December 6, 2019 FTC

When it Comes to DLP, Purple Team Intelligence is Your Superpower.

Preventing insider threat resulting in data leakage and theft of enterprise information is difficult. DLP policies, tools, and techniques are often deployed in silos to stop these events after the fact without thought around an effective end-to-end DLP management strategy.

We employ a unique solution to enhance DLP capability for end-to-end enterprise management using network security operational methods of Purple teaming to identifying areas of high risk from real world attacks combining offensive (Red) and defensive (Blue) mitigating skill sets that mimic and mitigate advanced adversarial tactics, techniques, and procedures (TTPs) to steal data. We apply a common information model (CIM) to filter identified DLP events and address high risk areas that can be mitigated through strategic procurement or deployed indicators of compromise (IOC). By combining attacker and defender mindsets in a Purple Team approach, we become more effective at DLP needs to generate DLP intelligence that can identify DLP capability gaps, DLP blind spots, and improve DLP procurement efficiencies by targeting areas of highest risk.

3

MILLION

The cost on average to remediate data breaches in the first six months of 2019.
(That’s $150 per record within a typical breach size of 25,575 records!) *

6

MILLION

The cost on average to remediate data breaches in the first six months of 2019 in the Healthcare sector (a whopping $429 per patient record!)
On average, 60% more than other industries! *

3,800

DATA BREACHES

The number of breaches reported in the first six months of 2019. **

26

INCREASE

Increase in breaches from Internet of Things (IoT) in 2017-2018. ***

Using a continous, highly robust DLP intelligence derived through advanced methods and continuous techniques with our unified Purple Team DLP Approach, we locate critical DLP capability gaps, DLP blind spots, and DLP misconfigurations so Federal agencies can meet their DLP policy goals.

Some of the many highlights include:

ENTERPRISE DLP VALIDATION

We validate configurations across enterprise DLP tools using threat-based attack scenarios from MITRE Corporation’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) and. govCAR frameworks for continuous visibility to DLP capability posture, improving:

  • Ability to identify and prioritze responses to threats based on real-time attacker tactics and techniques
  • Effectiveness of DLP toolset capability gap analysis based on responses to threat-based attacks
  • DLP procurement efficiencies by investing in areas of highest risk
  • Instant visibility to enterprise DLP compliance with Community of Practice (CoP) at-a-glance custom dashboards

SPLUNK OPTIMIZATION

Using a common information model (CIM) that pre-processes structured and unstructured data sets across an enterprise to capture and centralize normalized data for efficient analysis and DLP alert identification, we create:

  • Consistent data standards for normalization of DLP structured and unstructured data
  • Accurate reporting to complete cost/benefit analysis of DLP toolsets, allowing stakeholders to consider changing configurations
  • Efficient identification and categorization of High Value Assets (HVAs) for accurate risk assignment within a DLP Framework
  • Automated capability to quickly observe DLP enterprise event
    violations from IOC flags and build DLP event reports normalized
    from DLP telemetry data sets

DATA INSPECTION

We use deep packet inspection capabilities residing within a break and inspect loop in the gateway security stack for encrypted Secure Sockets Layer (SSL) traffic to:

  • Protect DLP within secure data transmissions using gateway-level DLP capabilities to examine encrypted data flows
  • Prevent data exposure, loss, and theft exfiltration within approved communications; monitor and discover non-approved encrypted transmissions
  • Automated capability to quickly observe DLP enterprise event
    violations from IOC flags and build DLP event reports normalized
    from DLP telemetry data sets
80

The cost on average to remediate data breaches in the first six months of 2019.
(That’s $150 per record within a typical breach size of 25,575 records!) *

1

API abuses will be the top attack vector for data breaches in enterprise web applications in 2022.

21

Data exposures that can be attributed to misconfiguration of cloud-based file storage.

60

Approximate number of records that have been exposed by data breaches from cloud
misconfiguration.

For more information, reach out to the FTC DLP Team, or download our White Paper by clicking below: