Upload
blancco-technology-group
View
80
Download
0
Embed Size (px)
Citation preview
9/9/2016
1
Sponsored by
When and Why Encryption Doesn’t Protect Your Data Against Malware
© 2016 Monterey Technology Group Inc.
Thanks to
Made possible by
9/9/2016
2
Preview of key points
Encryption technologies Which risks designed to control
Which not
Limiting the risk of malware and APT attackers
Comprehensive data retention and erasure
Demo of encryption
EFS
BitLocker
Access my files
Access someone else’s files
9/9/2016
3
Limiting the risk of malware and APT attackers
Yes - Endpoint security
Probably not - DLP
Yes - Comprehensive data retention and erasure
Comprehensive data retention and erasure
1. Harvesting “deleted” files
2. Left-over copies of files no longer needed such extra data
3. Old files beyond data retention policy
4. Temporary files in user’s own profile
5. Temporary, or left over, files after a privileged user logged off a PC
6. User data found on and recovered from free disc space of a drive
7. (Unencrypted) Data copied over to a removable media unit
8. Classified data saved in open storage by mistake
9. Application data left from user or business processes
10. Sensitive data required to travel internationally (where decryption is forced)
9/9/2016
4
Harvesting “deleted” files
User data found on and recovered from free disc space of a drive
Malware does this Example: Regin
Left-over copies of files no longer needed
Backup files created by apps
Dev/test/QA environments Copies of production data
Often linger after test is done
9/9/2016
5
Old files kept beyond data retention policy
Analyze File age
File type
Department
Keywords
Data Retention
9/9/2016
6
Temporary files in user’s own profile
From Microsoft Word, etc
Internet browsers temp files Not just Internet
Think corporate content from web applications
Temporary, or left over, files after a privileged user logged off a PC
Scenario: Privileged user away from desk
Urgent problem to solve
Logs onto available workstation
Views some privileged information like Excel worksheet of server passwords
9/9/2016
7
(Unencrypted) Data copied over to a removable media unit
Does it ever get erased?
Classified data saved in open storage by mistake
Happens all the time
Just deleting it isn’t enough
Power user should be able to in an erase it
9/9/2016
8
Application data left from user or business processes
Extracts
Downloads
Imports/exports
Intermediate steps
Other repetitive processes
Sensitive data required to travel internationally (where decryption is forced)
Crossing into certain countries can be forced by entry customs to unlock encryption
In some industry – cannot cross borders with certain dataj Deletion doesn’t cut it
9/9/2016
9
Bottom line
Prevent malware
Track user access and horizontal movement
Don’t leave a treasure trove of stale data laying around
Enforce data retention and erasure policies At every level
Every endpoint
Every user Awareness training
Facilitate compliance with available and easy-to-user tools
Automate as much as possible
Time is of the essence Time = risk
© 2016 Monterey Technology Group Inc.
Additional Data Erasure Resources
(Whitepaper) Integrating Secure Data Erasure With Active Directory
http://info.blancco.com/integrating-file-erasure-with-active-directory.html
(Guide) 6 Rules to Follow When Erasing Files Through Active Directory
http://download.blancco.com/download/6-rules-to-follow-when-erasing-files-through-active-directory.pdf
(Free 90 Day Subscription) Blancco File Deployment Through Microsoft Active Directory with Technical Support
http://info.blancco.com/pocfile