Everything about Data Classification and DLP Data Loss Prevention By Luv Johar & Akshay Dixit

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone welcome to this video in this particular video we will discuss about two very important topics that you should know about if you are a part of information security cyber security domain this is essential for you data classification and data loss prevention two very important terms that all the freshers should know about two very important terms that all the experience people should have a complete understanding around how it works what is the terminology why we use them what are the things involved what are the things that anybody can ask you mean an interview also like what is the DLP what is the tech massification how do you do data classification how does the DLP solution works what are the things that you should keep in mind so we will answer all these questions in this particular video as I have industry expert with me actually she's here with me he is a founder of a company called Anson technologies akshay over to you I love thanks for having me great session upcoming today we are here to talk about data classification and data leakage prevention data loss prevention as people call it short form point of L known term acronym is vlv so why why are we having this session and what is the need of essentially data classification and data loss prevention so let me start off by first saying that for any organization ultimately when we looking in from a cyber security perspective it is the asset that you're trying to protect right we talk about assets and assets are important for an organization to protect now as it could be of anything that is of value to a company right so it could be a people process and technology in itself now when we talk about information as an asset data as an asset what the data that is flowing the sensitive the confidential the restricted type of data that is going inside an organization how how do you protect so you protect it from external threats and you protect it from internal things now most of the time outside of DLP or data classification or data leakage prevention or data loss even comes in we're talking about how do I protect this from external so we put firewall we do segmentation we keep the user segment the data segment away from from the outside untrusted zone so all of these things already happen but now what about leakage or threat to your data as an asset from internal what are the from from an internal perspective this is where data classification and data leakage comes in where we are saying that an internal actor a person who's working on the data or his accent either creating data accessing data or sending data within an organization may be involved in the Kitsch of this data either intentionally or unintentionally so the key here is that it may not always be an intentional activity if there is a malicious actor if there is a malicious if there is a disgruntled employee if somebody they're from an internal standpoint has the intention of actually leaking a data that is one sometimes because of some mistyped email address because of some attaching the wrong file or just in general putting on a putting ad document sensitive document unintentionally on my desktop or putting it on a share without an actual malicious intention I may be embodying it aiding to leakage of such a data for how can it happen actually because of making negligence of people unknowingly aha yeah yeah that's what I'm saying so when I say unintentional it could be something as simple as a mistake as you know I didn't realize I had two documents with almost the same name and I searched online for it and I kind of attached the wrong document or I have two people with kind of a same name and instead of sending it internally by mistake I sent it to an external vendor or external person that was in my list of people I have contacted so even though this was unintentional there was still a deep belly kiss that happened right so so far for all of these internal scenarios internal threads that that come when an organization is dealing with sensitive data is where we talk about data loss prevention data leakage prevention and data classification so data classification is an important activity before diving into DLP I would like to discuss a little bit about data classification so that's that's to say that you know the idea is that an internal actor can cause intentional or intense unintentional leakage of data but you as an information security team has to ensure that no matter what the case no matter if it's a mistake or if it's an intentional activity you have to protect your data now the first step in your data protection activity is your data classification now why why what is data classification so essentially data classification is the process of you are categorizing data is scattered throughout your network on endpoints on servers here and there it's on share it's on it may be in a database so all of these documents all of this data is this first everywhere so data classification is essentially the process of categorizing your data based on some criteria that you have to predefined so that one you get efficiently manage this data and second you can efficiently protect this data so if I today you might ask actually you could go in for data protection or prevention without data classification you know a DLP strategy without a robust in a classification framework or mechanism in place is bound to fail so this is a very important key activity here so we discussed about what is data classification now you could come and ask me that except why do I need an aggressive so one is the protection aspect right just protecting it up there are also compliance and regulatory requirements when we talk about PCI when we talk about gdpr when we talk about HIPAA all of them have to require you to classify data in certain aspects people might ask you to do it here I have a PC I might ask you to do it at a cardholder data level gdpr might ask you to do it at a PIL evel's so a classification is required now what classification norms you are following how do you classify this data that depends on the kind of business you are running and that depends on what is your requirement so that is my data classification is a complicated method I mean it involves the aspect of protection as a initiative or as a strategy in itself and also specific classification based on the regulations or the regulatory standards that your governed by so all of this in combine is why you need a data classification you need to define a property at a classification strategy and you need to go ahead and can take their eyes and classify all types of data that are present in your infrastructure or network or your system or your organization to be very specific right so then we discussed about so now you will say that you know how ok so now I need to do this I understand the important scientists about data classification is how do I go ahead and do something like this so very first thing is you need to identify which type of data does actually need a classification what is data to you what is important data for you what is not so important data for you which are the ones that needs protection which are the ones if we could either cause you financially problem damage or could cause you reputational damage or cause affect your business in general or regulatory non-compliances and fines as well so you need to identify the need for a data gratification you need to identify what type of data is important to you what are your data types is is data too in your infrastructure as or in your network or in your system as structured or is it unstructured as well is it dispersed or is it centrally located how are people accessing you so - the whole data point understanding also how data is flowing within your organization you have to understand which people are accessing which kind of data so the data flow how we're a simple question would be whether is your readers - what type of data do you have so you could say that you know say I have data in the form of Excel sheets I have to tie in the form of databases I have written in the form of PDFs I have details the form of word I have written in the form of txt I have data in the form of epub I have data in the form of RTF I have data in the form of XML I have Jason so wherever and however you are storing the data you have to first identify it that is the key because we can't move ahead until we do that and this is where an activity called as data discovery comes this is an activity of using both manual and automated approach to discover whatever data is spread in your entire infrastructure so this first you need to answer these questions for yourself you know where so you understood where your data is now where is my sensitive data who is accessing my sensitive data what are the modes of transportation how is data sitting in storage how is data being transmitted so when you understand then you know which points to protect for example you could say that X is getting stored on shared drives and the only means of communication of data is email or you could say there is a shared drive and people copy/paste you could say that your people are inserting USB handing data so you have to identify the things that are there first once you identify what what type of data is there wherever the data is there what is my sensitive data how is my data flowing then you can go ahead and identify the types of controls for protection this is a data is prevention strategy not even talking