20 Apr Fortscale Enhances DLP Deployment – Helps Prevent Malicious Data Extrusion
I recently had the opportunity to review how one of our large banking customers is using Fortscale. This was very informative to me as I was able to experience first-hand how Fortscale helps with Data Loss Prevention (DLP).
The bank has over 15,000 users and upwards of 20,000 endpoints across numerous locations, and like all large financial institutions, they are constantly threatened by Phishing, social engineering, and other cyber-attacks. One of their major concerns is data exfiltration. The bank detected that employees were compromising sensitive data through innocent mistakes or carelessness.
In addition, the bank found that some employees were intentionally and maliciously violating security policies and abusing their authority by transferring confidential data to parties outside of the organization.
Classifying Data and Maintaining Rule Sets is Not Feasible
To combat these problems, the bank deployed a leading DLP product, and an automatic classification and rule creation tool to lessen the manual labor required to administer the system.
However, they soon discovered that classifying the data and developing and maintaining all of the rule sets necessary for the system to operate effectively was still too complicated and time consuming. The project failed, leaving the organization still vulnerable to data loss.
Bank Implements DLP Solution
Through this experience, the bank realized they needed a DLP solution that didn’t depend on classifying data or on the creation and maintenance of a large number of complicated rule sets. To that end, they conducted their own product bake off, and evaluated multiple solutions, including Fortscale. They tested each product to see how among other things, it would:
- Detect sensitive data being exfiltrated via removable media such as flash drives
- Detect sensitive data that was transmitted outside of the organization by email
- Detect sensitive data that was printed on hard copy, presumably for unauthorized distribution
Within twelve minutes of testing, Fortscale had detected a number of unauthorized actions from a specific user, including connections to multiple and unusual hosts, copying a large number of sensitive files, downloading a large number of files to a removable device, and deleting a large number of files from the user’s desktop.
Fortscale also detected multiple employees that were emailing sensitive data to users unrelated to the company. Not only were the number of emails abnormal when compared to the baseline activities of the users, but so was the amount of data.
During the test to detect unauthorized distribution of printed material, Fortscale discovered an employee accessing a highly unusual server, and downloading a very large confidential file. Fortscale then detected the user’s transmission of this file to one of the company’s printers. This was also anomalous behavior and deemed an unusual use of this particular printer. It was also an abnormal amount of data to print.
The other products tested failed to detect these data exfiltration activities. They also generated high numbers of false positives, which created a significant amount of unproductive work for the banks’ security analysts.
The bank’s comprehensive tests showed conclusively that Fortscale was the most effective solution for their needs.
After deploying Fortscale, the bank has seen a dramatic improvement in the detection of insider threats. The number of false positives dropped almost entirely, and security administrators don’t have to spend time writing, tuning, and maintaining countless sets of rules and thresholds. Not only was their primary goal of detecting data exfiltration met, but the bank also discovered a number of other insider threats and activities that they were unaware of.
Read how Fortscale’s Presidio Enhances Large Financial Institution’s DLP Deployment here