9/9/2016

1

Sponsored by

When and Why Encryption Doesn’t Protect Your Data Against Malware

© 2016 Monterey Technology Group Inc.

Thanks to

Made possible by

9/9/2016

2

Preview of key points

Encryption technologies Which risks designed to control

Which not

Limiting the risk of malware and APT attackers

Comprehensive data retention and erasure

Demo of encryption

EFS

BitLocker

Access my files

Access someone else’s files

9/9/2016

3

Limiting the risk of malware and APT attackers

Yes - Endpoint security

Probably not - DLP

Yes - Comprehensive data retention and erasure

Comprehensive data retention and erasure

1. Harvesting “deleted” files

2. Left-over copies of files no longer needed such extra data

3. Old files beyond data retention policy

4. Temporary files in user’s own profile

5. Temporary, or left over, files after a privileged user logged off a PC

6. User data found on and recovered from free disc space of a drive

7. (Unencrypted) Data copied over to a removable media unit

8. Classified data saved in open storage by mistake

9. Application data left from user or business processes

10. Sensitive data required to travel internationally (where decryption is forced)

9/9/2016

4

Harvesting “deleted” files

User data found on and recovered from free disc space of a drive

Malware does this Example: Regin

Left-over copies of files no longer needed

Backup files created by apps

Dev/test/QA environments Copies of production data

Often linger after test is done

9/9/2016

5

Old files kept beyond data retention policy

Analyze File age

File type

Department

Keywords

Data Retention

9/9/2016

6

Temporary files in user’s own profile

From Microsoft Word, etc

Internet browsers temp files Not just Internet

Think corporate content from web applications

Temporary, or left over, files after a privileged user logged off a PC

Scenario: Privileged user away from desk

Urgent problem to solve

Logs onto available workstation

Views some privileged information like Excel worksheet of server passwords

9/9/2016

7

(Unencrypted) Data copied over to a removable media unit

Does it ever get erased?

Classified data saved in open storage by mistake

Happens all the time

Just deleting it isn’t enough

Power user should be able to in an erase it

9/9/2016

8

Application data left from user or business processes

Extracts

Downloads

Imports/exports

Intermediate steps

Other repetitive processes

Sensitive data required to travel internationally (where decryption is forced)

Crossing into certain countries can be forced by entry customs to unlock encryption

In some industry – cannot cross borders with certain dataj Deletion doesn’t cut it

9/9/2016

9

Bottom line

Prevent malware

Track user access and horizontal movement

Don’t leave a treasure trove of stale data laying around

Enforce data retention and erasure policies At every level

Every endpoint

Every user Awareness training

Facilitate compliance with available and easy-to-user tools

Automate as much as possible

Time is of the essence Time = risk

© 2016 Monterey Technology Group Inc.

Additional Data Erasure Resources

(Whitepaper) Integrating Secure Data Erasure With Active Directory

http://info.blancco.com/integrating-file-erasure-with-active-directory.html

(Guide) 6 Rules to Follow When Erasing Files Through Active Directory

http://download.blancco.com/download/6-rules-to-follow-when-erasing-files-through-active-directory.pdf

(Free 90 Day Subscription) Blancco File Deployment Through Microsoft Active Directory with Technical Support

http://info.blancco.com/pocfile