You can create powerful rules to prevent data loss, detect insider threats, identify abusive behavior and accidental threats, improve employee productivity and conform with regulatory compliance.
Preventing Data Loss
| Uploading documents that contain sensitive data to personal Cloud drives. |
| Sharing documents outside the organization that has a confidential watermark. |
| Sending out emails with sensitive files to non-corporate emails. |
| Sending out emails with large attachments, too many attachments or zipped files. |
| Printing during irregular hours. |
| Printing a large number of sensitive documents. |
| Taking screenshots, using screen capture or snipping tools. |
| Copying CRM data and pasting it in emails, an external site or in an unauthorized application. |
| Non-authorized use of Cloud sharing drives as an attempt to exfiltrate data. |
| Saving files on a removable media. |
| Sharing files with protected properties such as Tags, Attribute, Document Category etc. |
| Employees communicating with competitors. |
Detecting Insider Threats
| Sign of discontent, harassment, legal threats or other sentiment in emails or IM chats indicating underlying issues. |
| Development team using production data for testing and development. |
| IT department storing authentication information such as credit card magnetic data which is prohibited under compliance laws. |
| Accessing internet from restricted servers. |
| Installing RDP clients or opening ports. |
| User entering sensitive data such as passwords or personal details on potentially harmful or phishing sites. |
| Employee using the browser’s incognito/private mode frequently. |
| Clearing browser history or deleting cache files. |
| Sudden change in schedules or work pattern. |
| Using code snippets in database queries. |
| A vendor attempting to bypass security clearances and gain additional access by exploiting a bug, design flaw or configuration oversight in an operating system or software application. |
| Contractor attempting to log in to database servers during off-hours or after the completion of a project. |
| External user or freelancer accessing confidential customer and employee records. |
Identifying Abusive Behavior and Accidental Threats
| Employees looking at materials online that are questionable, suspicious or otherwise dangerous. For example, hacking sites, pornography or piracy content. |
| Abusing company resources, such as, printing unnecessary copies of documents, throttling the network etc. |
| Customer agent asking for credit card numbers in unsecure email or support chat without using the proper communications channel. |
| Sharing ‘not for the pubic’ files on social media or IMs. |
| Employee opening emails that contain phishing links, viruses or malwares. |
| Installing browser plugins that aren’t secure or known to be problematic. |
| Entering passwords or personal details in unsecure websites. |
Detecting Malicious Intent
| Unauthorized user reading a document they should not have access to. |
| User trying to hide information in an image. |
| Employee participating in insider trading by sharing embargoed information such as M&A documents. |
| Searching the internet for suspicious keywords and phrases, such as: ‘how to disable firewall’, ’recover password’, ’steganography’ etc. |
| Running the Tor browser or accessing the darknet sites. |
| Attempting to bypass the proxy server. |
| Installing VPN client. |
| Running network snooper, registry editor or other dangerous applications. |
| Running password crackers, keyloggers or other malicious tools. |
| Running software from external media or Cloud services. |
| Changing the configuration of the network or system settings. |
| Opening up blocked ports in the router settings. |
Improving Productivity and HR Management
| Get notified when workers spending too much time on Facebook, watching YouTube videos or surfing online shopping sites. |
| Warn employees when they are spending excess time on personal tasks such as applying for jobs. |
| Using applications or sites that are unproductive. |
| Not following prescribed policy when dealing with customers. |
| Not following corporate etiquette policy, for example, visiting gambling sites. |
| Contractor submitting invoices that do not match work hours or task completion status. |
| Prevent exfiltration of PHI (Protected Health Information) such as EHR, FDA recognized drug names, ICD codes, NHS numbers etc. to comply with HIPAA and HITECH policies (HIPAA 164.500 – 164.532). |
| Automatically log-out user when inactive for certain time (HIPAA 174.312). |
| Block unauthorized traffic from EHR/EMR and clinical applications (HIPAA 164.306). |
| Restrict access based on a user’s ‘need to know’ clearance. For example, block IT admins from accessing cardholder data while performing support tasks (PCI-DSS 10.1). |
| Use OCR-based rules to detect when user has access to full view of a PAN (Personal Account Number) violating PAN-masking or PAN-unreadable rules (PCI-DSS 3.4/3.5). |
| Block file-write operation when credit card numbers or magnetic track data is detected that would violate the storing of authentication data rule (PCI-DSS 3.2). |
| Prevent sharing of contact list containing EU PII (personally identifiable information) such as English names, EU addresses or EU phone numbers (GDPR 5). |
| Warn user when sharing files containing data such as DNA profile, NHS/NI number and sexual orientation data, hence preventing the violation of processing of special categories of personal data rule (GDPR 9). |
| Ensure that non-EU admins cannot access the records of EU employees preventing the violation of transfers of personal data to third countries rule (GDPR 44). |
| Enforce security-compliant behavior and take immediate action on detection of anomalies or rule violations and train employees with detailed rule-alerts (ISO 27001, Standard Enforcement). |
Comments
0 comments
Please sign in to leave a comment.