about DLP solutions yet even before that so just to say we will talk about it so just to say that you know this is these are the three questions or are the pre activity questions that you need to answer yourself you need to get answers to this and then you go ahead and do data discovery right so what is the advantage of classification is that once you have your data classified then you can properly govern all type of data for example a data protection so now as an example you might say okay now give me some examples of data classification so within an organization let's keep regulatory things aside I may say that you know this is my financial data this is my HR data this is my R&D this is my research this is my intellectual property this is one form of classification then our documentation you would categorize into whether this is could be accessible by public you could give it a tag then the meta tagging also comes in place now when you are doing it and discovering it and then you discover the data what do you do then once you have discovered already tell you classified it now you tagged the data with some tag you could say that you know this is a public data accessible to public it's only this is private to be known to certain people this is sensitive this is confidential somebody goes some people go on and make super sensitive sensitive classification level 1 level 2 level 3 that is all on you so there is no specific way of doing it you need to first understand your business you need to first understand what kind of data you're consuming what I know data you're processing what kind of data you're transmitting bases all that you dag the data now extra tags when regulatory compliances comes in would be that this is this type of data is my PII this type of data is my thi this doc you might force PII data this document words pH Agata this document so then you could go ahead and process security controls on the regulatory aspect as well I have a follow-up question on this one the data classification partner like just asking from a freshness point of view sure couldn't it be a case where we have identified all the assets once the asset identification is done all the data which is incoming as well as outgoing through that assets we can actually you know only consider that particular data because we are only talking about assets and we do that could you could you repeat the question again let's say I have identified the critical assets in my organization by day and all the data which is incoming as well as outgoing through those assets I only you know consider because again at the end of the day I have to totally protect the assets right can I relate those to those two things I versus here here love the idea is that data in itself is an asset for you risk management we say that asset is of anything that is Book value so I said as a server is one thing but here when if somebody asks you okay love I have my asset is my person my employees my servers and my data so technology aspect protection as an asset is where data classification and data equals prevention framework or internal frameworks coming now now I understood it because now let me just clarify for other people who are watching now we are considering data information itself as an asset right yes yes very much so and that's how and that's a huge and very very good that you work brought this point because as practitioners we have we have a habit of identifying a server as an asset yeah desktop as an asset so we always think in those will but in from a risk management or an information security perspective if you look at it anything that is of value to an organization is an asset absolutely right so here theta becomes the asset right now we say okay now what are the types of data a classification because I am saying this because when when you read about this you will get this and if I don't cover this this will come up as a question either today or tomorrow and we will see this video is basically if we talk about an end to based suffocation and context these classification so when Wendy says what is content and what is context so just just to give you and if we go into the DLP architecture and how content and context base goes then this would be like a to our thing so just explaining business for people the curious people out there so when I say content I mean the exact keyword what are you looking for the exact content becomes the okay I can't explain content with same content is the keyword the letter the word the thing that denotes a certain type of a data becomes a content based classification for example when we are talking about PII so we know what PII is we know the name address all of these things so then this becomes content based classification where I know how to classify based on the type of content that a document has right context is basically to say like anything other than the content becomes the context for example who was the creator who was the author who is this document made for the context of it was this created for example if I make a presentation for senior management talking about internal sales and revenues now I deliver that presentation now I have to share this document with the senior management now the content based classification said that since it has financial figures company revenue that becomes a content based what akshay as a senior manager created this for of the senior management cxos for their eyes only to be only conclude by cxos and nobody else is the context who is the creator and who is the consumer so any document that is to be consumed the fourth and this is just one example that any document that is to be consumed by this specific set of people who deal with very sensitive data is a context-based classification so can I say that its type of a filter that we putting in in terms of classified as a contextual means right yeah so both so an effective data classification incorporates both content and context now for visually when a company starts with EXO data classification love is a continuous process you have to understand it you know you have you established a methodology you start as your company so maybe today you do not need a context let's say you have a linear structure where you know everybody's at the same position startups especially work in that way right so everything is shared with everybody so in that sense you may not require that much of a context but later on as your company grows hierarchy and structure grows you might want to introduce structure context based classification as well so you're even any like any framework it's on maturing over time even your data classification and Dieterle prevention framework or data loss prevention framework also matches over time so you start off with something with whatever you have because let's say today and I'm leading with X amount of data I can't say that the for the next 10 years and believe me what if my company acquires another company which has a whole different set of unstructured data and they are dealing with a different industry all together and I'm consuming it so now I have to go through and how I'd put a detoxification on them and kind of incorporate that take the classification into my classification have to map all the data taggings so all of this is a continuous process that is to say not to confuse anybody you start off it will analyzing how much of a content based mostly in most organizations the heavier portion is the content based because I need to make sure for example if there is an internal IP address in a document that should not be linked outside that organisation so that is this is a Content your understanding that what IP address is and you're making sure it does not go outside as an example right so this is the major difference between content-based in context space now there is also a concept of user based classification is basically heavily just on user but I kind of keep so as in if you want to difference you could also say that you know also analyzing in the document there is also there is just a content but what if you are also analyzing metadata but if you are also looking at the file type you're going in deeper so like I said anything other than contact content becomes the context so some people differentiate this user and context I like to keep it in the way that just depends so don't feel that you know there's something I did not cover then again a what we're talking about is which type of classification method do I use now now very very simple question is you know which type of classification method do I use so I as as a practitioner what I would say is that you know it's a mix it's a hybrid it's a remix the type of data that you're using will entirely depend on what is your need of data classification for example if you are not under a regulatory compliance if you are going for an iso audit and and so what it requires you to have a data classification mechanism in place that's it so in that case you could just go in for public private sensitive data and then you could just classify it right if you act you're actually facing data leakage because it does happen I mean I I will not believe somebody who says that you know there are there is zero data leakage happening inside my company that just essentially means that either your framework is not robust or your detection and monitoring mechanisms are not in place because I mean human mistakes human errors are so common man when we are talking about an organization from a larger perspective that these things keep happening so this is you could you want to protect protect your