Introduction and Executive Summary
Security officers of organizations face a new set of challenges in today’s world – particularly those that result from advanced persistent threats (APTs). APTs are able to thwart traditional perimeter security schemes by working patiently over long periods of time to compromise defenses and to manipulate employees to click on familiar looking but malicious websites and emails. Attackers infiltrate corporate networks and discover areas where sensitive data is located, vulnerable areas where confidential data is easiest to steal, which employees are most likely to handle such data, and how sensitive data routinely moves about the organization. For example, attackers can employ “low and slow” techniques of copying a few sensitive files per day over a long period of time once they discover a level of activity that keeps them below the organization’s monitoring thresholds.
In the past it was sufficient to guard the organization’s IT perimeter with tools such as firewalls, intrusion detection, and data loss prevention (DLP), these techniques are no longer effective by themselves against APTs, other sophisticated attacks and insider threats.
The solution is to add data-centric security to traditional perimeter security. Data-centric security includes techniques that protect data as it travels both within the organizational perimeter and beyond, by limiting access to sensitive data according to policies that cover both users and activities. It also includes techniques for determining where sensitive data exists throughout the enterprise, monitoring such data, and analyzing the ways in which users copy, move, and access it over time. It incorporates identity management systems to correlate specific users with activity on sensitive data. By using such techniques on a continuous basis, security officers can not only prevent unauthorized activity automatically but also detect suspicious behavior patterns that suggest APTs and take action before it’s too late.
A particular set of data-centric security techniques focuses on unstructured data – on files that are stored in PCs, file servers, and other repositories as well as on the mobile devices that more and more people are using to access enterprise networks – as it is stored, accessed, moved, and used over time.
Data-centric security should also allow users to work without undue interruptions as they pass information among multiple devices. A people-centric policy allows for flexibility and dynamic enforceability based on the contexts of content, users, devices, time of day, location, and so on, acknowledging the need for exceptions to predefined policies based on the unpredictable nature of legitimate data creation and usage while relying on advanced analytics to catch excessive deviations from the norm.
This white paper discusses the Data Security Framework, Fasoo’s multi-level architecture for combating APTs through data-centric security for unstructured data and people-centric policies. The Data Security Framework consists of three Fasoo solutions, each of which has value on their own but together comprise a comprehensive approach to data-centric security.
The three components of the Fasoo Data Security Framework are shown in Figure 1. They are:
- Fasoo Data Radar: a data governance solution for discovering and classifying the constantly changing set of unstructured data based on its association with people and other characteristics, showing the data’s security vulnerability and dynamically applying
security policies on a continuous basis.
- Fasoo Enterprise DRM (FED): a persistent data security solution for protecting, controlling and tracing data throughout the enterprise – including data at rest, data in use, and data in motion – according to predefined policies based on user, group or role, or dynamically binding existing access control lists of information systems to enable file-level permissions at all times.
- Fasoo RiskView: a risk assessment solution for monitoring and analyzing users and their activities in using both protected and unprotected files, determining normal levels of activity, and using sophisticated data analysis techniques to discover deviations that may indicate security risks.
Traditional enterprise security includes three common components:
- Perimeter Security: techniques to inspect data as it moves across enterprise network boundaries. The most common perimeter security techniques include firewalls, intrusion detection and prevention, and Data Loss Prevention (DLP).
- Physical Security: systems that control physical access to a facility and log legitimate entries (and sometimes exits), via keycards, biometrics, or other means.
- Repositories: databases, content management systems, and other types of information repositories that have their own data-centric security schemes for information that resides in the repositories.
The Data Security Framework complements these components by providing data-centric security on unstructured data. In the remainder of this white paper, we will discuss each of the components of the Data Security Framework and how they complement one another.