CIS Top 20 #13 Data Protection. Lisa Niles: CISSP, Director of Solutions Integration

Similar documents
CIS Top 20 #12 Boundary Defense. Lisa Niles: CISSP, Director of Solutions Integration

CIS Top 20 #10 Data Recovery Capability. Lisa Niles: CISSP, Director of Solutions Integration

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

CIS Controls Measures and Metrics for Version 7

CIS Controls Measures and Metrics for Version 7

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Security+ SY0-501 Study Guide Table of Contents

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Best Practices in Securing a Multicloud World

SMARTCRYPT CONTENTS POLICY MANAGEMENT DISCOVERY CLASSIFICATION DATA PROTECTION REPORTING COMPANIES USE SMARTCRYPT TO. Where does Smartcrypt Work?

Aligning with the Critical Security Controls to Achieve Quick Security Wins

SYMANTEC DATA CENTER SECURITY

QUALYS SECURITY CONFERENCE Qualys CertView. Managing Digital Certificates. Jimmy Graham Senior Director, Product Management, Qualys, Inc.

NEN The Education Network

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Office 365 Buyers Guide: Best Practices for Securing Office 365

Tips for Passing an Audit or Assessment

CompTIA CAS-002. CompTIA Advanced Security Practitioner (CASP) Download Full Version :

Security Assessment Checklist

K12 Cybersecurity Roadmap

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:

McAfee MVISION Cloud. Data Security for the Cloud Era

Indicate whether the statement is true or false.

Exposing The Misuse of The Foundation of Online Security

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

The Challenge of Cloud Security

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Accessing your Check Point VPN

CIS Top 20 #5. Controlled Use of Administrative Privileges

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

Post-Class Quiz: Access Control Domain

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

ForeScout Extended Module for VMware AirWatch MDM

McAfee Total Protection for Data Loss Prevention

WORKPLACE Data Leak Prevention: Keeping your sensitive out of the public domain. Frans Oudendorp Ronny de Jong

Mission Defense via Information-Centric Security

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

McAfee Cloud Workload Security Product Guide

: Administration of Symantec Endpoint Protection 14 Exam

CSC - DRAFT - VER6c FOR PUBLIC COMMENT ONLY

Tech TV Series. Lisa Niles CISSP, Chief Solution Architect

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Changing face of endpoint security

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

EXAM - CAS-002. CompTIA Advanced Security Practitioner (CASP) Exam. Buy Full Product.

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Securing Your Most Sensitive Data

Cisco ASA 5500-X NGFW

ForeScout Extended Module for MaaS360

ForeScout Extended Module for Carbon Black

Countermeasures and Best Practices Track 1: Large Business Sophisticated IT Security Program

Comprehensive Database Security

MD-100: Modern Desktop Administrator Part 1

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Endpoint Security for DeltaV Systems

IBM services and technology solutions for supporting GDPR program

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

CipherCloud CASB+ Connector for ServiceNow

Title: Planning AWS Platform Security Assessment?

NGFW Security Management Center

T22 - Industrial Control System Security

NGFW Security Management Center

Forescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9

Don t Be the Next Data Loss Story

CompTIA Cybersecurity Analyst+

Ceedo Client Family Products Security

IC32E - Pre-Instructional Survey

Datacenter Security: Protection Beyond OS LifeCycle

Automating the Top 20 CIS Critical Security Controls

SoftLayer Security and Compliance:

One Hospital s Cybersecurity Journey

Microsoft Certified System Engineer

UNIVERSITY OF WISCONSIN MADISON POLICY AND PROCEDURE

Teradata and Protegrity High-Value Protection for High-Value Data

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Administering Windows Server 2012

NGFW Security Management Center

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

White Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.

locuz.com SOC Services

A Security Admin's Survival Guide to the GDPR.

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

How AlienVault ICS SIEM Supports Compliance with CFATS

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

MCSA Windows Server 2012

Paperspace. Security Primer & Architecture Overview. Business Whitepaper. 20 Jay St. Suite 312 Brooklyn, NY 11201

Transcription:

CIS Top 20 #13 Data Protection Lisa Niles: CISSP, Director of Solutions Integration

CSC # 13 - The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information

The Good news The Bad news The bottom line

Cloud Data Protection.

The adoption of data encryption, both in transit and at rest, provides mitigation against data compromise.

The loss of control over protected or sensitive data by organizations is a serious threat to business operations and a potential threat to national security

How can this control be implemented, automated, and its effectiveness measured?

How to Get Started Step 1. Gap Assessment. 2. Implementation Roadmap 3. Implement the First Phase of Controls 4. Integrate Controls into Operations 5. Report and Manage Progress

Sample Gap questions 1. Has the organization defined data classification levels for the organization? 2. Are guidelines provided to data owners for how to classify resources and examples of datasets at each level? 3. Are the organization s security controls based on the classification level of the information system? 4. Are older, less secure encryption algorithms such as the Data Encryption Standard (DES) or MD5 in use in the organization? 5. Are symmetric encryption algorithms with keys less than 112 bit in use in the organization? 6. Is all highly sensitive data stored by the organization properly encrypted? 7. Is all highly sensitive data transmitted by the organization properly encrypted?