intellectual property you could want to do it for compliance purposes you may have across different organizations different functions and have a development team you may have a service model then you may have a financial team so a lot of data is missing here and there people are exchanging the time you just want some governance over this because it you can't leave it in a desired manner then you can control it this is the importance of data classification and and a lot of times people go ahead and implement DLP solutions without a proper data classification strategy and this is where it fails believe me man without a good data classification so spend more time on data classification data discovery and then once you are sure that you have everything covered like for example the crown jewels the sensitive information all the data has been tagged all the data discovery has been analysts after that you should go ahead and you know talk about implementing rules inside the DLP solution okay so Akshay can i summarize it and let me know if i am summarizing it properly for you know in order to classify you know the data the classification process number one should be to define the objective as you rightly mentioned they need to understand what is the objective behind data classification process right they need to make that serene things to create workflows waves upon the selected classification that they have done right yes the data flow how is the data front and third the third thing is defining the categories and classification criteria what what is what is it what is it they are using the classification criteria is key love what is your reason to and state all the reasons because that will help justify your classifiers right and forth last but not the least to define outcomes and usage of the classified data then they have actually classified now can I say that in these four steps can summarize yes very much so now an important thing or an important question that comes in because my tails okay you explained everything of who are the people who are involved in this data classification activity so typically this would be needless to say your CIO and CIOs team are an integral part of data classification strategy because he is the chief information officer he's the guy who's dealing with the information so his team is the team which is which has a key in defining because they are the people responsible for running idea operations they are the people who the seesaw typically reports to the CIO the second actor would be the Cecil who makes sure after in the data classification he has inputs of security and after the data classification he has the proper controls in place for securing the data right ready we notice asking a follow-up question we know what he's saying can you please give an example for data defining how to classify this yeah so like I just said let you know you could say that if you have if you're dealing with consumer data so what what are the personally identifiable information that is there if you're dealing with healthcare data what are the pH as if you're dealing with card data what is the cardholder data if you are dealing with intellectual property R&D what are the keywords if you were making software's what are what is your port how is your six source for different from a normal manual document that you are sharing right so whose type this is how you define it through keywords you're saying that this is sensitive this is source this is PII this is pH I so you do first data discovery you find all types of data then you do data tagging is where you tag each and every kind of data based on the keywords and this is how even as a human if I'm doing data loss monitoring and prevention I would be able to recognize or even a solution which we are going to also recognize in the same yeah we notice also have another follow-up question now he's saying how an l1 person will be able to understand this concept of given all shared data whether the venezuelan is secured or not i'm sorry can you just yeah so I did for a person who is that a one-level how can he understand the concept of shared data being secured or not so yes so and one level person is first of all just a part I may be a part of the whole data classification activity data classification is usually done by senior people who have understanding of how data is flowing they need to then follow and understand what data classification is being currently forwarding my organization so the data classification policy would be be uploaded on an intranet and you will have a sense of what this type of information means and then you can look for either tags or you can look for the nature or you can look for further that the type of classification which is associated the responsibility of that there should be a security awareness in place but when we talk about data classification and data leakage monitoring and prevention that is not the responsibility of an 11% from us obviously from an my perspective I am responsible for the type of data but you are not responsible for securing the data then this is the worst entity so you might be a part of the DLP team you may be a part of the info step team but the strategy is not where you coming the strategy is defined by managers senior managers yeah so for example you could say that you know public private and restricted so what type of improved your job postings your mark your your flyers banners all of that could come under your public type of documentation which is acceptable for properly use without without some restriction our classification could be private which documents should not be distributed externally okay to be shared internally not okay to be shared externally it becomes private restricted we when within this private or or an inside organization this is restricted use for us for your eyes only or for specific type of people these are usually the type of data that come under compliances like we say lead to new business whoever does not need to know about the PII or a pH I or or our financial information should not be allowed to use it so that kind of hanging restricted is kind of for that to give an example I guess we have the word pretty much from it classification occasions main point I have another follow-up question on data classification so I would like to clarify it you know at here and you know at the same time only so that we do not have to address them later because now you you are now in that flow right for data classification so the time to cheat on to Jan is saying information return on physical papers can it also be considered in the third classification if yes then how to apply DLP on it okay very good question in a very practical question I believe Junsu may be a part of this or some facing something like this so this is a question yes faced by a lot of people so children so what happens is when we are doing data classification and we have done it for our clients as well our clients come to us and they ask us that yes actually there is this whole bunch of pieces of paper that I have which is a documented thing inside a locker and it is secured so now the question comes is when from a DLP perspective I am not even going for solution let us just talk about data loss prevention as a as a concept and one important thing I wanted to say and I will say it again I I stopped before but I want to say this is that everybody should always think of BLP as a framework and not as a solution the problem with industry right now is as soon as I say DLP a product vendor will come in your mind and that should not happen DLP is a framework so technology has an excellent question what he is saying is if you're talking about physical paper if you're talking about data written on physical paper how would you do it so typically it runs so the activity when we are doing data discovery we do digitization of these documents so you might want to go for digitization meaning scanning and uploading and then converting it into a portable readable format purging the physical copy so on and so forth or locking it in a storage facility and then a person physically is monitoring or there is a surveillance camera that is looking you're protecting that information through biometrics is how you are securing or ensuring data loss prevention so the physical control I said once you identify the data you have to identify the type of kinds of controls so physical security act as a control is applicable to the data which is on paper I hope that answers your question okay sure I moved to DLP oh yes of course subject thank you so now how do so once you get a classification now you want to secure editor you put all the controls I am NOT going to discuss the controls for data protection because asset protection server protection we've already discussed if there are some specific questions we can then dig it up later because this is very specifically for the LP and I am looking at the time and time is going by I just need to make sure I cover the topics at least at a basic level so that everybody understands so now you're a problem statement as a manager as a practitioner as I see so is Akshay I did the data classification and now I want to make sure that this data does not get leaked either by some malicious actor or by anybody by mistake this is where data loss prevention or data leakage prevention comes in again I keep saying both of these things because a lot of people call it as DLP has data loss prevention I personally like to call it a leakage prevention because the leakage is the aspect there's a loss but leakage gives a sense