(what you can’t see can hurt you)
If your organization is a Las Vegas resort and casino that cost billions of dollars to build, you might be surprised to find out it’s not the real-estate that’s the most valuable asset — it’s the data. Data has fast become an organization’s most prized possession and the one that’s the hardest to protect. Why does data protection prove to be such a difficult task? It can vary case by case, so let’s take a look.
When it comes to structured data, it’s easier to protect because it’s easier to know where it is. This type of data is usually entered in defined fields for programs such as inventory management and customer relationship databases. In this format, all logs and queries can be sent to a central monitoring system to be analyzed. With a baseline of what a normal query looks like, machine learning tools can be used to quickly recognize when an abnormal query pops up or when data is being pulled from sensitive fields more often than usual. As long as this type of technology is properly implemented and maintained, it helps protect structured data. On the other hand, unstructured data is a whole new ballgame.
When employees generate data, they can pretty much store it anywhere they want and in the format of their choice. It can be an email on an Exchange server, a document on a thumb drive, or a collaborative platform like SharePoint. Your organization’s valuable data spans intellectual property, confidential employee and customer information, competitive secrets, financial material, and company best practices. This creates a very broad and uncertain landscape of unstructured data which has now become very difficult to see and therefore, protect. For more information read the blog An In-depth Look at Insider Threats. Data is now the perimeter that needs to be secured – not the network of yesterday.
Lack of Visibility is Risky Business
With little visibility into where unstructured data lives and who is accessing it, businesses end up giving cyber criminals the upper hand. These criminals know valuable data is scattered throughout the organization, largely unprotected, and they use that to their advantage. Once an attacker gains access to the network, either by using basic phishing scams to trick end users into going to nefarious web sites or downloading malicious attachments, or by exploiting one of many other vulnerabilities; the attacker can now move through your network searching for sensitive, unprotected, and unstructured data.
In this precarious digital environment, businesses need to be concerned with intellectual property, personally identifiable information (PII) and credit card numbers leaving the “network” either by an attacker trying to get inside to steal it, or an employee letting it outside the invisible walls. In either case, the business can end up violating industry regulations such as PCI and HIPAA. Becoming non-compliant with industry standards is a risk no business can afford to take. How do you gain a deeper visibility into where the sensitive data lives and who is accessing it? That knowledge is the key to protecting your unstructured data.
Having the Big Picture Mitigates Risk and Saves Resources
If you have more granular visibility into what’s going on with your data, you essentially have a birds’ eye view of your unstructured data landscape. Data security and analytics tools can help get you to that vantage point by offering insight into not only who has permission to access which files, directories, and servers, but who is actually accessing that information and when. This intelligence is a critical to having the big picture.
When implementing data security and analytics tools, conducting an unstructured data assessment is a smart first step because it can immediately reveal where the greatest weaknesses are. For example, a Human Resources administrator may think she has exclusive rights to a certain file folder containing human resources material. Then, during an assessment it’s revealed that everyone on the global team has access to that folder, whether they know it or not. This would be a red flag warning that permissions were not set up correctly, unbeknownst to the administrator. Yet, luckily the issue can be quickly rectified.
The assessment also allows businesses to discover where all of the sensitive data lives, so they can lock down intellectual property, like DevOps code. When working with a security partner, an assessment can take less than a day in some cases, enabling an enterprise to quickly make improvements to its security strategy and policies. After the assessment is complete, your security partner can work with you to continue a proof of concept (POC) to verify that all of the information gathered is accurate.
Once the initial assessment and POC are completed, a baseline of user activity is established. This intelligence allows you to quickly and easily see anomalous behavior on an ongoing basis. If and when that behavior is detected, the customer receives automatic alerts that provide insight such as:
- The type of user behavior – Is a file being accessed at 2:00 AM when the office is closed?
- The person performing the activity – Is a regular employee accessing financial files when he doesn’t need to as part of his job?
- The frequency of data being accessed – Is a file being accessed multiple times when the last access was several months ago?
Your data security and analytics tool can provide the answers to these types of questions, which can then be fed into a user and entity behavior analytics (UEBA) solution for further correlation. By using a UEBA solution as an integral component of a comprehensive data security strategy, you can create a profile for each person in the company, yielding an even clearer view of your unstructured data landscape.
For example, your data security and analytics tool can recognize odd behavior such as an employee accessing 300 files one day when he usually accesses fewer than 10. The UEBA solution connects to multiple systems so it can correlate it with additional information providing context around the user behavior. In this scenario, the UEBA tool correlates the odd user activity with human resource information to recognize that an employee is downloading proprietary information to take with him because he was just notified that he is being laid off. This type of solution can also help an enterprise discover if an employee’s credentials have been stolen and are being used to access restricted files.
And of course we all know in cybersecurity, a good offense is the best defense. The intelligence offered by data security and analytics tools complemented by a UEBA solution enables enterprises to be proactive. For instance, if a high-level executive has resigned, IT security can take measures to monitor the employee’s activity until he leaves the company in an effort to prevent him from taking proprietary information with him. By integrating data loss prevention (DLP) with the data security and UEBA solutions, it’s even easier for enterprises to stop sensitive data from leaving the company. For example, if an employee attempts to email customers’ social security numbers to someone outside the company, the DLP solution can block the transaction for immediate protection. This additional layer of security offered with DLP can be implemented by setting up simple policies and permissions. Aside from protecting sensitive information, it also helps the enterprise avoid scenarios that could require a time-consuming and unnecessary investigation into certain user activity.
When IT has to investigate anomalous behavior, it takes people away from strategic projects that drive the business forward. Enhanced visibility into unstructured data enables enterprises to know which behavior needs to be investigated and which does not. For example, the odd behavior might simply be someone in accounting who was accessing files from previous years to prepare for an audit, making it a legitimate activity. Alternatively, if all suspicious activity is treated as a fire drill, IT staff ends up chasing threats that aren’t real, wasting valuable time and resources.
The rewards of a comprehensive data security solution can be both immediate as well as long-term. An actual use case demonstrated that analytics can be invaluable for months, and even years down the road. One of our large enterprise customers was being sued for mishandling sensitive material. Fortunately, the company was able to leverage the intelligence provided by its data security solution to prove that all of the employees who accessed the files in question were authorized to have access. This detailed information showed that our customer maintained compliance, saving the company millions of dollars and protecting its reputation.
Data Security that Supports a Growing Business
Having all of the puzzle pieces that make-up the big picture is extremely valuable. However, with all of the granular detail that data security and UEBA provide, it may seem cumbersome to have that much information to manage, especially in a large enterprise. For that reason, it’s important to look for a scalable solution that allows anomalous behavior to be categorized and prioritized. By knowing which alerts need to be looked into immediately and which ones can wait, IT can drastically cut down on the time it takes to identify and confirm problems. Then security leaders can make fast and informed decisions that drastically mitigate risk and improve the overall security of the enterprise.
The capability to prioritize alerts is crucial when an enterprise has hundreds of thousands of files that need to be monitored, and employees across the globe accessing company information. When evaluating data security solutions, make sure the one you select can support your business today, as well as in the future, so no matter where the data is at any given time, you’ll be able to see it and secure it.
To learn more about securing large amounts of unstructured data, visit https://veristor.com/it-security/