DIGITAL GUARDIAN DATA PROTECTION RESOURCE CENTER
From analyst reports to eBooks and videos to webinars, we have all the data protection content you need.
From NO to KNOW: The secure use of cloud-based services
Quocirca's research report examines the current attitudes among UK businesses as it relates to adopting cloud-based services. These include on-tap infrastructure, support for live-in-the-cloud business processes and the outsourcing of utility applications to third party specialists. For many organizations, the use cases are now overwhelming and the choice is not whether to accept cloud-based services, but how well prepared they are for their use.
Weak Links: Strengthening the Information Supply Chain
Information supply chains are becoming more complex as organizations make increasing use of online interaction to support business processes. The choice is not whether to share data with others, but how securely this is done. Priorities vary depending on the types of data being shared and this includes the choices made in the supporting security capabilities. Read Quocirca’s report to learn more about the current security posture companies have in the UK for their information supply chain and the steps they’re taking to secure them.
How to be Ready for a Client Data Security Audit
Learn how our Managed Security Program can help you quickly and cost efficiently demonstrate to your corporate clients that you can secure their sensitive data.
Room for Improvement: Building Confidence in Data Security
Quocirca's latest research report examines the current lack of confidence UK business have in their data security measures and demonstrates the value of user training, advanced data protection technology, and incident response for addressing this issue.
Data Security Knowledge Base
What is Data Forensics?
Data forensics, also know as computer forensics, refers to the study or investigation of digital data and how it is created and used. Data forensics is a broad term, as data forensics encompasses identifying, preserving, recovering, analyzing, and presenting attributes of digital information. In regards to data recovery, data forensics can be conducted on mobile devices, computers, servers, and any other storage device. Data forensics can also be used in instances involving the tracking of phone calls, texts, or emails traveling through a network. Digital forensics professionals may use decryption, reverse engineering, advanced system searches, and other high-level analysis in their data forensics process.
Two types of data are typically collected in data forensics. This first type of data collected in data forensics is called persistent data. Persistent data is data that is permanently stored on a drive, making it easier to find. The other type of data collected in data forensics is called volatile data. Volatile data is impermanent elusive data, which makes this type of data more difficult to recover and analyze.
The History of Data Forensics
As personal computers became increasingly accessible throughout the 1980s and cybercrime emerged as an issue, data forensics was developed as a way to recover and investigate digital evidence to be used in court. Today, investigators use data forensics for crimes including fraud, espionage, cyberstalking, data theft, violent crimes, and more. Computer forensic evidence is held to the same standards as physical evidence in court. This means that data forensics must produce evidence that is authentic, admissible, and reliably obtained.
The Data Forensics Process
The data forensics process has 4 stages: acquisition, examination, analysis, and reporting. There are also various techniques used in data forensic investigations. One of these techniques is cross-drive analysis, which links information discovered on multiple hard drives. A second technique used in data forensic investigations is called live analysis. Live analysis examines computers’ operating systems using custom forensics to extract evidence in real time. Recovery of deleted files is a third technique common to data forensic investigations.
Data Forensics Tools and Software
There are many different types of data forensics software available that provide their own data forensics tools for recovering or extracting deleted data. There are also many open source and commercial data forensics tools for data forensic investigations. Security software such as endpoint detection and response and data loss prevention software typically provide monitoring and logging tools for data forensics as part of a broader data security solution.
Challenges Facing Data Forensics
There are technical, legal, and administrative challenges facing data forensics. Technical factors impacting data forensics include difficulty with encryption, consumption of device storage space, and anti-forensics methods. Anti-forensics refers to efforts to circumvent data forensics tools, whether by process or software.
Legal challenges can also arise in data forensics and can confuse or mislead an investigation. An example of this would be attribution issues stemming from a malicious program such as a trojan. Trojans are malware that disguise themselves as a harmless file or application. Since trojans and other malware are capable of executing malicious activities without the user’s knowledge, it can be difficult to pinpoint whether cybercrimes were deliberately committed by a user or if they were executed by malware.
From an administrative standpoint, the main challenge facing data forensics involves accepted standards and governance of data forensic practices. Although there are a wide variety of accepted standards for data forensics, there is a lack of standardization. In regards to data forensics governance, there is currently no regulatory body that overlooks data forensic professionals to ensure they are competent and qualified.
