Data Leak Prevention as a mechanism to safeguard critical information

Data Leak Prevention

Data volume has been growing exponentially, dramatically increasing opportunities for theft and accidental disclosure of sensitive information. By 2020 the digital universe — the data we create and copy annually — will reach 44 zettabytes, or 44 trillion gigabytes. This reality, along with increases in the portability of data, employee mobility and penalties for failing to comply with strict data protection regulations such as the EU GDPR and New York Cybersecurity Requirements raise the question: “What more can organizations do to protect themselves and their stakeholders?” An integral part of the answer is data loss prevention (DLP).

Numerous examples of accidental and deliberate data leakage continue to make headlines and data leak prevention (DLP) technologies are being touted as a panacea. Unfortunately, given the scope, size, and distributed nature of most enterprise datasets, just discovering where the data is and who owns it is a challenge. For most organizations, controlling the applications most often used to leak sensitive data and stopping unauthorized transmission of files, credit card and social security numbers and their ilk would be acceptable. Many organizations would like to monitor the files uploaded by their employee and then have control to block such uploads. Exerting that control at trust boundaries is ideal – whether the demarcation point is between inside and outside, the firewall sits on the perfect spot, seeing all traffic.

DLP identifies, monitors and protects the data in motion on your network through deep content inspection and a contextual security analysis of transactions, DLP systems act as enforcers of data security policies. They provide a centralized management framework designed to detect and prevent the unauthorized use and transmission of your confidential information. DLP protects against mistakes that lead to data leaks and intentional misuse by insiders, as well as external attacks on your information infrastructure.

The loss of sensitive data and other forms of enterprise information can lead to significant financial losses and reputational damage. While companies are now well-aware of these dangers and data protection has become a hot topic, many organizations aren’t very familiar with content-aware technologies, and don’t fully understand the business case for DLP initiatives. GajShield gives you 10 concrete reasons on why DLP is extremely important for your Business -

Your company has a plan for protecting data from external intruders, but no protection against theft and accidental disclosure of sensitive information by employees and partners.
Since not all data loss is the result of external, malicious attacks. The inadvertent disclosure or mishandling of confidential data by internal employees is a significant factor. DLP can detect files that contains confidential information and prevent them from leaving via the network.

You are concerned about the liability, negative exposure, fines and lost revenue associated with data breaches.
Data breaches have been making headlines with alarming frequency. They can wreak havoc on an organization’s bottom line through fines, bad publicity, loss of strategic customers and legal action. Verizon's 2016 Data Breach Investigations Report found that in 93 percent of cases where data was stolen, systems were compromised in minutes or less. Organizations, meanwhile, took weeks or more to discover that a breach had even occurred — and it was typically customers or law enforcement that sounded the alarm, not their own security measures.

You are concerned about your next audit and want to maintain compliance with complex regulations.
More than 60 countries have enacted data protection laws that require organizations in both the public and private sectors to safeguard sensitive information. Technology controls are becoming necessary to achieve compliance in certain areas. DLP provides these controls, as well as policy templates and maps that address specific requirements, automate compliance, and enable the collection and reporting of metrics.

You need to protect proprietary information against security threats caused by enhanced employee mobility and new communication channels.
Many employees are turning to social networking, IMs and other Web 2.0 applications to keep up with consumer trends. DLP helps to prevent the accidental exposure of confidential information across these unsecure lines of communication while at the same time keeping them open for appropriate uses. With the proliferation of mobile devices and employees working remotely, corporate data increasingly resides both in and outside of the organization. Wherever data is in transit, DLP can monitor it and significantly reduce the risk of data loss.

You would like to monitor your organization for inappropriate employee conduct and maintain forensic data of security events as evidence.
Insiders represent a significant risk to data security. An employee who emails a work-related document to his personal account in order to work over the weekend may have good intentions. However, he/ she poses a tremendous threat to the organization when there is confidential data involved. DLP technology offers 360-degree monitoring that includes email (both corporate accounts and webmail), instant messages and software applications used. It also allows you to capture and archive evidence of incidents for forensic analysis. For example, by setting up simple policies, we can block a certain keywords. If in an organization, keywords like “tenders”, “Quotation” are blocked, then users won’t be allowed to send mails or documents and attachments consisting of these words.

• You are uncertain of your organization’s level of protection for confidential data in cloud applications and storage.
Large amounts of data have been moved to applications in the cloud. Protecting sensitive information in virtual and cloud models is critical. Cloud Applications or SaaS carries a unique challenge to an organisation. These applications are often managed by different corporate staff. Lack of control over these applications can prove fatal. As cloud models evolve, business units must master a succession of new processes and products. Focus and attention need to now shift to practices in cloud control which will help an organisation to achieve security even on applications which are not under their control. Data Leak Prevention and Cloud Security Broker Architecture (CASB) provide a significant tool allowing organisations to control and secure SaaS applications.

