数据丢失预防(DLP)

为什么数据丢失防护很重要? 

DLP is important for many reasons, not the least of which is the company’s bottom line. Stakeholders 和/or shareholders have a vested financial interest in not seeing critical company data stolen 和 either held for 赎金 (which will cost a lot of money) or forever affect the reputation of the business (resulting in erosion of customer trust 和 a lot of money lost over a very short period of time).

阻止攻击者破坏系统或网络说起来容易做起来难, 尤其是在这个时代 云安全 和操作. An effective DLP solution solves for two primary types of offenders: internal 和 external. 恶意行为者当然也是企业的雇员, 但通常情况下，当内部罪犯是数据泄露的来源时, 它不知不觉地发生在那个源的一部分.

这些天, pretty much everyone underst和s that sensitive information is transmitted through the cloud 和 back again many, 很多次. 这就是我们今天的生活方式. 通常, 虽然, 我们不了解数据是如何在组织中传输或以其他方式使用的.

另外, these organizations may be unaware of certain communication or workflow trends that could put an organization at unnecessary risk. 例如, a business’ finance department might engage in a workflow whereby they transmit incredibly sensitive data through public communication channels like email or instant messaging.

External offenders typically know exactly what they’re doing: trying to break through the defenses of your company’s security organization 和 steal sensitive data 和 – as previously mentioned – hold it for 赎金 或者把它卖给出价最高的人 黑暗的网络.

主要原因如下, it’s critical a DLP solution is able to detect when 和 where data is leaving 和 entering networks 和 help analysts prioritize protecting data that may be more sensitive than other data.

资料外泄的原因

Let's take a look at some of the top reasons data at rest or in transit might "leak" off of endpoints, 系统, 和网络，落入坏人之手. 

• 诚实的错误如前所述, 公司员工也可能是违规者, 不知不觉地以这样或那样的方式使数据易受攻击, 并最终让它泄露到攻击者手中. 这可能是成为一个不知情的受害者的结果 网络钓鱼 campaign, reusing passwords or using unsophisticated passwords, or granting internal 网络访问 供应链合作伙伴或外部供应商.
• 恶意软件/ 赎金ware攻击者本可以实施攻击 恶意软件 designed to exploit a network vulnerability months ago – 和 had the luxury of not being discovered. 在这个场景中, 他们有时间挑选他们想要泄露的数据, 并索要赎金. And keep in mind that it might not end there; increasingly attackers are dipping into double-extortion策略 因此，他们可以尝试为他们的努力提取尽可能多的钱.
• 维护旧数据不管是有意的还是无意的——如果不是的话, archived data should be stored as offline backups – maintaining data that has aged out of its usefulness can be a potential source of 数据泄漏 和 a bigtime vulnerability. 即使数据对安全组织或公司不再有用, 这对坏人来说还是很有用的. 如果攻击者设法获得对端点的访问权限, 系统, 或网络, archived data – such as old credentials or past emails containing sensitive information – could be exactly what they need to carry out an attack.
• 云配置错误这也可以归因于人为错误, 但如果关键操作是, 好吧, 在配置错误的云基础设施上运行——因此本质上是有缺陷的, then that data is exposed 和 therefore potentially “leaking” into multiple places like the public-facing internet or third-party servers.

数据丢失预防解决方案的好处是什么? 

The benefits of a DLP solution are clear 和 add up to the ability to better secure data from inadvertent exposure 和 theft. 让我们来分析一些关键的好处，以及它们是如何具体影响网络的. 

增加可见性 

The ability to monit或网络 endpoint devices 和 analyze traffic 和 interactions for suspicious activity will accelerate visibility of an overall environment 和 improve security posture. Monitoring a network for data loss can also help to eliminate previously unseen blindspots – internally 和 among devices connecting to a network – that were just waiting to be exploited.

使用IAM解决方案加固网络

身份和访问管理(IAM) 对于DLP解决方案至关重要 网络安全 在一般情况下. IAM helps to ensure the right people are accessing the right endpoints 或网络 系统. 通过在关键系统和端点上建立IAM策略, 网络边界变得更难攻破, 这反过来又能帮助企业保持下去 合规 具有内部和外部监管标准.

提高数据的组织和分类标准

数据分类应该尽可能简单和直接. 让我们来看一个分层结构的例子: 

• 1级这是供公众使用的数据，可以自由披露. 
• 2级这是内部数据，不对外披露. 
• 3级: This is sensitive internal data that – if disclosed – could affect the company in a negative way.
• 4级:这是高度敏感的公司、员工和客户数据. 

基于这种分类, 很明显，在错误的级别存储错误的数据, 或分类, 可能有潜在的灾难性影响. If there is a situation where data of different classification levels must reside on the same server, intermixed data should be labeled 和 classified using the highest classification rating 和 thus protected accordingly. 自动化这个过程也将有助于确保它的效率和速度.

数据丢失预防最佳实践

Implementing best practices for a DLP solution will help to calibrate it to a specific environment. 根据ISACA, there are many best practices that will help to ensure a DLP strategy is deployed successfully: 

人

• 不要让敏感数据无人看管. 
• 不允许将敏感数据复制到可移动媒体上. 
• 提供对敏感信息的仅视图访问. 

管理

• 实现数据管理生命周期来组织数据并管理存储和使用. 
• 定期更新数据风险概况，以了解新的威胁. 
• 标准化端点，使部署更易于管理. 

部署 

• 在优先级波中部署DLP以实现快速获胜. 
• 从处理误报的最小基数开始, 帮助识别关键或敏感数据, 微调民主劳动党政策. 
• 在进行全面测试之前，先在一个小的、可控的单元中进行测试.

IT-restrictive控制 

• 不允许未经授权的设备进入网络. 
• 包含个人身份信息(PII)的块文件. 
• Perform DLP discovery scanning at a desired frequency (or on dem和) to audit 和 maintain awareness of the security status. 

产品选择

• 检查DLP产品，看它是否支持企业的数据格式.
• 扫描数据存储的敏感信息，如有必要，采取补救措施.
• Use the DLP tool to automatically find unencrypted sensitive data, encrypt the information (数据加密), 和 remove the information or perform another remediation according to the enterprise's policies.