One Way To Prevent Your Data From Being Exfiltrated

December 26, 2019/

in Cybersecurity

Usually, when the topic of network security arises, it tends to revolve around the strategy of securing the environment from external attacks. This involves not just securing your network perimeter with a firewall, but also email security, endpoint protection, and end user awareness.

These are all important facets to your overall security posture; but another layer to include in this picture that will ensure that you’re approaching security as holistically as possible, is to ensure that your data is protected from being exfiltrated.

Data Exfiltration

Data exfiltration is the unauthorized copying, transfer or retrieval of data from a computer or server. Although it’s a common practice to ensure that infiltration is mitigated by deploying security solutions (i.e. AV, IPS, Email Security), many forget to ensure that their existing data is protected from being transferred to unauthorized locations.

How can you ensure that sensitive data such as social security and credit card numbers aren’t being transferred beyond the boundaries of your network? Or that important documents intended for internal use only, continue to remain internal and are never shared to external sources? Data Loss Prevention (DLP) is one of the solutions available to make this possible.

Data Loss Prevention (DLP)

Although there are multiple solutions available for DLP to be implemented, it is worth noting that this feature is available on some NG {Next Generation) Firewalls. The FortiGate security appliance, for example, does provide DLP as an included feature that can be enabled. This is configurable as a security profile which can be applied on a per firewall policy basis. DLP monitors a set of network protocols along with configurable rules to ensure that files and embedded content leaving the network adheres to company policy. Additional features, such as, file share fingerprinting and message archiving can also be enabled to enhance the functionality of DLP.

It is also important to note that in order for DLP to work at its highest level of accuracy, SSH deep packet inspection must be enabled.