Data Loss Prevention
Featuring 26 Papers as of January 27, 2017
Countering Impersonation, Spearphishing and Other Email-Borne Threats: A Review of Mimecast Targeted Threat Protection Analyst Paper
by Jerry Shenk - January 24, 2017
The FBI estimates that between October 2013 and August 2015, more than 7,000 U.S.-based organizations lost a total of $748 million to business email scams. Such scams rely on the same tricks as confidence artists in the real world: the appearance of legitimacy and the tendency of victims to go along with requests that appear to be on the up-and-up, without checking to be sure. In this whitepaper, SANS senior analyst Jerry Shenk evaluates Targeted Threat Protect, an email-security service from Mimecast that is focused on stopping sophisticated phishing attacks. Among its most difficult targets: “whaling” attacks that spoof high-level executives asking for sensitive data, access or the transfer of money to accounts owned by scammers.
Packets Don't Lie: LogRythm NetMon Freemium Review Analyst Paper
by Dave Shackleford - January 18, 2017
- Associated Webcasts: Packets Don’t Lie: What’s Really Happening on Your Network?
- Sponsored By: LogRhythm
With more traffic than ever passing through our environments, and adversaries who know how to blend in, network security analysts need all the help they can get. At the same time, data is leaking out of our environments right under our noses. This paper investigates how LogRhythm’s Network Monitor Freemium (NetMon Freemium) Version 3.2.3 provides intelligent monitoring, and helps organizations to identify sensitive data leaving the network and to respond when loss occurs.
Data Breach Impact Estimation STI Graduate Student Research
by Paul Hershberger - January 3, 2017
Internal and External auditors spend a significant amount of time planning their audit processes to align their efforts with the needs of the audited organization. The initial phase of that audit cycle is the risk assessment. Establishing a firm understanding of the likelihood and impact of risk guides the audit function and aligns its work with the risks the organization faces. The challenge many auditors and security professionals face is effectively quantifying the potential impact of a data breach to their organization. This paper compares the data breach cost research of the Ponemon Institute and the RAND Corporation, comparing the models against breach costs reported by publicly traded companies by the Securities and Exchange Commission (SEC) reporting requirements. The comparisons will show that the RAND Corporation's approach provides organizations with a more accurate and flexible model to estimate the potential cost of data breaches as they relate to the direct cost of investigating and remediating a breach and the indirect financial impact associated with regulatory and legal action of a data breach. Additionally, the comparison indicates that data breach-related impacts to revenue and stock valuation are only realized in the short-term.
The Information We Seek by Jose Ramos - October 25, 2016
Whether you are performing a penetration test, conducting an investigation, or are skilled attackers closing in on a target, information gathering is the foundation that is needed to carry out the assessment. Having the right information paves the way for proper enumeration and simplifies attack strategies against a given target. Throughout this paper, we will walk through some strategies used to identify information on both people and networks. Some people claim that all data can be found using Google's search engine; but can third party tools found in Linux security distributions such as Kali Linux outperform the search engine giant? Maltego and The Harvester yield a wealth of information, but will the results be enough to identify a target? The right tool for the right job is essential when working with any project in life. Let's take a journey through the information gathering process to determine if there is a one size fits all tool, or if a multi-tool approach is needed to gather the essential information on a given target. We will compare and contrast many of the industry tools to determine the proper tool or tools needed to perform an adequate information gathering assessment.
Data Breaches: Is Prevention Practical? Analyst Paper
by Barbara Filkins - September 13, 2016
- Associated Webcasts: Breach Detected! Could It Have Been Prevented?
- Sponsored By: Palo Alto Networks
Despite the potential costs, legal consequences and other negative outcomes of data breaches, they continue to happen. A new SANS Institute survey looks at the preventive aspect of breaches – and what security and IT practitioners actually are, or are not, implementing for prevention.
Tagging Data to Prevent Data Leakage (Forming Content Repositories) STI Graduate Student Research
by Michael Hendrik Matthee - May 3, 2016
In order to protect sensitive data, it must be secured at rest, during transit and when in use (Aaron, 2013).
