Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ISO/IEC27000: Data Leakage Monitoring

by Megan Daudelin
June 20, 2016

Organizations today are leveraging collaboration tools to communicate and access information from virtually anywhere. Although collaboration tools help support mobility needs, many organizations fail at monitoring employee activity and other behaviors that can place assets and confidential data at risk for data leakage. This Assurance Report Card (ARC) will report on cloud-based service activity, instant messenger events, and other sources of data leakage within the enterprise.

Data loss can happen inadvertently through unencrypted and unmanaged devices being lost or stolen. Access to personal cloud-based accounts for file sharing, personal email, or corporate email can also be additional sources for data leakage. Monitoring data-in-transit across all network endpoints will assist organizations in identifying and preventing sources of data leakage. This ARC aligns with the data leakage and data-in-transit controls of the ISO/IEC 27002 framework, which can help to prevent data leakage and keep confidential data secure.

As more organizations continue to expand their workforce, many employees rely on personal cloud-based accounts, personal devices, and BYOD policies to support communication and mobility needs. This increase in productivity can allow for more corporate data to be stored outside of the network that security teams can’t monitor. Many employees will undermine security policies to access unauthorized websites, use instant messenger clients, and plug in unmanaged devices that could be vulnerable. Monitoring employee activity will alert organizations to any suspicious behavior or unauthorized applications being used to transfer files. The most effective way to prevent data leakage is to gain insight into how data is moving within a network. Knowing how data is being transferred will leave organizations adequately prepared to detect, respond, and prevent data breaches from occurring.

Policy statements included within this ARC provide a baseline organizations can use to determine how well data leakage policies are protecting corporate data. Systems are monitored for potential data leakage and communications from outside of the network. This information may include systems communicating with botnets, or other malicious activity that should be investigated further by the analyst. Additional policy statements will report on activity from cloud services, instant messenger, and peer-to-peer clients. Cloud services and instant messenger clients are frequently used by end users, and should be monitored closely to prevent data from leaving the network. Each policy statement can be customized to meet organizational requirements. Other policy statements report on systems containing sensitive data such as Social Security and credit card numbers. This information is highly targeted by both internal and external attackers for malicious purposes. Organizations should encrypt highly sensitive information to ensure that all confidential data remains secure.

This ARC is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The ARC can be easily located in the Feed under the category Compliance. The ARC requirements are:

  • Tenable.sc 5.3.1
  • Nessus 8.5.1
  • LCE 6.0.0
  • NNM 5.9.0

Tenable's Tenable.sc Continuous View (Tenable.sc CV) is the market-defining continuous network monitoring platform. Tenable Log Correlation Engine (LCE) performs automatic discovery of users, infrastructure, and vulnerabilities across more technologies than any other vendor including operating systems, network devices, hypervisors, databases, tablets, phones, web servers, and critical infrastructure. Tenable Nessus Network Monitor (NNM) provides deep packet inspection to continuously discover and track users, applications, cloud infrastructure, trust relationships, and vulnerabilities. Tenable.sc CV is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audits. Using Tenable.sc CV, the organization will obtain the most comprehensive and integrated view of its network devices and sources of potential data leakage.

ARC Policy Statements:

No data leakage has been detected: This policy statement displays the number of systems where data leakage has been detected compared to total systems on the network. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. Any type of data leakage, either intentional or unintentional, can result in the exposure of confidential or private information. This policy statement will help to measure the effectiveness of security controls in place on the network. Systems with detected data leakage should be investigated immediately to minimize potential security risks.

No systems with data leakage events communicate outside the network: This policy statement displays the number of systems that have reported data leakage events and communicate outside the network to all systems with data leakage events. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. Data leakage events from systems that are communicating outside the network could be indicative of an intrusion or other malicious activity. Such systems should be investigated immediately to ensure that the outside communication is not exfiltrating sensitive data from the network.

Systems reporting cloud-based activity within the last 7 days: This policy statement displays the number of systems reporting cloud-based activity within the last 7 days to total cloud activity detected. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. Cloud activity may include internal users accessing services such as Dropbox, OneDrive, Office 365, and various cloud-based email services. Systems should be restricted from accessing cloud-based services, as this will increase the risk of data leakage.

No systems are reporting credit card leakage activity: This policy statement displays the number of systems reporting credit card leakage activity to total systems. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. Systems reporting credit card leakage should be investigated immediately to determine the source of the leak. Credit card data is considered confidential information, and leakage of this information can be devastating for the organization.

No systems are reporting Social Security number leakage activity: This policy statement displays the number of systems reporting Social Security number leakage activity to total systems. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. Systems reporting Social Security number leakage should be investigated immediately to determine the source of the leak. Social Security numbers are considered confidential information, and leakage of this information can be devastating for the organization.

Less than 5% of systems are detecting Instant Messenger clients: This policy statement displays the number of systems with Instant Messenger clients to total systems. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. Instant Messenger (IM) clients provide the ability to transfer files in and out of the network. Although many organizations use IM clients for internal communications, all IM activity should be monitored for potential data leakage.

No systems are reporting Peer-to-Peer (P2P) activity: This policy statement displays the number of systems reporting sensitive data leakage activity to total systems. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. P2P clients can include activity from BitTorrents that can allow malware to propagate, and confidential data to be exfiltrated. Organizations should prevent the use of P2P clients from being installed on a network.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training