of alarm or or a deeper sense but then that's just my opinion so don't hate me for preferring leakage over loss that's on you okay actually now yeah actually the saying thank you so much clear I am absolutely here now so thank you awesome man and then great question whether so so what is basically data loss prevention so essentially a major part of data loss prevention we just discussed it that classification in a discovery all of these are actual part of your data class data loss prevention methodology or or the establishment of your framework the reason I put specific emphasis is because I wanted people to get out of the solution zone in the first 10 minutes I have to get them out of that zone and then I have to explain it to them again is that that data classification data discovery data tagging are part of the DLP implementation again I am saying this is not a solution implementation this is a DLP framework implementation please folks if you take one thing from today is that never think of DLP as a DLP solution because when you approach it from a solution based approach then that's not the right way to go there are solutions which will enable your framework so make a robust framework and choose the best solution that fits the framework in all your needs instill security in that way rather than saying what the DLP has and know whatever solution they are saying and I will implement that over there that's a reverse approach and that's not the it's not a proactive way to security so why we keep saying is that data classification and DLP is a proactive way of approaching it a lot of people come and say that you know I have all of it protected I share it it's there on the servers I have predicted the servers that multi-factor authentication what if somebody by mistake sends an email how do you protect that you don't you can't because everything else was covered but how do you detect it so that is where your DLP strategy comes in right so you are identically it it is to say three major parts that come and discover monitor and protect so discover is a continuous process of scanning or looking through each and every asset each and every who can corner network devices shares endpoint servers for what type of data is there then what is the sensitive data and how do you classify it intact the data then monitor it based on the rules after you tell the data classification you define specific rules now what is that rule to say what type of action to do when a certain type of data is accessed or sent or if there is an attempt made to leak it in a certain way these are the rules that you define right for example you could say that as soon as somebody tries to send a document that has internal IP addresses mentioned on it that email should not go up so this is your requirement now all I need to do is I need to make a rule out of it if you meant that degree equal to internal IP then blocking in this is a rule now when I have a solution I will just configure this rule inside the solution and I'm done you see how we did it we first went through the data discovery we went through the data tagging classification then we took the requirement and we converted into a ruling it just configured the rule in Sector D l think we are golden so this is the importance now and then I think you're I think just to just to reiterate that whole point they have to understand the process and the approach to DLP rather than just simply buying a solution right because a solution you will get that vendor on board they will tell you everything they will configure they will help you configure you can have SMEs configure it for you but if you know our team your mind is not here yeah that becomes an issue so for all the Cecil's who are watching for all the information security managers who are watching take this as a big take away do not go for a POC without understanding your own organizational requirements that is the key here that is what actually is trying to debate every time here if you are watching this video you are see so you are a CIO you are right for mission security manager this is a big key for you create your own requirements document first create your own you know process document first what do you need to have in place that is the key here rather than going and calling for event for the POC because that anybody can do of course go adduction yeah yeah yeah so very very well said love so so the idea here is that you need to and I'll tell you enough why this is also essential you you made a very good point before moving further because we are moderate does this that if you don't have the classification in place if you take a vendor to just implement it and without a classification in place it will become a problem if you hire a consulting firm much like ours to help you in the data classification and discovery process it will still take some time and what we always says if you already have something in place it becomes easier for us if you do something from scratch it's not a problem but if more if you already spend sometimes if you can at least explain to me what is the type of data which is important for you then I can go ahead with that so the more understanding you have our few day to have your dinner flows right so I mean if you come to me and say you know I don't have any classification I don't have any data flow diagram and have nothing so then I will have to sit with your person to actually make a data flow diagram and that is why when somebody without a proper security posture or a data data from an asset protection in mind comes there'll be project implementation takes years to completely get operational you know it's correct from the idea of beginning or me imaging with you it takes six months eight months about a year to fully get the confidence depending on the scale of this year we're talking about a larger scale here for a smaller scale it takes a set time and an vendors would have you believe so the solution will be deployed within a matter of five days and then you can just configure the rule in the next five days and then it will that's not true that's just saying that you know they'll just put something over there do their job and then go but for you it has to be an effective framework approach yeah absolutely absolutely actually I have a follow-up question here we shall move eta is here with me welcome Michelle to the group he's asking may I know the difference between data loss and data leakage and are they both same he's asking so we shall again as I was saying so there's no I mean you could find something if you properly google it there will be somebody who's differentiating data loss and etiquette essentially you're saying if data goes outside of the authorized people who are supposed to access its data loss data lost is more towards unintentional and data leakage is more connotation towards intentional but today in today's terms data loss and data leakage are used together to just denote like I could say leakage of data either from intentional or unintentional Aust your data or somebody could say the availability is gone but I don't even what I am saying essentially is that the data leakage should not go outside so I that's why I use data leakage but then data loss prevention is also the right way so yes pretty much the same and notation when we are talking about this from an aesthetic point of view it may be a different yeah so we shall try to understand what you're saying is the analogy is the same which you were trying to admit come to a point the end goal is same here okay so that's what actually is trying to mention actually after that we have Prakash taku Prakash again is a returning you know lifestream member who is a part of the game now welcome Prince Prakash to the group and Prakash is saying what about a disgruntled employee now he is asking exactly exactly so that is where we maybe started Prakash that you know internal threat in itself of a great value and I I believe we were also discussing this when you're talking about zero Trust is that it's no more at the time where we are saying that just I have the only threat to me is an external a disgruntled employee could very much try to steal sensitive information and try to either send it outside or try to sell it out so that is a real problem that's an actual problem as organisations face and that is why we talk about data leakage prevents and indeed a loss prevention strategies actually do do we call this thing only the insider threat yeah yeah because the person who would typically have access to it but is now using that privilege for some malicious purposes typically they should only send you two over here but they're trying to sell you two so you must have heard about cases love where internal employees after resignation try to copy the internal documents to and send it to their personal email id or try to upload it to some their Google Drive this is an example of violation of data leakage prevention rule or our framework and this is what gets monitored detected and sometimes also prevented by DLP framework and through that the DLP solution okay so we shall be saying thank you so much great here is what the understanding now which I'll move it after that Prakash Sagar is returning Prakash is saying and one more thing Gateway spam filter protection against data loss and smartphone with camera though I I didn't get the question okay my gosh could you just light it in one go that will help so after that we have muhammad is muhammad idris muhammad thank you so much for returning to the live stream muhammad the gain is a you know part of the game now