simply takes an input file and creates a cookie for each line. DEUCE has the ability to encrypt via AES, hash with MD5 or use a custom multi-encode with a 3 times replacement cipher...
Comments (0)
LinkedIn Breach Part II: What You Need to Prepare for Next
June 09, 2012 Added by:Jason Clark
The LinkedIn breach made headlines, but I want to go deeper and provide practical advice for organizations on how they can anticipate DLP consequences and tighten network security. You need a strategy to protect against attack scenarios. Here’s a seven-step check list for mitigating your risk...
Comments (4)
Infosec Subjectivity: No Black and White
June 04, 2012 Added by:Dave Shackleford
Overall, here’s the rub: There are almost no security absolutes. Aside from some obvious things like bad coding techniques, the use of WEP, hiring Ligatt Security to protect you, etc... Everything else is in information security the gray area...
Comments (1)
Beyond the Firewall – Data Loss Prevention
April 05, 2012 Added by:Danny Lieberman
It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, you’ve mitigated the threat. This paper reviews the taxonomies of advanced content flow monitoring that is used to audit activity and protect data inside the network...
Comments (0)
The Security Impact of Putting it in the Cloud
February 19, 2012 Added by:Robb Reck
nd. Information security must not be the roadblock that prevents the adoption of such technology. By thinking ahead about the kinds of risks that outsourcing our systems will involve, we can be ready to quickly and securely lead our organization into the cloud...
Comments (3)
Data at Rest: Dormant But Dangerous
February 10, 2012 Added by:Simon Heron
Data is considered to be either ‘at rest’, ‘in transit’ or ‘in use.’ When putting security measures in place, it is important to consider all three states and address risks associated with each. This article examines data at rest and proposes strategies to minimize dangers...
Comments (0)
Four Keys for Intellectual Property Protection
February 07, 2012 Added by:Jason Clark
Intellectual property includes product designs, secret formulas, and other trade knowledge. It's what organized cybercrime, state governments and hackers are all going after. Why? Mostly because of the value. One stolen manufacturing process can be worth millions...
Comments (1)
Data Loss Prevention Step 6: Encrypting Data at Rest
February 06, 2012 Added by:Rafal Los
Even if you did know where all your critical information is, you'd probably be powerless to control its sprawl. Let's face it, systems consume data and then become mobile - which is hardly something you can do anything about in a world where mobility is a key business driver...
Comments (2)
Email Intrusions Facilitate Wire Transfers Overseas
January 30, 2012 Added by:Headlines
The FBI has observed a trend in which cyber criminals are compromising the e-mail accounts of U.S. individuals and businesses and using variations of the legitimate e-mail addresses associated with the victim accounts to request and authorize overseas transactions...
Comments (0)
Data Loss Prevention Step 5: Disable Access to Cloud Storage Services
January 16, 2012 Added by:Rafal Los
This is part 5 in a series, and it's about pulling your data away from the clutches of the cloud. It's not all as crazy as that sounds though, because the cloud has real benefits, but it has to be approached with sanity rather than as the ostrich approaches the sandstorm...
Comments (0)
Data Loss Prevention Step 4: Prevent Network Cross-Connect
January 11, 2012 Added by:Rafal Los
Preventing network cross-connect used to be simple as making sure your VPN client wasn't able to perform split-tunneling so malware couldn't bounce to your corporate office. If your corporate office is virtual all that stopped mattering...
Comments (0)
Data Loss Prevention - Step 3: Engage Physical Security
December 20, 2011 Added by:Rafal Los
While often missed, this component of security is one of the most critical when it comes to understanding, and fighting the loss of data in your organization in a very real, tangible way. There are three types of threats you want to be aware of from the physical perspective...
Comments (0)
Data Loss Prevention: Step 2 - Manage Privileges
December 13, 2011 Added by:Rafal Los
Getting back to basics is critical, and one of the most basic of basics is managing the rights to your data, your systems, and your critical operations. Let's take a critical, step-by-step look at how managing privileges can greatly decrease your likelihood of leaking data...
Comments (0)
Data Loss Prevention - Step 1: Know What's Important
December 12, 2011 Added by:Rafal Los
It's important to understand what your company does and then figure out what the critical bits are. Sometimes it's your customer lists, or a secret ultra-high efficiency engine design, or the next big thing in stealth bombers. The point is that you simply need to know your business...
Comments (0)
Data Loss Prevention - Without the New Blinky Boxes
December 08, 2011 Added by:Rafal Los
The glut of blinking lights and devices that require time and effort to manage has gotten out of control... or so I'm being told. I've not manged a security team in 4 years now, but even back then the glut of boxes, products and solutions was becoming too much to bear. I can only imagine it now...
Comments (1)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)