Agility Amplified - Insider Perspectives on Technology Trends

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Subscribe
Article Options

Agility Amplified - Anatomy of a Data Breach, Symantec - Part Two

by AgilityAlliance on 03-09-2011 10:34 PM - last edited on 03-09-2011 10:34 PM

Anatomy of a Data Breach

Part Two - What to do About Data Breaches

Written by: Ms. Linda Park, Data Loss Prevention Group, Symantec

 

What does it all mean?

With the steady drumbeat of data breaches making headlines almost daily, it might seem reasonable to regard data breaches as an inevitable by-product of our connected world, a cost of doing business that we must simply learn to live with. A closer view of the facts, however, suggests that this is not necessarily the case. Three important truths must be recognized in order to gain control of the data breach situation.

 

First, breaches are preventable. In each of the breach scenarios discussed in the previous post, there were key points of intervention when countermeasures could have prevented the breach—and, in some cases, did so. Contrary to the impressions left by sensationalist news coverage, there is good cause for optimism.

 

Second, the only strategies with a chance of success are both risk-based and content-aware. Preventing data breaches is all about risk reduction. To reduce risk, you must know where your data is stored, where it is going, and how it is used. Only then will you be able to clearly identify problematic practices, prioritize data and groups for phased remediation, and begin to staunch the flow of proprietary data leaving your organization.

 

And, third, preventing data breaches requires multiple solutions that work together in concert to solve the problem. This means much more than defense-in-depth. It means that the solutions you deploy—whether to monitor information, protect endpoints, check technical and procedural controls, harden core systems, or provide real-time alerts—must be integrated to create a centralized view of information security so that you can make correlations and discover root causes quickly and decisively.

 

How to stop data breaches

To monitor their systems and protect information from both internal and external threats across every tier of the IT infrastructure, organizations should select solutions based on an operational security model that is risk-based, contentaware, responsive to threats in real time, and workflow-driven to automate data security processes. Here are six steps that any organization can take to significantly reduce the risk of a data breach using proven solutions:

 

Step 1. Stop incursion by targeted attacks. The top four means of hacker incursion into a company's network are by exploiting system vulnerabilities, default password violations, SQL injections, and targeted malware. To prevent incursions, it is necessary to shut down each of these avenues into the organization's information assets. Controls assessment automation, core systems protection, endpoint, web and messaging security solutions should be combined to stop targeted attacks. In addition, endpoints should be managed centrally to ensure consistent deployment of security policies, patches, encryption capabilities, and information access.

 

  • Implement web, messaging and endpoint security to monitor and block the inbound flow of targeted malware.
  •  Apply host-based intrusion detection and intrusion prevention systems on servers to safeguard host integrity in the event of SQL injection attack.
  • Automate polling of administrators to ensure that default passwords are deleted and ACLs updated.
  • Automatically scan technical controls-including password settings, firewall and server configurations- across networked servers and report on all policy violations.
  • Centrally deploy policy and manage endpoints to automate patch management and ensure the latest encryption, network access control and security settings are applied.

 

Step 2. Identify threats by correlating real-time alerts with global security intelligence.

To help identify and respond to the threat of a targeted attack, security information and event management systems can flag suspicious network activity for investigation. The value of such real-time alerts is much greater when the information they provide can be correlated with knowledge of actual known threats. Being able to tap into current research and analysis of the worldwide threat environment in real time gives security teams a tremendous advantage in combating external threats.

 

  • Leverage security intelligence services that daily monitor millions of email messages and systems worldwide to analyze internal event data and stay current on the evolving threat landscape.
  • Combine security information and event management systems to track network activity, collect incident data from all security systems, and match incident logs against a data feed from security intelligence services to identify known trouble sites and other external threats in real-time.

 

Step 3. Proactively protect information. In today's connected world, it is no longer enough to defend the perimeter. Now you must accurately identify and proactively protect your most sensitive information wherever it is stored, sent, or used. By enforcing unified data protection policies across servers, networks, and endpoints throughout the enterprise can you progressively reduce the risk of a data breach. Data loss prevention solutions can make this unified approach a reality.

 

  •   Implement content-aware define once, enforce everywhere policy management with incident remediation workflow, reporting, system management, and security.
  • Find sensitive information located on file servers, databases, email repositories, websites, laptops, and desktops, and protect it with automatic quarantine capabilities as well as support for policy-based encryption.
  •  Inspect all outbound network communications, such as email, IM, Web, FTP, P2P, and generic TCP, and enforce policies to prevent confidential information from leaving.
  • Proactively block confidential data from leaving the organization from endpoints via print, fax or removable media.

Step 4. Automate security through IT compliance controls. To prevent a breach organizations must start by developing and enforcing IT policies across their network and data protection systems. By assessing the effectiveness of the procedural and technical controls in place and automating regular checks on technical controls such as password settings, server and firewall configurations, and patch management, organizations can reduce the risk of a data breach. To sustain and improve their compliance posture organizations need to continuously assess how their infrastructure is set up to support IT compliance policies. Leveraging IT policy creation, policy deployment, IT compliance controls assessments, incident management and correlation tools will enable organizations to proactively identify and remediate deficiencies before breaches happen, and in the event of an attack identify and prioritize risks across the enterprise.

 

  • Define IT policies based on data security best practices and industry standards such as ISO 17799, COBIT, NIST SP800-53, Sarbanes-Oxley, PCI DSS, HIPAA, GLBA and others.
  • Align IT policies to key security and operations controls, both procedural and technical.
  • Automate the assessment of infrastructure and systems against existing IT compliance controls.
  • Measure and report on how well the organization is meeting IT compliance controls.
Prioritize remediation efforts based on measurement and reporting results, identify deficiencies and proactively update the infrastructure and security systems to demonstrate compliance and ensure maximum security.

Step 5. Prevent data exfiltration. In the event that a hacker incursion is successful, it is still possible to prevent a data breach by using network software to detect and block the exfiltration of confidential data. Insider breaches can likewise be identified and stopped. Data loss prevention and security event management solutions can combine to prevent data breaches during the outbound transmission phase.

 

  • Monitor and prevent data breaches via network transmission, whether by malware, well-meaning or malicious insiders.
  • Identify transmissions to known hacker sites and alert security teams to prevent the exfiltration of confidential data.

 

Step 6. Integrate prevention and response strategies into security operations. In order to prevent data breaches, it is essential to integrate a breach prevention and response plan into the day-to-day operations of the security team. Using technology to monitor and protect information, the security team should be able to continuously improve the plan and progressively reduce risk based on a constantly expanding knowledge of threats and vulnerabilities.

 

  • Integrate solutions for data loss prevention, system protection, compliance, and security management to create an operational model for security that is risk-based, content-aware, responsive to threats in real time, and workflow-driven to automate day-to-day processes and close gaps between people, policies, and technologies.
  • Leverage security services—including consulting, education, critical support, and global intelligence services—that provide organizations with deep security knowledge and broad security product expertise.

How to get started

The first step in creating a prevention and response plan is to identify the types of information you want to protect and where that information is exposed in your organization. Once you have identified your organizations priority information and determined your level of risk of data loss, the next step is to assess your network and understand what areas of the infrastructure are leaving you vulnerable to external attacks.

 

Armed with this information, you can create a comprehensive plan to mitigate internal and external risks to sensitive data and reduce or eliminate areas of exposure across your entire organization. By focusing on priority data loss and data exposure concerns, you can better ensure that collaboration and sharing by an increasingly mobile workforce remains safe and secure.
 

About the Writer:

LINDA PARK is a senior product marketing manager for Symantec’s Data Loss Prevention group.

We encourage you to share your comments on this post. Comments are moderated and will be reviewed and posted as promptly as possible during regular business hours.

To ensure your comment is published, please follow our community guidelines.

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 

Find HP in Social Media

Facebook Twitter YouTube SlideShare Flickr
About the Author
  • The Agility Alliance is the HP Enterprise Service's premiere partner program bringing together industry-leading technology providers to build and deliver end to end IT solutions. Members include Deloitte, KPMG, Microsoft, Oracle, PricewaterhouseCoopers, SAP and Symantec. Founded in 2004, this award-winning program is an innovative industry model for multisourcing delivery of IT and business process services. Our five-year history of collaboration has consistently delivered tangible value for clients worldwide. HP is the only technology services company with a partnership portfolio centered around integrated execution – “changing the game” via multilateral partnering. These partnerships ensure tested technology alignment and an ability to deploy solutions rapidly. Partner members include KPMG, Microsoft, Oracle, PricewaterhouseCoopers, SAP and Symantec.