Showing posts with label Data Discovery. Show all posts
Showing posts with label Data Discovery. Show all posts

Billington Cybersecurity Summit: Situational Awareness and Cyber Resiliency

Victor Limongelli


I was pleased to have the opportunity to participate on a panel at the 5th Annual Billington Cybersecurity Summit, a very well attended event in Washington, DC yesterday. At the Summit’s opening keynote, Admiral Michael Rogers, Commander of U.S. Cyber Command and Director of the National Security Agency, made a strong call for the adoption within cybersecurity of the military concept of “situational awareness,” both in government agencies and in corporate America. This, he said, can be achieved through understanding normal behavior across a network and on endpoints and having a way to quickly visualize anomalies

Medical Devices Vulnerable to Remote Cyber Tampering, FDA Warns

Ale Espinosa This post is not suited for the faint-hearted … especially those wearing a medical device.

The U.S. Food and Drug Administration (FDA) has issued cybersecurity recommendations for medical device manufacturers and user facilities, hospitals, health care IT and procurements staff, and biomedical engineers, following news of security issues in certain fetal monitors and software used in body fluid analysis.

According to the FDA’s safety communication issued last week, there are strong concerns regarding medical devices and hospital networks’ vulnerability to malware, as well as with the unauthorized access to their configuration settings. Among the devices and systems at greater risk are those that are network-connected or configured, hospital computers, smartphones and tablets, and password databases, among others.

RSA Conference: Actionable Intelligence is the Missing Link in Incident Response

Anthony Di Bello Yesterday at Moscone Center I walked by the former Gartner security analyst who famously pronounced nearly 10 years ago that “IDS is dead.”

So it was fitting to attend the keynote by RSA Chairman Art Coviello and hear him say, “It’s past time for us to disenthrall ourselves from the reactive and perimeter-based security dogmas of the past and speed adoption of intelligence-driven security.” He described a fact that’s inescapable to all security professionals now, which is that alerting systems and point solutions for threat response aren’t sufficient to respond to modern threats. The time has come to change the way we perform incident response by using rapidly accessible, actionable intelligence to make the stakes higher for hackers, crackers, and thieves.

Sensitive data discovery is an essential part of IT security

Anthony Di Bello

Yet, most organizations don’t give it the attention it deserves. Here’s why it’s hard, and what you can do to do it right.

When we talk about protecting enterprises from attack, we are really talking about protecting our data. After all, it is the data that is so heavily regulated. It’s data - when comprised - that causes breach notifications. And it’s that valuable data that one ultimately doesn't want to fall into the wrong hands.

So it’s surprising why so few companies - companies that spend so much capital and effort on security technologies to defend their networks - actually seek to know where their sensitive, confidential, and regulated data reside. Perhaps it’s because they don’t see the real value in doing so. Perhaps it’s because the process has proven to be insurmountable at some point in the past. Regardless of the reason: it’s a serious oversight.

Why? First consider the benefits of understanding sensitive data location. Understanding and controlling the location of sensitive data can help to significantly reduce risk as that data can be consolidated into fewer data stores as it’s identified. It can also help streamline data leak prevention deployments, help with litigation readiness, (for data disclosure requests) and can improve data retention policies. So why isn't it being done?

Part of the challenge is that auditing endpoint data, without the right tools, isn't ;easy. First, many of the tools require that endpoint data be fully indexed before it can be searched. That’s just ludicrous today, as the process will take weeks, if not a month or more to complete. With the velocity at which data moves today, the locations and nature of the data will change before the indexing process is even completed. Not to mention that much of the data will be on highly-mobile notebooks. Additionally, unstructured data is a big challenge for most tools. This includes finding data in emails, attachments, and local files.

Also, policies alone, without technological enforcement, isn’t enough. Users will always find a way to bypass policies that aren’t monitored and enforced either accidentally or intentionally. So sensitive data discovery technology should also provide remediation: it’s the only way to deliver critical enforcement capabilities to ensure sensitive data is not anywhere against your data policies.

Despite these difficulties, endpoint data classification is something that must be done. Not only because having sensitive data scattered about significantly increases risk exposure, as well as the costs associated with eDiscovery requests - but it’s also a requirement among many regulations. Some of those include Nevada’s Security of Personal Information Law (NRS 603.A), the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI DSS).

For these regulations, and for un-regulated confidential data, the ability to discover sensitive data on endpoints is crucial for reducing the risk and costs of incidents, remaining compliant, and enforcing policies to avoid mishaps and regulatory findings. When looking for a solution, there are certain requirements you need consider:
  • Broad Encryption support
  • Broad OS support
  • Ease and Flexibility of deployment and configuration
  • Forensic-grade visibility
  • Review capability
  • Policy enforcement mechanism
  • Integration with other systems
EnCase Cybersecurity enables organizations to find sensitive intellectual property, personally identifiable information, and classified data on endpoints. Also, with disk-level and volatile RAM search ability, EnCase Cybersecurity can target and locate sensitive data wherever it is stored - even if it has already been deleted. Additionally, organizations can target data based on self-defined and pre-defined criteria. Then, when critical data is found in unauthorized areas, the data can be collected to a central repository if needed and then removed in such a way as to be unrecoverable. This way risk is not only instantly reduced, but policy is also continuously enforced going forward as employees will know that endpoint data policy violations will be identified, and won’t be tolerated.

There’s no doubt that endpoint data identification and auditing will be a challenge for some time to come. If you’d like to learn more, you’re invited to watch the on-demand webinar Dude, Where’s My Data – Finding & Securing Sensitive Data, which provides more detail on the challenges of endpoint data auditing and identification, and how EnCase Cybersecurity will help.