actually ease is active in terms of asking questions so very to muhammad yeah so muhammad needs an example for data in use data at rest and data in motion okay okay mama good question let me I wanted to do this later part okay let's do this so when I say data II so there is data at rest you time processing data in transit I guess that's what he's saying right from processes in details so so for example a data at rest maybe a data sitting on a file server a data in process is when that file gets uploaded into an application and being used or edited by either a person whose manual or who's doing changes or editing the document inside the application data in transit is when he's sending that document that output that comes in he's sending the document either through the solution application itself or through protocols like FTP SFTP or through email any emails so that is the difference between a simple example could be an excel sheet or raw excel sheet is data at rest when that excel sheet is uploaded into a solution and worked upon it is daytime process and when you are sending it sent to the person or share with the team is where it becomes a different transit so that document so I hope yes that answers that will yeah okay so coming back to my point we were talking about how a typical data loss prevention or DLP works is basically it talks about discovery money tree protection and then the whole management aspect of respect how do you manage all these three activities this in itself if somebody ever asks you how does a DLP or how does that help the activity you work or even how does a DLP solution works it is essentially the discovering monitoring protection and management of of these three activities this is this is your answer that's it now when we talk about discovery what you are saying you want to find whatever is stored in that discovery as a continuous process you have to create in many a time when we factor that in a register it could be an excel sheet every set will be part of a CMU whatever you are doing the asset when you draw asset in tribute or Google Data a mentoring you mentor you what types of data you have and also like the backup of data cleanup of data removing copies of that data making sure the latest version so that depends on the maturity any kind of some not going that much details I don't confuse people here so this is to give you a general sense now from monitoring your understanding how that it is being used mind it I still not gone to that PLP solution yet because for all people who are now thinking I mean I keep bringing people back because this that is this is very important you have to understand from a female perspective right it's a it's a combination of manual and automated work so we are talking about understanding how data is being used with understanding the content and the context remember I talked about content-based in context is understanding the content in context now also at this point you are defining what policy I want to meet this is not an information security policy this is data security policy you have your data you have done it now you are saying what type of policies I have and what type of how will I define my policy violation for example like this and now you are defining a policy is that all documents marked as internal should never be copied from a USB should never be sent by email it should not be uploaded now these are three different policies you made those policies now you also talk about what step do you should you take if the policy should the policy be violated right so but what should happen should a policy be violated should it be blocked should it there will just an alert should there be a combination of blockage an alert should there be a flag that is really should the access be removed now all of these things is what you need to define now other than is the third part is you are actually protecting the sensitive detachment so talking about concepts like encryption denied rest we're talking about concepts of if I have identified a sensitive data at a place where it should not be I should be able to perform an action such as delete that copy or if somebody is trying to access a sensitive data which is not supposed to access they should not be shown the data or rather a general message which says you are trying to access a document which has this tag so please contact your information security team and alert has been raised against you yes number X Y Zed so DLP D team there is a dedicated data leakage prevention team that are that is typically there in organizations depending on scale each other 1% 2% 3% and they continuously monitor it there are separate DLP alerts that come in and insider the DLP experts or the incident response response the IR team along with the DLP team then goes I had any investigates these alerts whether it was intentional whether this was distant and employee what was his motivation so all cases based on sensitivity I have been investigated why kind of went ahead and gave you an extra bit which I am NOT blind - yeah - and just widen it actually it happens and if the employee once that you know I had I am going now let's say the employee actually did it as Prakash mentioned earlier a disgruntled employee actually depict on purpose then people get fired yeah so this action taken against you and this is what comes under the manage piece when I say you know discover monitor and protect the manage pieces where you decide what to do with the wrist or the alert that has come in so you take actions yes so we penalize you penalize the entity in some way that could be a under whose processing that could be an internal employee who's accessing right so yeah so there are repercussions guys try to understand this is very important thing that's why we are discussing it here DLP in itself is implemented just to make sure that information is protected so that's what you need to understand that is very crucial if you get some alerts like this it is not good for you in that organization because yes you will be penalized it will not be a case where people will simply go come come to you and smile and say okay do not repeat this so it might not be the case so try to take this seriously so Mohammed this is returning Maggie is saying thank you so much Akshay and love so he has got the concept now thank you up safe okay great so so we talked about digital monitor protic essentially what you're doing in discover is you are you're saying that you know I did - I need to identify the targets and I need to learn a scan I need to scan these targets to find the sensitive details on the networks on the endpoints on the servers or on the assets then for monitoring you are continuously inspecting the data that is being shared you are monitoring the network and the endpoints and the servers for any activity on the files that are tagged and classified as per your director classification mechanism protection is the act where you actually do a take an action is either you block remove or a trip to the file you might quarantine or copy the files or you might notify this activity from the specific user or the user account information security team and their managers that there is a violation that has happened because this is sensitive thing like likely upset this could this could cause something to an extreme of you losing a job right so so in what are the different modes in which so this is where the solutions come in so DLP solutions have the capability of helping you in data discovery they you have to classify your data by yourself you have you have if you have the data classification policy in place they will help you define these policies in either in form of rules some solutions call this policy itself some people call it rules depends from vendor or solution to solution and then they will keep on monitoring the DLP solutions that are in place for how a DLP is implemented is basically in three types there is a storage DLP there is a network there is a storage PLP there is a network DLP and sorry I mean and there is an endpoint nail media okay I got it so a storage is basically to say that our points of storage on on shared drives on databases is Mayor basically your storage DLP works let's talk about what type of data are your employees actually storing and sharing and if if this DLP should you could call it a mode of DLP functioning or you could call it the way in which DMV solutions are implemented or you could call it a feature a lot of people use different terminology so I don't want you to get confused a single DLP might have the capability of network storage as well as endpoint the network is basically to basically to say whatever is passing through your sockets whatever is passing through your pores whatever is passing through your protocols all of this is being monitored and endpoint is basically to say act whatever endpoints that there are what type of data is being stored what type of data we process and what type of data is being copied pasted or accessed right so this is basically a summarization of how this works I've already spoken about the kind of so I could define on a policy violation I could define an action for example if in duty during it did not discovery I found out that on an employee's machine there is a expense sheet that is present and it should not be present I could automatically delete it if somebody is trying to access a from Drive which is marked as sensitive or restricted or as a PII and he is not supposed to access it if that person opens it he could be shown a pop-up it says that you're not supposed to access this if somebody is trying to send an email and attacking a sensitive document and trying to send it outside of an organization they could get our notifications in your email has been blogged and now you have to admin and the Alpha Team will be contacting you and there is a case that'll be filed against ya so yes there now okay first of all a huge shout out to ship can't sail my ship can't welcome to the game brother he's a you know big brother to us now if something's helping us a lot in you know managing adverts percept routes and he's actually helping a lot of people in answering their queries so huge shout out to you ship can't thank you so much for being there in the group and helping people so now step aunt is asking is there any free open source DLP tool available for use there are open source implementations of DLP and do an extension count if your scale is small you could script your way to create a customized DLP solution yourself it's not that hard to achieve it just depends on the scale and when your scale grows I would III must really suggest to move for an enterprise solution or or or go for like from product because then you have support because what happens when you try to implement an open source solution a lot of support is not there and many as you grow so today you might implement an open source DLP and it may work for you one or two years down the line but as you grow you might realize it's not able to respond to the scale and then again you deploying a new solution it might become a challenge for you because DLP is a very sensitive activity so that is something that should not be taken a risk with in an open source DLP solution a misconfigured rule may trigger false positives so she also yes folks are not a huge problem that yet where people have been improperly configured or miss your chosen DLP solution is that they get a lot of false positives because even though it wasn't a malicious access or wasn't even a leakage you get these alerts so filtering those rules and alerts and changing rules as per configurations that you keep getting from from the types of alerts from different types of users or different types of shows I'm sorry folks this this is raining outside so you might hear a little disturbance so that is important so in my case what I would suggest is try to manage the data at first spend time on your framework evaluate the type of Freer's the scale of data tension that you have do a pilot with an open-source DLP but once you grow up our scale you might want to go in for for more specialized product okay so okay after that Prakash tycoon has a question be saying can a smartphone make any chance of data loss scanner is asking how can a smartphone you know maybe you know trigger a data loss yeah so in sorry who was the gentleman forecast how cool yeah so Prakash very good question so what happens is when when we brought in the concept of BYOD will be brought in the concept of three your own device and will be are enabling people to access corporate data that is the biggest example of a data leakage to a smartphone your accessing corporate data your accessing documents your your accessing and through emails you're accessing them through collaborative apps and this is where you could I kind of make a copy or store it in your mobile phone and then try to extract it so this is an example how do you thought it is through a combination of DLP as well as MDM mobile device management which is like there to manage the BYOD policies and a BYOD environment we haven't covered MDM NV by only eight but yeah I mean we are in that flow so maybe in coming sessions we will cover BYOD mobile threats and MDM as well which should give you a bigger picture of all the types of threats that are that coming when a mobile phone comes into picture okay okay chief convinced saying thank you so much exchange toship sound is showing his thanks so thank you so much shift on Chicana have displayed your pic as well in this video I just got an option where I can show people how you look so thank you so much so now I am coming to let's check our channel it is asking actually if you can see the question on the screen he is asking to address this controlled employees or internal threats can we implement rule in DLP for employee on notice periods yes lemon planet actually very well said my and I are you already part of the th between somehow because this is a very great point this is very in-depth we ask because DLP policies there are specific policies Lillith for employees on notice period there are specific policies or people on probation there are specific policies for vendors all they there are specific DLP policies for these type of people and stricter rules applied to different zones of these people so a lot of accesses are removed when I even when we talk about Identity and Access Management so kind of integrates with the item as soon as the I am tells you that this person is on notice period the DLP in itself it activates the policy of like a notice period employ so yes that is true it does happen and it it does happen in practice and if it does not be practice it should happen so good good yeah okay a lot of people are joining this stream now I can see 17 people today I'm glad you all are there any questions that you want to ask in terms of DLP data classification any questions in terms of otherwise information security cyber security general if shock once off to GDP are anything and everything we are you guys feel free to sue yeah during that time I since the question is there I saw that there is a second part of this question if possibly explain with example rules so let me go ahead and I try to explain something that it's for example let's say I am a senior manager so I'm a last time I'm supposed to have an oppo to have the capability of being able to share edit down size of the organization but it is required when dealing with vendors a lot so when I move to a probation period I move from being able to access to allow to share to having heavily monitored for all the data that I am sharing outside of so I may have privilege of sharing internal data to certain Department or sharing internal data to some type of a vendor but that access may be revoked and that violation or or that policy might be applied to me when I am this period group of the people I hope that that explains your question so saying thank you so much so he is sending good vibes to us thank you so much relics for your appreciation and best wishes so a lot of people are there on the livestream I can still see 16 people here any questions in terms of information security cyber security in terms of jobs in terms of interviews in terms of anything if you want to ask feel free to shoot truth I have accepted me he is the Guru you know he will have self everything okay that you are here to ask okay so actually anything you would like to add before we conclude and you know yes yeah yes okay so funny question that people aren't and I I was hoping that they would ask this question is how do I evaluate a DLP solution what are the parameters on which I will be able to evaluate it because there are so many products out there and everybody is claiming their product to be the best but when I am evaluating a DLP solution what so I am NOT going to win depth but I'm giving you a certain pointers that will help you to know about what you're expecting when we are trying to evaluate a DLP solution his first thing you have to understand and ask them what are the capabilities that the DLP has enabled it does it include the endpoint network discovery that is does it include need nitrogen transit endpoint server discoveries as well is it supporting all types of platforms in here is the key a lot of people will come in and they say no this is only used for Windows as a platform is it supporting Linux is it supporting different flavors of Linux you might be using Red Hat you might be using a same toast you might be using Mac so is it supporting all platforms your your DLP solution that is one of the points is it also protecting against an external threat for an example should an external person try to access it is it differentiating between internal and external as well like that that will be one of your criteria how is it forming beta inspection and classification with in terms of content and context meet them explain with an example or with your example in case that how they are going to perform contextual analysis a lot of them only focus and try to send you content based the discovery in classification right that is why I express so much on the classification aspect lab so that you know this becomes a little clearer then are you dealing with unstructured data as well how are you dealing with this is it going to be so the detection mechanism is basically to say that there is an event-based mechanism in their detection and alerting and there is a policy violation also I have a policy if that policy is violated I'll be getting an alert and I can also define specific events so are you doing both event based and policy violation based detection and inerting and yes how much are you doing it from any agent is the agent going to consume a lot of resources at the endpoints and the server's are you using machine learning and AI as features in DLP we discussed about this love in previous videos the importance of ml and AI in cyber security when we spoke that's based on DLP as well so yeah this could be the major evaluation criterias per se not limited to this could be more yeah so I have a question on the screen now Akshay Khanna - Jen is asking Apollo question he is asking