Preventing data leakage: A risk based approach for controlled use of the use of administrative and access privileges STI Graduate Student Research
by Christoph Eckstein - August 24, 2015
Organizations invest resources to protect their confidential information and intellectual property by trying to prevent data leakage or data loss. They adopt policies and implement technical controls to stop the loss and disclosure of sensitive information by outside attackers as well as inadvertent and malicious insiders. They follow best practices like the Critical Security Controls, specifically Control 12 (“Controlled Use of Administrative Privileges”) and Control 17 (“Data Protection”), to prevent the unauthorized leakage and disclosure of sensitive information. One type of data loss or data leakage prevention controls includes endpoint protection solutions to stop file transfers to USB storage devices or file uploads to public websites. However, the larger and more complex the business and organization the more users that may be granted exceptions to these policies and controls in order for them to be able to fulfill their job related tasks. The approval of these exceptions is often solely based on the business need for the individual user. This raises the question of how an approval for an exception does influence the risk of data leakage for an organization? What is the specific data leakage risk for granting an individual user a certain exception? This paper presents a new approach to risk based exception management, which will allow organizations to grant exceptions based on inherent data leakage risk. First, this paper introduces a concept for evaluating and categorizing users based on their access to sensitive information. Then in the second step, a ruleset is defined for granting exceptions based on the categorization of users, which enables individual approvers to make informed decisions regarding exception requests. The overall objective is to lower the data leakage risk for organizations by controlling and limiting exceptions where the access and thereby potential loss of information is the highest.
The What, Where and How of Protecting Healthcare Data by Kelli Tarala and James Tarala - April 6, 2015
Mitigating healthcare data-loss risk by understanding the What, Where, and How of Protecting Healthcare Data.
Data Breach Preparation by David Belangia - March 16, 2015
Home Depot experienced the second largest data breach on record. ("Home Depot data breach affected 56M debit, credit cards", 2014) It started in April 2014, but Home Depot did not become aware of the problem until September 2 when law enforcement and some banks contacted them about signs of the compromise.
Modeling Security Investments With Monte Carlo Simulations STI Graduate Student Research
by Dan Lyon - September 24, 2014
Technical leaders and architects are frequently the interface from sponsors and management into projects.
Data Encryption and Redaction: A Review of Oracle Advanced Security Analyst Paper
by Dave Shackleford - September 15, 2014
- Associated Webcasts: Simplifying Data Encryption and Redaction Without Touching the Code
- Sponsored By: Oracle
A review of Oracle Advanced Security for Oracle Database 12c by SANS Analyst and Senior Instructor Dave Shackleford. It explores a number of the product's capabilities, including transparent data encryption (TDE) and effortless redaction of sensitive data, that seamlessly protect data without any developer effort from unauthorized access.
Protecting Small Business Banking by Susan Bradley - July 22, 2013
Over the last several years, the use of online banking and other financial transactions have risen dramatically.
Information Risks & Risk Management by John Wurzler - May 1, 2013
In a relatively short period of time, data in the business world has moved from paper files, carbon copies, and filing cabinets to electronic files stored on very powerful computers.
People, Process, and Technologies Impact on Information Data Loss by Paul Janes - November 9, 2012
Organizations have always had contend with issue of data loss; however, with the advent of the computer and worldwide connectivity, the problem has become magnified.
The Risks of Client-Side Data Storage by Edwin Tump - May 16, 2011
One Touch Disaster Recovery Solution for Continuity of Operations by Rajat Ravinder Varuni - May 28, 2010
In this publication I present a solution where information is available during or following a disaster.
The Business Justification for Data Security by Securosis - February 10, 2009
In the information security world we face two major types of threats: “noisy” threats which directly interfere with our ability to do business and “quiet” threats which cause real damage, but don’t necessarily prevent people from doing their jobs. Noisy threats such as viruses, worms, and spam; attack both networks and systems, and clearly disrupt productivity and business operations. With highly visible (and often very annoying) attacks, it’s easy to justify investments to curb their impact. When the CFO see hundreds of spam messages in his inbox, he’s very likely to fund an anti-spam solution.
Data Loss Prevention by Prathaben Kanagasingham - September 5, 2008
Data breach has been one of the biggest fears that organizations face today. Quite a few organizations have been in the news for information disclosure and a popular recent case is that of T.J.Maxx. While DLP is not a panacea to such attacks, it should certainly be in the arsenal of tools to defend against such risks.
Data Leakage Landscape: Where Data Leaks and How Next Generation Tools Apply Analyst Paper
by Barbara Filkins, Deb Radcliff - April 19, 2008
This paper maps data leakage points with regulations and best practices and tools to protect critical data.
The Mechanisms and Effects of the Code Red Worm by Renee Schauer - September 12, 2001
This paper addresses the vulnerability that was present in Microsoft Internet Information Services (IIS) web server software and the worm, Code Red, which exploited this vulnerability.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.