Why would sending file outside your Enterprise need the approval of your supervisors? Because attackers can send files outside your Enterprise without approval...
Recent news leaves little room for doubt: the so-called APT ( Advanced Persistent Threat) may cause a major change in the way Enterprises protect their sensitive data.
Why change? Because if an IT Security Leader such as RSA cannot protect the source code of its flagship product SecureID, then change is needed.
Let's examine the existing technology of Data Loss Protection (DLP). According to Gartner, RSA is one of the market leaders in the field of content-aware DLP. So it is reasonable to assume that DLP was deployed at RSA. This brings the question why DLP was not able to withstand the APT attack?
The current perception of DLP was described in To DLP or not to DLP - Data Leakage/Loss Prevention.
"The first and the foremost thing is to answer the question: What problem space are we talking about when we talk about Data Leakage? The Data Leakage problem can be defined as any unauthorized access of data due to an improper implementation or inadequacy of a technology, process or a policy."
The "unauthorized access" described above can be the result of a malicious, intentional, inadvertent data leakage, or a bad business/technology process from an internal or external user.
Next, the second question to answer is what part of the problem space defined above does the DLP product market solve?
In the above definition of data leakage, the DLP solutions are designed to prevent unauthorized access of data due to inadequacy or improper implementation of a process or a policy, but not technology. They are not designed to address data leakage issues resulting from external attacks.
So, it is not an information security data leakage issue that the DLP solution is trying to solve.
Hence the DLP solutions help mitigate following risks:
- Identifying insecure business processes. For example, use of FTP for transporting PHI data
- Accidental data disclosure by employees. For example, employee sending unencrypted email containing PHI data
- Intentional data leakage by employees. For example, disgruntled employees stealing data or an employee leaving the company with sensitive data
DLP is not cheap... It requires considerable investment in sensitive Data classification. DLP is nontransparent - it is intentionally visible to end-user to change user behaviour.
We do not have the details of the APT attack - so we cannot answer the question how DLP was defeated . Perhaps one can pick few ideas at: Ten Technical Questions to Make Your DLP Vendor Squirm
But if technology exists to defeat it then we can be sure it will be used.
What do we know for sure? Enterprises need to communicate with the outside world. DLP can do a good job with content-screening of email, but file content screening may be a bit too much for DLP - and this is the "sweet spot" being exploited by APT.
So if you are sending file outside your Enterprise, you may need the approval of your supervisors. The DLP task will be to inspect whether this approval is valid.
Your vendor's job will be to convince you that an attacker will not be able to fake this approval. If both can be achieved, then attackers will not be able to send files outside your Enterprise.
Cross-posted from http://www.sentry-com.net/blog/