security is compromised and corporate sensitive data is accessed. It might fall under any of these categories:
- Unauthorized, intentional or unintentional exfiltration of confidential information
- Data spill or data leak
This can happen due to external security attacks like malware, hacking or sometimes even from an internal source such as a disgruntled employee. This calls for a data loss prevention (DLP) system in place that would help you contain and avoid the loss of data.
Data loss happens in many stages and can be broadly categorized into three categories:
- Data in Motion: Data that moves through the network to the outside, in most cases using the Internet
- Data at Rest: Data that rests in your database and other provisions for storage
- Data at the Endpoints: Data at the endpoints of your network, say, data on USB and other plugged-in devices.
DLP is a strategy to make sure that your sensitive data don't move outside of your network. It helps you reduce the risk of the disclosure of confidential information. With the continuous increase in cybercrime, it becomes all the more necessary to protect data breach across various stages.
Here are some focus areas that can help you minimize data loss:
1. Identify the Top Data Loss Scenarios
If you look into all the data loss scenarios thus far, you will be able to cull out a pattern as to which are the ones that have had the highest impact. Also there may be relatively minor data loss incidents but it might be occurring multiple times in a day.
Action item: Identify and classify data based on their sensitivity and keep an eye on their flow within the network and outside. Your classification can be based on the type of data as well, for example, customer data, financial data, etc. Once this is done, based on your security and compliance requirements, you need to build security policies. It is advisable to use a SIEM security tool that will correlate and alerts you in real time upon any security breach.
2. Actively respond to Security Incidents
Once the radar is lit up, security events, tend to pile up thick and fast. It is important to have a dedicated methodology to analyze and respond to all valid security events.
Action item: As you begin to monitor the log events in real time, you would be able to quickly spot security threats. You can deploy an efficient log management tool with active response technology that can help you mitigate and remediate violations and deliver automated responses based on the security incident.
3. Comply with Policy Regulations
If you are handling sensitive and confidential information, you need to be compliant with policy regulations such as FISMA, PCI DSS, HIPAA, etc. Based on the industry in which you operate. For example, if your business involves payment card transactions, you need to be PCI compliant as you are responsible for protecting the cardholder data when you receive it.
Action item: If you are PCI Compliant you need to encrypt the cardholder data with at least a 128 bit SSL certificate to meet this standard. It requires constant assessment and reporting and employees across different levels should get involved to make it effective. SIEM tools help you quickly uncover compliance policy violations by identifying attacks, and highlighting threats with real-time log analysis and powerful cross-device and cross-event correlation covering your entire infrastructure.
SolarWinds Log and Event Manager (LEM) help you quickly uncover policy violations and performs multiple event correlation to understand relationships between dramatically different activities. With it's with real-time log analysis and powerful cross-device/cross-event correlation, LEM lets you effectively identify and respond to threats in real time, rather than being reactive.
LEM also provides over 300 pre-built "audit-proven" templates so you can easily generate and schedule PCI and other regulatory compliance reports, as well as customize reports for your organization's specific needs.