13.1 Perform an assessment of data to identify sensitive information that requires the application of encryption and integrity controls 13.2 Deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data. 13.3 Deploy an automated tool on network perimeters that monitors for sensitive information (e.g., personally identifiable information), keywords, and other document characteristics to discover unauthorized attempts to exfiltrate data across network boundaries and block such transfers while alerting information security personnel. 13.4 Conduct periodic scans of server machines using automated tools to determine whether sensitive data (e.g., personally identifiable information, health, credit card, or classified information) is present on the system in clear text. These tools, which search for patterns that indicate the presence of sensitive information, can help identify if a business or technical process is leaving behind or otherwise leaking sensitive information. 13.5 13.6 13.7 If there is no business need for supporting such devices, configure systems so that they will not write data to USB tokens or USB hard drives. If such devices are required, enterprise software should be used that can configure systems to allow only specific USB devices (based on serial number or other unique property) to be accessed, and that can automatically encrypt all data placed on such devices. An inventory of all authorized devices must be maintained. Use network-based DLP solutions to monitor and control the flow of data within the network. Any anomalies that exceed the normal traffic patterns should be noted and appropriate action taken to address them. Monitor all traffic leaving the organization and detect any unauthorized use of encryption. Attackers often use an encrypted channel to bypass network security devices. Therefore it is essential that organizations be able to detect rogue connections, terminate the connection, and remediate the infected system. 13.8 Block access to known file transfer and e-mail exfiltration websites. 13.9 Use host-based data loss prevention (DLP) to enforce ACLs even when data is copied off a server. In most organizations, access to the data is controlled by ACLs that are implemented on the server. Once the data have been copied to a desktop system, the ACLs are no longer enforced and the users can send the data to whomever they want.

13-1 - Perform an assessment of data to identify sensitive information that requires the application of encryption and integrity controls Free Tools Windows Security & Compliance server - Data Classification Infrastructure (DCI) allows you to classify data if it contains content you specify as a certain classification (SSN = high), then applies rules to certain levels of classification (do not copy/print, encrypt, etc..). Commercial Tools Varonis - Shows where in file systems sensitive data resides, who has access to it, who should and shouldn't have access to it, who uses it, who owns it, and where is it over exposed. Netwrix Auditor - Change auditing and reporting for IT systems. Digital Guardian - Classify files as they are created and create rules on what to do with certain classifications.

13-2 Deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data. Free Tools BitLocker - Offered on Windows 7 Enterprise, and Windows 8, 8.1, 10 Professional Can be controlled through GPO. FileVault - for Mac OSX Linux - Most modern OS deployment wizards will ask if you wish to encrypt certain areas or the full disk. Commercial Tools Voltage, Symantec, McAfee, Digital Guardian

13-3 - Deploy an automated tool on network perimeters that monitors for certain sensitive information (i.e., personally identifiable information), keywords, and other document characteristics to discover unauthorized attempts to exfiltrate data across network boundaries and block such transfers while alerting information security personnel. Free Tools opendlp - open source Data Loss Prevention suite of software MyDLP Community Edition - Comodo DLP solution Commercial Tools Netskope, Symantec, ForcePoint, Digital Guardian

13-4 - Conduct periodic scans of server machines using automated tools to determine whether sensitive data (i.e., personally identifiable information, health, credit card, and classified information) is present on the system in clear text. Free Tools Do not recommend as data discovery is critical and without control of opensource not sure what is getting logged or transferred. Commercial Tools McAfee, Symantec, Sophos, Forcepoint

13-5 If there is no business need for supporting such devices, configure systems so that they will not write data to USB tokens or USB hard drives. If such devices are required, enterprise software should be used that can configure systems to allow only specific USB devices (based on serial number or other unique property) to be accessed, and that can automatically encrypt all data placed on such devices. An inventory of all authorized devices must be maintained. Free Tools opendlp - open source Data Loss Prevention suite of software MyDLP Community Edition - Comodo DLP solution Commercial Tools Forcepoint, Symantec, McAfee

13-6 - Use network-based DLP solutions to monitor and control the flow of data within the network. Any anomalies that exceed the normal traffic patterns should be noted and appropriate action taken to address them. Free Tools Commercial Tools Varonis - Shows where in file systems sensitive data resides, who has access to it, who should and shouldn't have access to it, who uses it, who owns it, and where is it over exposed. Netwrix Auditor - Change auditing and reporting for IT systems. Digital Guardian - Classify files as they are created and create rules on what to do with certain classifications. ForcePoint

13-7 - Monitor all traffic leaving the organization and detect any unauthorized use of encryption. Attackers often use an encrypted channel to bypass network security devices. Therefore it is essential that organizations be able to detect rogue connections, terminate the connection, and remediate the infected system. Free Tools Commercial Tools Many modern Firewalls (Open Source included) offer deep packet inspection, whereby you proxy all outbound HTTPS traffic through your device, which will decrypt the traffic, scan for data loss prevention (DLP) and re-encrypt before leaving the network. This requires that you import and trust the network device's Certificate on all client machines.

13-8 Block access to known file transfer and e-mail exfiltration websites. Free Tools Black list subscriptions. (SANS storm center) Commercial Tools URL filtering categorizations NGFW can granularly allow access put prevent file transfer Proofpoint, Fireeye

13-9 Use host-based data loss prevention (DLP) to enforce ACLs even when data is copied off a server. In most organizations, access to the data is controlled by ACLs that are implemented on the server. Once the data have been copied to a desktop system, the ACLs are no longer enforced and the users can send the data to whomever they want. Free Tools Again, not something I would skimp on. Commercial Tools Symantec, Digital Guardian, Forcepoint, Sophos, TrendMicro

Thank you for Attending. Hope you can join us for the Complete CIS Top 20 CSC Tuesday July 24th CIC CSC # 14 Controlled Access on Need to Know

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback