Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 13
In this blog series, members of Optiv’s attack and penetration team are covering the top 20 Center for Internet Security (CIS) Critical Security Controls (CSC), showing an attack example and explaining how the control could have prevented the attack from being successful. Please read previous posts covering:
CSC 13: Data Protection
The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.
Data protection is the key to why security is so important. In the triad of CIA (Confidentiality, Integrity and Availability) perhaps the most critical component is the confidentiality of the data organizations have on their products, customers or business ventures. Integrity and availability are important as well, but when a breach occurs and organizational data is leaked to the world, it can be one of the biggest hits to a company’s reputation. A lot of controls work together, and CSC 13 does share similarities with CSC 12: Boundary Defense. For that purpose this post will focus less on the components that overlap and more on the unique metrics that organizations can implement to improve security.
For my example attack in this blog post, I will show a policy violation surrounding data loss prevention (DLP). Often this is not done out of malicious intent, but I have seen this situation in real organizations.
There are several scenarios where employees may access sensitive data and inadvertently break DLP policies exposing secure information, such as:
Figure 1: Saved data
Often the information systems which are configured to house sensitive data are also configured with strong security mechanisms to prevent unauthorized access to data. When data is downloaded, printed or copied in any form from the environment, the security controls protecting the data are generally no longer in place. As a result, if an attacker can gain access to employee’s workstations through some attack such as email phishing, then the attacker would be able to access the data much easier than trying to break into the system where the data is most protected.
For the above scenario, it takes a combination of technology and policy in order to effectively secure data. Organizations should employ defense-in-depth in order to protect data as much as possible and assume that it is possible for data to leak from its primary secured storage locations. A few of these defense-in-depth technologies/policies include:
Additionally, organizations should periodically scan for data on systems which it is not intended to be on employee workstations. This can be done with a continuous monitoring tool but should be validated occasionally with full system scans to identify RegEx patterns which match the privileged information the company is attempting to protect (i.e. credit cards or social security numbers).
A strong method to go about validating that data is protected within the organization includes:
The next post will cover CSC 14: Controlled Access Based on the Need to Know.
Let us know what you need, and we will have an Optiv professional contact you shortly.