if we block USB port what are the other possible ways that we suggest to internal users for sharing the data are you saying I mean we won't suggest it right because yeah but is from a no I mean what do it over email do it over email send it to the proper person CC or manager so that everybody knows if you use USB then you're kind of surprised follow the proper channel of sharing and USB storage USB port blocking and it detecting if somebody's trying to access or copy data from USB is one of the use this is over DLP weather just to so children who are not very sure what will question is for your question is that so we do have to block USB port that is there a DLP has the feature of identifying or a deal with rework should address the that if somebody tries to computer into a USB Drive there should be at alert notification and the coffee should not happen that should be the capability of a DLP framework or a DLP solution if you're asking that you know if you are blocking everything and how am I supposed to share it on your email because that is also monitored and that that's the proper channel of doing it a secure way of is never copying it to USB ensuring there are yeah then there are other methods also for example they can use SharePoint implementation they can use onedrive team drive shared a lot of things are there you know yeah they can use that also so cool yeah but don't do it over a USB you actually mentioned that so after that because cocoon is saying how we protect data on the cloud okay so many big question Braga's actually very big and I think we should not answer it now because it needs a search engine in itself yeah so cloud-based data protection is a feature of DNV and should be addressed when your class when you're doing data classification sir this just from data classification and DLP perspective I'm not going to take this inner aspect phase protection and going into the whole cloud because I believe this should be covered when we talk about cloud security as a concept and I think LOV we should do it sooner because a lot of people keep coming up with questions on cloud here and there yeah so just to give a very high level overview cloud security is a two-fold thing because some of the environment is in the cloud is a you know sole responsibility of the cloud service provider that you have and some are the different items which is of sole responsibility of the customer so absolutely we need to do a video on this there is a period segregation which is laid out there people should know people should understand what are the things that they need to look after and what are the things that that service provider will look up where that's right yeah so probably from a classification perspective patrasche if you have data that is being stored on cloud you need to address the fact that when you are talking about daytime storage and retain transit even your cloud has an asset even a as an endpoint or a server comes in so your DLP solution should have a cloud based monitoring detection and protect the monitor detect and protect aspect of it that the DOS feature should be enabled in your earpiece you should understand that you're also now even from a human perspective from a non solution perspective you're you're observing how data is being stored on the cloud how it's being shared with a cloud or the separate instances of clouds and you have to protect and put the proper security controls and defines proper security policies and define what happens when a security fire for this is violated so cloud just becomes an aspect of it but data protection or information security or cyber security and on cloud is a separate topic and I believe should be taken up separately so after that a very important job related question actually on the screen now side Manoj Kumar is asking sigh welcome to the group agreed sighs a returning member actually he was there yesterday also so sigh thank you for so much for becoming a part of this community first of all so size is asking I think he's asking from a career exploration point of view of shape how to transform from an IT support engineer to information security engineer because I think he's getting a lot of sense he's making a lot of sense from these videos so he's concerned to you know change his career altogether I don't think he can do it you know so I think actually you need to tell him that path from which he can I think he will need a professional guidance action I I would think that so sigh and to answer your question is that if you want to move into information security as a domain the very first thing is you need to have your concepts here you need to understand what type of profile are you looking for because information security engineer as such it may be a designation but you have to understand the role that you want to get into do you want to get into network security do you want to perform vulnerability analysis do you want to support products and solutions do you write not IT support but that will do specific product implementation and support do you want to get in to risk assessment risk management aspect of it so first understand what your expectation is you have to also the factors are at what level are you if you are at a basic level the switch will be at a basic level you might have to take a couple of positions down because it's because you know you might have to so first understanding the concept if you are going a targeting something for higher level you require heavy skillset you require a professional I mean a practical knowledge applicational knowledge understanding of organization so you might want to start with understanding how information security is working within your organization first get a sense of how this is flowing then get a sense of what kind of a rule do you want to get into do you want to get into Sox do you want to get into assessments do you want to get into right team they want to get into blue D can you do risk team B is this on that then you take you decide that you know these are the things that are required you could go ahead and try to learn things from a knowledge perspective if you're going for a freshness point of view if you're going to look for a higher position you might want to go in for some professional grade training whether they teach you the concepts much like we do we have professional courses that are out there and will teach people not just the concept but also the applications real world huge cases and scenarios our experience as consultants as practitioners for risk management or V vulnerability assessment penetration testing or forensics or security operation center or incident response anything and everything so lot of things out there but first you need to clear your head and first decide what is it that you want should you have confusion in the type of thing that could is suitable to you like lovingly have been saying there is an email id just drop in an email give us a call we might sit with you and help you understand what is the best suited role for you and give you some level of guidance yeah just to add actually already has a lot of matches which are running through the same you know pipeline where people from different industries are actually transforming themselves into the security and cyber security domain so you can of course refer to the description there and get yourself you know maybe and say one thing that don't stop yourself if you're asking is this for yourself though I didn't explore it man cybersecurity is a great industry to work in it's a norm sustaining theater and it's fun to know that you know we are part of the securing team we are responsible for securing an organization so it's a huge responsibility and it's great work so congratulations on you know even thinking about switching to cyber security yeah absolutely so Prakash Taku now wants to know about a couple of things he is saying what is what is data beacon and what is the covert Channel okay APRA - I believe we can take these specific questions at at a separate level because it seems like you are everything involved in maybe we can get on a team a discussion maybe needs a professional piping yeah I mean yeah I mean what is the intention of the question is more towards maybe he has some specific problem or a specific point a commercial get yeah Prakash just trying to join the whatsapp group that we have I think you will get all these questions answered within them within this one and one are only okay so just be there go to my facebook page there you will find the whatsapp group that we have just try to join them okay all these answers and all these terms will get acknowledged in ten minutes I'm sure about that cool so anything else you know that you have sighs thank you say thank you so much so thank you Sai for asking the questions and feel free to ask anything we are here to help you okay so anything else that anybody want to add we'll ask before we conclude I think this was really a great insight and a great video action would say and will get a lot of benefit in terms of understanding what is data classification or all about what is DLP all about it's not a POC thing just try to get hurt somewhere from your mind and try to understand that this is an entire concept which is involved in order to you know get a DLP you know thing involved okay so okay there is a follow-up question from Rajini Gupta so displayed on the screen so let me is asking who performs the data classification in any organization I think she's asking who is the person who has this role of performing this so engineer depends from organization to