PROTECT
Data Exfiltration Protection
Advanced solutions to avoid private data exfiltration
2020 Cybersecurity and Resiliency Observations
Insider Threat Monitoring
"... monitoring exfiltration and unauthorized distribution of sensitive information outside of the Firm through various distribution channels (e.g., email, physical media, hard copy, or web-based file transfer programs) and any documentation evidencing this monitoring."
ZERO EXFILTRATION
Cybersecurity Policy Violation System
Most of the efforts in cybersecurity are invested to protect you against external threats. What about internal threats when users, on purpose or by mistake, send private data to an external location or access Websites that are not allowed?
Data Exfiltration Protection
Protection against internal threats
Management Tools
- Alerts, reports, and dashboards
Web Controls
- Monitoring and blocking restricted Websites
- Third party Web apps allowed and not allowed
- Monitoring for unknows Web apps
Removable Storage (USB, Drive, etc.)
- Monitoring and blocking removable storage, local and Web storage apps
File Content
- Monitoring and blocking file content from being exfiltrated
FINRA Report on Selected Cybersecurity Practices – 2018
Data Loss Prevention (DLP)
"Restricting data downloads to USB, CD drives, and SD ports and other mobile devices, as well as blocking access to personal web email programs, cloud-based file sharing service providers and social media sites."
3 Phases for Seamless Implementation
Flexible Configuration for Frictionless Deployment
Monitor
Get insights about users behavior allows for an opened dialogue with users to validate errors from violations, discuss alternatives, or potentially justify and document exceptions.
Prompt
At this phase, users are prompted when they are in violations and they decide to proceed or not. The CISO is alerted if they proceed.
Block
Access to restricted Websites, use of restricted applications, transfer to removable storage, and transfer of files with monitored content will be blocked.