Data Security Knowledge Base
Data Protection 101
Learn more about the fundamentals of data and information security in our Data Protection 101 Series
Welcome to Data Protection 101, our series on the fundamentals of data security. In this series you will find information on a wide array of topics that any security professional should be familiar with. This series is created to expand your knowledge, providing you with definitions, background information, examples, and best practices for the most important subject matter regarding data security.
Here are the links to all of the topics we have covered in this series:
- What is Cloud Account Hijacking?
- Cryptography in the Cloud: Securing Cloud Data with Encryption
- What is an Advanced Persistent Threat? APT Definition
- What is a Phishing Attack? Defining and Identifying Different Types of Phishing Attacks
- What is Insider Data Theft? Data Theft Definition, Statistics and Prevention Tips
- What is Device Control? A Device Control Definition
- What is Email Encryption?
- What is Data Exfiltration?
- What is ITAR Compliance?
- What is HIPAA Compliance?
- What is PCI Compliance?
- What is SOX Compliance?
- What is Application Control?
- What Is Data Encryption?
- What is Data Loss Prevention (DLP)? A Definition of Data Loss Prevention
- What is Application Whitelisting? An Application Whitelisting Definition
- What is an Insider Threat? An Insider Threat Definition
- What is Data Classification? A Data Classification Definition
- What is Endpoint Detection and Response? A Definition of Endpoint Detection & Response
- What is Data Integrity? Data Protection 101
- What is Endpoint Security? Data Protection 101
- What is Data Governance? Data Protection 101
- What is Endpoint Protection? Data Protection 101
The Quick Guide to Managed Security Services for Law Firms
Learn about why managed security services are a good option for law firms who need to protect sensitive client data.
The Quick Guide to Managed Security Services for Midsize Businesses
Learn about why managed security services are a good option for midsize business.
Data Security Knowledge Base
What is Incident Response?
Incident response can be defined as a method for responding to a security breach or attack. The intended outcome of incident response is to minimize damage while also reducing recovery time and costs. An incident response plan is a step-by-step process that is carried out after a security incident occurs. As a result, an incident response plan must specifically define the terms of what the organization considers to be a security incident – this definition will vary from organization to organization. Examples of security incidents that can require incident response include attempts at gaining unauthorized access to data or systems, disruption or denial of service attacks, malware infections, and unauthorized use of systems to manipulate data. In addition, unauthorized changes to a system’s hardware, firmware, or software can also be considered a security incident requiring response.
What is a Computer Security Incident Response Team (CSIRT)?
Computer security incident response teams are groups that analyze reports of security breaches and manage the incident response process. Computer security incident response teams can be formally established or can be put together when an incident arises. Of course, the more organized an incident response team is prior to an incident, the more efficient their response can be; the same goes for incident response plans themselves.
There are many different types of computer security incident response teams. Internal computer security incident response teams are composed to serve a parent organization such as the government or a corporation. National computer security incident response teams provide incident response services to an entire country. External computer security incident response teams provide paid incident response services when needed. Other types of computer security incident response teams include coordination centers, analysis centers, vendor teams, and incident response providers. Aside from computer security incident response teams, there are also various cyber incident response and data incident response software/tools available for organizations to use.
Benefits of Incident Response Plans
An effective incident response plan improves the decision making of the organization. Having standardized procedures for incident response allows for decisions to be made quickly and effectively, which is critical following an attack or compromise. Effective incident response plans also improve internal and external coordination. Internal coordination is improved because incident response planning aligns all of an organization’s business functions around critical security issues. Externally, incident response plans help to maintain relationships with third parties, which can be critical to the organization’s success in addressing a security incident.
Incident response plans establish distinct roles and responsibilities across the organization. This makes the organization’s internal response activities flow much more fluently and efficiently. Moreover, incident response plans enable organizations to act immediately after an incident is noticed and limit the damage from incidents that occur.
Shortcomings of Incident Response Plans
Although incident response plans bring the benefits of strategic and coordinated threat response, if not properly designed or implemented, incident response plans can be ineffective. Additionally, incident response plans that are outdated or too generic will not serve companies well when a security incident occurs. Another shortfall organizations can face in incident response planning is when a plan is developed following a siloed approach – that is, the incident response plan is too concentrated within a small portion of the company, leaving other business units in the dark. Exclusive incident response plans may be an option to defend against highly targeted attacks, but they also leave organizations susceptible to incidents that affect other business units. Finally, incident response plans can easily become ineffective when organizations fail to allocate human resources effectively to align stakeholders with their appropriate roles in security incident response.