• You would like to gain a competitive advantage, in both brand value and reputation.
When organizations fail to take the necessary steps to identify sensitive data and protect it from loss or misuse, they are risking their ability to compete. Whether it’s a targeted attack or an inadvertent mistake, confidential data loss can diminish a company’s brand, reduce shareholder value, and irreparably damage the company’s reputation. DLP facilitates the protection of valuable trade secrets and other vital intelligence, and helps to prevent the negative publicity and loss of customers that inevitably follow data breaches Now that we know how imperative DLP is for organizations, let us get an insight into the best in class GajShield’s Firewall with DLP along with a host of features that it offers. GajShield's firewall belongs to the next generation firewalls which brings Context-Sense into the content flowing over the applications. Context-Sense firewalls are able to identify the sensitivity of data based on the content of the information flowing. Current firewalls are unable to identify the context of information and therefore unable to validate the criticality of information. GajShield's Application-Sense, User-Sense, Context-Sense, Network-Sense and Time-Sense offers immediate relief to the most common data leakage problems thereby allowing the enterprises to complete their large scale DLP projects at leisure. Data leak prevention (DLP) technology has captured the attention of many IT organizations, with a promise to help organizations manage their confidential data. However, questions of access control, reporting, data classification, data at-rest vs. data in-transit, data ownership, desktop agents, server agents, and encryption have slowed DLP projects to a crawl in many organizations.

Unfortunately, the legacy security infrastructure at most enterprise perimeters is poorly equipped to offer this functionality. Most firewalls sit in a great position to help – they delimit the trust boundary, they see all traffic, and they exert policy control (i.e., they can block traffic). But legacy firewalls don’t understand content, don’t understand applications and context, can’t see inside SSL encrypted traffic and have no understanding of users. In fact, if it isn’t source or destination IP address, source or destination port, or network protocol, firewalls don’t understand it at all. Other firewall “helpers” (e.g., intrusion prevention systems, web proxies, URL filtering devices) only see a portion of the traffic, don’t sit in-line, and/or have limited application and content understanding.

Examining most of the recent incidents, the first thing enterprises need to do is get control over which applications are running on the network. Every organization has a different view of desirable and undesirable applications. Each enterprise needs to look at applications from both benefit and risk perspectives. On the benefit side, an application might help an employee do their job better, faster, or cheaper, or improve customer relations, or make the workplace more pleasant. On the risk side, applications may harbor vulnerabilities, carry malware, be prone to misuse, or transfer files. In some cases, organizations want to enable social networking applications for cultural reasons, or for business reasons or block them for security reasons. Either way, the first thing to do with regard to stopping confidential data leakage is to identify which applications are moving across the network regardless of whatever evasive tactic the application employs and to block undesirable applications. (Thus limiting the avenues through which confidential data can flow) In order to implement this control effectively, the device needs to “see” all the traffic. The secondly, it should be able to scan desirable applications for confidential data leakage. Once an organization has settled on the applications it wants on its network, the next step is to scan applications for confidential data leakage – including SSL-encrypted application traffic and compressed content. Besides this, any applications that use proprietary encryption (eg: Skype) should be very closely evaluated, because if allowed, they cannot be scanned. More specifically, the scanning capability should be simple to enact in policy and adjustable in sensitivity to allow normal appropriate transactions without triggering response but still able to detect abnormalities. Thirdly, we need to know users, not just IP addresses. It is important to bring users into the picture. Understanding which users are using which applications and which are engaged in moving particular classes of content has two benefits – actionable visibility and refined policy. The most efficient way to do this is to tie into the enterprise directory. (Identities and groups are already there) Often, when an organization realizes that they’ve had a leak, the first thing they ask is, “who leaked it?” Having the ability to understand users – not just IP addresses – gives the granularity that these enterprises need to guide specific users about policy to take more serious action if warranted. This empowers enterprises to further distinguish and contain the risk. Finally – bring context to information flow.

Next generation firewalls, like GajShield, would understand this context and help in creating policies to either allow or block them. With its unified approach to User-Sense, Application-Sense, Content-Sense, Network-Sense and Time-Sense, it becomes easy to identify the context and hence the criticality. If IT staffs know the application, the users, the content and the context, (i.e., whether or not the traffic contains confidential information) they can act – block or alert quickly and archive appropriately without sifting through dozens of log files. GajShield includes DLP Functionality in its firewall itself.

GajShield offers enterprises a unique approach – visibility and control over applications, the ability to scan application content, and build a context and control of users and groups. GajShield's appliances incorporate 6 key senses- Application-Sense, Content-Sense, User-Sense, Time-Sense, Network-Sense and more importantly Context-Sense give organizations business-relevant control over applications. Application-Sense classifies applications. Application-Sense technology identifies applications regardless of port, protocol, encryption, or evasive tactic. It gives enterprises visibility and policy control over actual applications, not just ports. Content-Sense Identifies Content – Including Confidential Content. Content-Sense technology incorporates 3 key content security elements – confidential data (DLP functionality), threat prevention and a URL filtering capability. The data filtering feature in GajShield firewalls makes implementing DLP functionality simpler. Adding a policy object that scans application traffic is a matter of assigning the data filtering profile to the policy, determining what sort of data to scan for. Enterprises can also use the regular expression capability built into the data filtering feature to create custom patterns. More importantly, Content-Sense keeps track of all uploaded data and archives it. This gives the enterprise, an insight of what is being uploaded even for content where no policy has been set. User-Sense integrates with Enterprise Directories. User-Sense technology integrates GajShield's Next Generation firewall with enterprise’s Active Directory implementations meaning that the single policy engine governing application and content security also has the ability to refine that policy with the user and group definitions already used in the enterprise. Time-Sense – identifies the time when any information is sent. Some information may have time sensitivity. For example, you may not want your audited reports to be published or sent before it is publically announced. Network-Sense – Organization would not want that critical data travel through public networks. For example, when a mobile device is uploading data within the network would need to go through multiple checks of malware detection than data coming from within private networks.

GajShield’s Next Generation Firewall Context based Data Leak Prevention enables to control and mitigate leak of information:
GajShield’s context based Data Leak Prevention system understand web application by creating context which helps an enterprise to setup policies based on the web application instead of IPs, Usernames which have no relevance to the above application.
For Example
• You can create policies based on the ‘From’, ‘To’, ‘Subject’, ‘Email Data’, ‘Attachments’ of email applications.
• Reduces false positives with greater control over data leaks.
• Provides better data leak prevention than simple regex matching.

Limit access to Internet Web Applications
Enterprise need access to Social Media applications like Facebook to grow their business as it provides a wonderful marketing tool to reach out to its existing or future customers. Providing access to Facebook can also lead to leaking information, intentionally or un-intentionally. Similarly, access to applications like Twitter, Gmail, Yahoo Mail is also required in this connected world.

With the help of GajShield Data Leak Prevention System along with its CASB (Cloud Access Security Broker) module, you can now setup policies to limit the access of these applications based on authorised users of these application who have been given access by your organization. For example, you can restrict your corporate yahoo id to login to yahoo. All other ids will be blocked. Personal usage, even if the user is allowed to access yahoo, will be blocked. Similar policies can be setup even on Social Media sites.

GajShield Firewall's Data Leak Prevention allows enterprise user to access to rich Web application without compromising security.

GajShield Firewall's Data Leak Prevention and CASB features:

• Giving visibility on the applications used and not just the ports or protocols.
• Monitor and block files being uploaded on the internet with details of the application used and the user who used to upload this file.
• Monitor IM & Web chats and block content, if data leak is suspected.
• Policies can be set based on users, groups. Also based on the application context.
• Schedule DLP policies, for example, you may want to allow certain files after a particular time when this information becomes public.
• Get detailed information of outbound data going on internet.
• In-depth reporting of data moving out of network.
• No agent installation required for DLP on PC’s.
• Easy to manage & monitor logs.
• Complete visibility of data going through encrypted HTTPS traffic.
• Generic web traffic can also be blocked, allowed & logged.
• Powerful DLP Engine sense data on filters set in DLP polices for a granular analysis.
• DLP & UTM on a single appliance, which makes it cost effective.
• Identifies Who is accessing Which application and What content is being sent out.
• Monitor & Block unwanted applications like P2P, Open proxies – to reduce the chance of information leak.
• Easy to configure and integrated into single firewall policy window.
• Standard data leak templates provided to quick setup your DLP feature on GajShield firewall.

To summarize it all, GajShield’s DLP also incorporates key features likes setting policies to monitor/block data leaks via Email, File upload and chat, Context based detection and prevention of data leaks, monitoring and management of protocols of SaaS applications like Google, office 365, Yahoo, Rediff, Facebook, etc., split proofing, scan for data leaks, user based policy control, control over HTTP, HTTPS, SMTP, IMs, in-depth reporting of data moving out of network with real time alerts and monitoring, protection of company sensitive information like sales data, pricing information or intellectual property, increased regulatory compliance- HIPAA, GLBA, PCI or SOX and also provides global visibility through comprehensive and flexible reporting.