organization in in some cases there are specific data protection officers that have the responsibility of data protection and are involved in in this but if you if you were not there when you started this video I spoke about the CIO Steele the creators of data the legal compliance team the seaso steal the info SEC team all are involved in discreet o'clock and and specific business unit ends all all are the people who are involved in the data classification strategy because you have to talk to each and every department enough to understand completely where data is there and you have to sit and talk to them and understand yeah so that this is the answer this is this is your answer that it's there is it is spearheaded by the information security team but the actors involved are the CIO steal are the business specific business unit heads it's the legal and compliance team somewhere even the HR may be involved so because just to add their Akshay rightly said just to and then it's a strategic point of understanding that's where you need all these people's involvement all the stakeholders should combine a plan for it okay so a lot of people are coming up actually a lot of questions are coming about much whether this video will end or not okay so if we if we have time and I I don't want to disappoint so don't use the other questions also coming up okay let me so let me just quickly address this because I just thought it where I add the ones of ending and if you are continuing I want him to go that is fine so progress not going into much detail so when we say over a channel basically you are talking about data breach actually you're talking about data breach you're talking model incident response that is why I didn't want to cover it here but what we are essentially saying a covert channel is we talked about so yeah we talked about uber channel but what we are saying is when somebody is trying to expel create some data and we spoke about the apt when we spoke about a target hit attack when somebody said to exfiltrate data that is the covert channel that they sign I am yeah I got your questions man not a problem so this covert channel is the channel that the agent establishes with the CNC server and this through which is where you are so the beacons is basically the signal that you are sending the beacon is the CNC your communication with the CNC and how the CNC is actually communicating with you and you are sending of beacons and signals to the attacker perpetrator or or the C&C server and the covert channel is through which you expect to read the data that's it this is from a definition postman and data beacon in the next one yeah that's what I said the signal in a message that you say what a lot of equations are coming up on cloud security session you secant secant is again a part of the game now she can't so thank you so much for asking these questions and you know being involved in the live streams so Shaitaan is asking us to plan for cloud security sure Shipka we can't we will have this session very soon actually has to just take out some more time I think because these will be videos all searching a lot so I'll see whenever he is available next time and we will surely planet for you because these are you know helping a lot of people so this is Mara Chauhan now so she's asking how to build a people centric cybersecurity strategy actually this is very appointed to you only man the high level don't go into much detail so when when you say when you say people centric cybersecurity strategy are are you considering the people privacy is that is the privacy what is your focus for what do you mean by people centric just want to understand this and then maybe we can address this sure sure sure sure so after that Vijay Lakshmi Martha is asking for data classification there is one chief data officer defined as the governance yeah so like I said data protection officer or chief data so that so it depends from organization which energy so she is answering they're answering the question that was asked that who is responsible for it CIO could be responsible as well chief data officer it's not at his ignition that everybody follows but it's a role and a responsibility so CIO may have the role of being a data officer or like we said then you be and see so many have the role of being a data protection officer but any old weight is off a lot of people right and she can't in saying thank you so much Levin actually appreciate your support so thank you so much everyone who were a part of this livestream I really enjoyed it personally to be honest with you because I haven't seen so much interaction in the past live streams maybe because this is Friday and we have now at a mode of understanding new things that's why a lot of questions are coming up at I'm happy to answer them nobody is feel free to ask questions this is your platform as I as I mentioned one day before also we are here to help you okay anything and everything that we try to answer we will try to answer here you can go ahead you and folks you can keep posting the topics that you want to get covered and believe me if not sooner than later they will be covered so we always keep loading the types of topics that you suggest even if some question went unanswered and you feel that you know you might want some more clarification drop it in the comments is okay we read all the comments and we'll make sure that you know if we missed something and if you feel you need more clarification write it and we'll address who will address the question but it's for everybody's benefit so just just one just be open this is a learning session a lot of people are thinking okay I am just displaying the comments on the screen and really happy that it is benefiting a lot of people now at least 10 people have thanked us today so really appreciate all your sponsors guys this is a motivation for us this is the only motivation that we get there is no other money that we are getting out of these videos that will be very clear with that okay this is the only motivation that we get because this is what actually you know will wake up you know tomorrow we will wake up and again we will think about something else okay so this is what drives us actually so thank you so much for being there in this part of this community try to share these videos asthma as much as you can so that we can build upon them a big community where people can leverage this information and get these learnings exchanged subscribe to channel if you don't want to and and somebody told me there is like this Pelican that also should be used so you know do that so that you get notifications because our time is usually depends on availability and my availability he's himself placing lot of things I myself am managing a company in itself so we might give on a short notice like on a 15-minute notice we might come online so it's better that you subscribe and and you have that notification thing on so that you need to know when we'll be planning usually it's at the night time Indian time but yeah to stay updated and you might not know if you specifically had some problems and you miss the sessions we don't want that to happen yeah and just to add one more thing since a lot of layoffs are happening so I am again and again touching on this important aspect of things if anybody who is out there who is who is able to listen to us any you know anyone who is facing any issues in terms of getting a job you know in the information security domain in the district domain the oneness domain let's try to let me know let us say no just try to get involved okay and let us know what are the ecomes that you are facing where we can actually help you okay this is a forum that you can actually reach out to so access number and all the details are there in the description feel free to reach out to him you know you can reach me on the Facebook page also I have also mentioned the Facebook page here for your reference in these videos as well so feel free to reach out guys do not think that you are alone in this okay we are we are doing all this just for you so we would like to help you out in the job search aspect as well okay so do not think that you know this is anything stopping you know this for asking these questions so then it is saying thank you so much and appreciate all your time and help thank you so much Lilith this feedback is really good yeah thank you so much Dalek so cool so I think that shake great to meet you again I would say one of this rent why just like anything and still I have 13 people watching which is a great thing in itself and really appreciate your time really appreciate all the time that other people are spending just stay safe because staying safe is very important these days do not try to go out of your homes without any particular need just try to watch out for yourself and your family thank you so much for spending your time with us thank you bye bye thanks folks bye-bye have a great

Info

Channel: Luv Johar Free IT Training Videos

Views: 6,727

Rating: undefined out of 5

Keywords: data classification, dlp, data loss prevention, data loss prevention tutorial, data loss prevention basics, data loss prevention (dlp), what is data classification in information security, data classification cyber security, data classification information security, information security data classification, cyber security data classification, what is dlp, what is data loss prevention, what is data leakage prevention, data leakage, data leakage prevention

Id: SV2S537yjL8

Channel Id: undefined

Length: 82min 12sec (4932 seconds)

Published: Sat Jun 20 2020