Nation state actors got you down? A CISO's guide to protecting data from keyboard to cloud

It’s nearly impossible to provide quality business-to-business or business-to-government services without encountering sensitive, regulated or secret customer data. That’s a lot of risk to take on. Trellix can help keep data safe from the moment you collect it until the moment you securely dispose of it.

The news has been full of breach notifications lately, and the loss and exploitation of customer data is getting to be more and more common. From the smallest mom-and-pop shops to the biggest name brands in business software and services, it seems like nation state actors are coming for everyone these days. These state-affiliated hacking groups attempt to breach organisations they believe can provide actionable intelligence for warfare or diplomatic advantage, to gain cyber warfare capability (think, shutting off the water supply, internet or power to a metro area), or simply to do crime to fund their regime. As supply chain attacks become more popular, it’s worth remembering that most of our organisations are part of someone else’s supply chain.

It can be tempting to solve the problem by simply never collecting any customer data. This is unfortunately unrealistic for many organisations, especially those that provide products and services to government organisations. Responsible business partners, vendors, suppliers and OEMs have a duty to secure their information systems, and properly manage IT operations and data handling practices. Don’t worry, you’re not alone in defending your patch. Trellix actively tracks nation state actors, including global activity, infrastructure and TTPs. We use the intel we gather to provide detection, protection and response content for our products, as well as to inform continuous product enhancement to counter dynamic threats. We also provide strategic, operational and tactical level threat intelligence to customers through our threat intelligence services. Trellix XDR can provide automated moving target defence to ruin the bad guy’s day. We have tools to protect against insider threats too.

Data security is about more than just preventing and healing the breach quickly; we also need to make sure we are following the organisation’s data strategy and utilising data governance processes to exert affirmative control over how the organisation interacts with data. Organisations need countermeasures for every data vector, which Trellix can provide, but they also need to know what data matters to them, what it looks like and how they intend to protect and manage it.

If you aren’t sure what a high-quality data governance programme looks like, here’s a high-level view. As you can see, we have to carefully consider both internal and external stakeholders, and our desired outcomes, across the entire data life cycle. Trellix Professional Services is able to help you get started with this process if you’re unfamiliar, and provide advanced guidance to those already on the journey. It’s a great way to spend your Trellix Thrive credits.

Figure 1: We made this in Visio literally for fun.

---

Once the organisation has developed the data governance muscle, we will be able to exert control across the many data exfiltration vectors. Knowing what data needs to be restricted and what data can be allowed through each vector, and to/from for each destination, is critical to the success of your data security program. Trellix has a variety of countermeasures to cover data, whether the user is entering it for the first time with their keyboard or storing and manipulating it in the cloud.

Figure 2: We love growing countermeasures in our carbon neutral, organic, fair-trade security garden!

---

Lastly, we’d love to leave you with a key process control you can implement quickly. Using encryption for separation of duties use cases can dramatically increase the amount of work that nation state actors have to do in order to successfully exfiltrate data. Password spraying attacks, such as those used to great success early this year, can often be successful in compromising one or two accounts. If the account compromised happens to have administrative privileges, this can open the floodgates to data theft.

We can increase the level of effort required by encrypting the data that’s worth taking, and ensuring that the administrator of our encryption program is not the same as our device or storage administrator. As shown in the graphic below, no single compromised account can grant themselves access they shouldn’t otherwise have. Ensuring that all authorised users have controls like strong multi-factor authentication in place (No 'did you log in here yes/no?' Push notifications please) as a condition of access can further harden your organisation in these situations. Even something as simple as: “Encrypt all locally stored outlook archives” can significantly reduce data exfiltration risk. Trellix File and Removable Media protection can achieve this quickly and easily with a little help from Trellix Data Loss Prevention Endpoint.

Figure 3: We wrote that whole paragraph just so we could use this venn diagram in the blog post.

---

• Strengthen or build your organisation’s data governance programme so you can affirmatively control the data your organisation holds.
• Map your data governance requirements to your technical controls/countermeasures to ensure there are no gaps.
• Use encryption to enforce separation of duties, making successful exfiltration more difficult.
• Call Trellix Professional Services if you need help with anything discussed today.