Corporate data theft is nothing new. In fact, according to a study conducted by McAfee, “[a] majority of IT professionals have experienced at least one data breach during their careers—61% at their current company and 48% at a previous company.” This is an alarming reality, but it’s one that we can understand better to prevent future data breaches.

What should you look at when considering data theft vectors?

To prevent data theft, it is important to start with a couple of questions. These questions will help businesses self-identify where they’re more vulnerable to data theft. 

First, where are the blind spots in your corporate network? It is unlikely that every section of the corporate network is being monitored. Remote employees, branch offices, retail locations, etc. are among the many unmonitored corporate backdoors that malicious actors use to gain a foothold. After all, hackers understand that the main corporate firewall isn’t likely to be an easy obstacle, but the remote employee who carelessly browses the web on a corporate laptop is far easier leverage. 

Second, do you have policies in place that prevent users from accessing sensitive information? While networks continue to grow, sensitive information should be located on a part of the network not easily accessible to the company at large. Financial transactions or POS systems are all stored in secure servers on different parts of the network, but are there policies in place that verify that nobody else has access to these systems? Specifically, would the business see when a violation of the policy happens? After all, access control lists can be extremely long and complex, making an audit of these rules very difficult and time-consuming. 

Best practices for data theft prevention

So, now that you’ve addressed the questions above, what more can you do to prevent data theft? Well, if you’ve solved the first question and are actively monitoring the entire network, network traffic analytics will give you the clearest picture of what’s taking place on the corporate network. 

Whether you’re monitoring with flow data directly from your network infrastructure or if you’re monitoring with probes, the information you gain by filling in the blind spots will provide significant value and reduce the landscape where malicious actors can gain a foothold. 

Find out what’s really going on in your network

If you don’t have flow-exporting devices across your network, you can deploy a probe to quickly gain visibility.

Have you answered the second question yet? If you’re like most organizations, you likely don’t have a clear understanding of these vast policies. Furthermore, as the McAfee report shows, only 61% of breaches are discovered. This means that many more breaches remain unreported. Network traffic data is a critical piece to understanding where vulnerabilities are on the network, and it gives businesses insight into where the data goes across the network. When a violation takes place, you can easily see the violation, and understand where it happened on the network. This information can aid security teams in creating better, more informed security policies. 

As an example, by leveraging network traffic analytics, the organization can spot unauthorized credential use. This wouldn’t necessarily be something the firewall or other systems could detect. When phishing attacks happen and login details are compromised, both the network and security teams can understand which compromised credentials were used—e.g., when someone in the sales team tries to gain access to intellectual property housed on an R&D asset. 

Something else to consider

Finally, not only does the rich metadata available from existing corporate network infrastructure give information on how the traffic is flowing, but it also provides details that identify malware and other threats on the network. DNS traffic is extremely valuable, but often forgotten when in the context of network traffic. As more and more traffic is encrypted, DNS queries are becoming one of the last places for organizations to identify threats.

This additional information gives network and security teams the information they need to combat data theft. By monitoring all parts of your network, and by verifying that policies are in place as intended, organizations can significantly reduce, if not prevent, future data breaches.

If you’d like to learn more about monitoring DNS traffic to spot unwanted traffic, or are interested in monitoring across the entire network, download a 30-day trial of FlowPro today. 

Justin

Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.

Related