Data Loss Type #1: File Removal via USB device
Ah, the ubiquitous USB Drive. Everything from a phone to an MP3 player can be used as a portable hard drive; all of which can be used to steal sensitive data, or introduce data you don’t want (see the #2 blog in this series for information on switchblade attacks, or keeping malicious code from being introduced via a USB device with FileSure Defend).
Example: This could be a disgruntled employee stealing trade secrets onto a pen drive, or it could be a legitimate sync of files onto a mobile device by an executive.
Who is taking data: Most likely an authorized user. Not always malicious intent: someone might want to take the sales list to work at home, not realizing the security breach that imposes.
What doesn’t (always) work: There are several solutions on the market; some options are even built right into Windows. For most people, the complete lock down of USB drives isn’t very attractive since USB drives are so useful. This opened up a space for other USB theft products, ranging from ‘Endpoint management’ products that report on what USB devices are being used to ‘White-list’ based systems where you define a list of ‘Allowed USB devices’ and some that combine both techniques. The thing is . . . it doesn’t matter what the device is, it matters what files are vulnerable.
How we do it: FileSure starts with the files. You can determine what files you don’t ever want leaving and block those from being copied TO a USB drive, period (while still leaving them otherwise available to authorized users). Or you can record or block all USB copies. You can see or block any files coming in to your environment FROM a USB drive. FileSure can also block against the powerful USB Switchblade attack where malicious data comes from the USB drive onto the computer (see the next blog entry for how to block infection via USB).
Specifically, how to do it: Here is a screenshot defining a rule that blocks the writing of Microsoft Excel files to a removable drive using FileSure Defend. All we do is block files with the extensions XLS and XLSX from being created or written to on a removable drive, and we apply it to all users.
Of course, you could choose specific files, things in a certain folder, different users or groups, times of day, or more to pinpoint exactly what you are trying to accomplish with the USB write block.
Whatever choice of security you choose, FileSure records the activity, can alert on it, reports on it and archives it centrally forever in an encrypted data store.
Be sure to check out Data Loss Type #2: USB Switchblade Malware and Data Theft
No comments:
Post a Comment