Ultimately, in order to be effective, incident response must be well-planned and updated continuously to address new threats and risks facing the organization as well as new laws regarding cyber security. When developed and executed properly, cyber security incident response brings countless benefits to the victim organization – including damage control, reduced mitigation costs, improved response times, and minimized brand damage.
Data Security Knowledge Base
Intrusion Prevention System
What is an Intrusion Prevention System?
An intrusion prevention system (IPS) is a tool that is used to sniff out malicious activity occurring over a network and/or system. Intrusion prevention systems can also be referred to as intrusion detection and prevention systems (IDPS). Intrusion prevention systems function by finding malicious activity, recording and reporting information about the malicious activity, and trying to block/stop the activity from occurring.
Intrusion prevention systems expand on the capabilities of intrusion detection systems (IDS), which serve the fundamental purpose of monitoring network and system traffic. What makes intrusion prevention systems more advanced than intrusion detection systems is that IPS are located in-line (directly in the path in which the source and destination communicate) and have the capability to prevent or block the malicious activity that is occurring.
How do Intrusion Prevention Systems Work?
Intrusion prevention systems are usually located behind a firewall to function as another filter for malicious activity. Since intrusion prevention systems are located in-line, IPS are capable of analyzing and taking automated actions on all network traffic flows. Those actions can include alerting administrators, dropping dangerous packets, halting traffic coming from the source address(es) of malicious activity, and restarting connections. It is important to note that an effective intrusion prevention system must be efficient to avoid hindering network performance. In addition, intrusion prevention systems must work quickly and accurately in order to catch malicious activity in real time and avoid false positives.
How do Intrusion Prevention Systems Detect Malicious Activity?
Intrusion prevention systems have various ways of detecting malicious activity, however the two predominant methods are signature-based detection and statistical anomaly-based detection. The signature-based detection method used by intrusion prevention systems involves a dictionary of uniquely identifiable signatures located in the code of each exploit. There are two types of signature-based detection methods for intrusion prevention systems as well: exploit-facing and vulnerability-facing. Exploit-facing methods detect malicious activity based on common attack patterns, whereas vulnerability-facing methods attempt to detect malicious activity by identifying specific vulnerabilities. On the other hand, intrusion prevention systems that rely on statistical anomaly-based detection randomly sample network traffic and then compare the samples to a predetermined baseline performance level.
Intrusion Prevention System Comparison
There are four common types of intrusion prevention systems. The first type of intrusion prevention system is called a network-based intrusion prevention system (NIPS). This type of intrusion prevention system has the ability to monitor the whole network and look for suspicious traffic by reviewing protocol activity. In contrast, wireless intrusion prevention systems (WIPS) only monitor wireless networks for suspicious activity by reviewing wireless networking protocols. A third type of intrusion prevention system is called network behavior analysis (NBA). Network behavior analysis looks at network traffic in an effort to locate threats that cause unusual traffic flows, including distributed denial of service (DDoS) attacks and policy violations. The last common type of intrusion prevention system is host-based intrusion prevention systems (HIPS). A host-based intrusion prevention systems is an installed software package that looks into suspicious activity that occurs within a single host.
Best Intrusion Prevention System
The intrusion prevention system market has a very wide product offering. This makes choosing the best intrusion prevention system a quite difficult task. In an effort to reduce the complexity of choosing the best intrusion prevention system for you, it essential to set a budget, define the requirements that your new system will need to fulfill, and do your research on the different intrusion prevention systems on the market. Keep in mind that an intrusion prevention system is a standalone technology and not a comprehensive security solution. While an IPS can be a valuable technology for detecting malicious activity on networks, an effective security program should leverage additional technologies and resources for data protection, endpoint security, incident response, and more.
Data Security Knowledge Base
What is Data Encryption?
Encryption is a data security technique that converts electronic data in to ciphertext so that it can only be understood after being decoded (decrypted) by authorized parties. The goal of encryption is to provide protection to sensitive digital data that is stored on a computer or transmitted across networks. Today, encryption algorithms are widely used as a key component of data security for IT systems and communications.
Data encryption can be used to secure data that is located on media, in storage, or in transit. Data encryption is a popular approach to protecting data that resides on any type of digital media storage device such as USB devices and hard drives. Data encryption temporarily decrypts the data when it is being used and then encrypts it again when the user is finished.
Data encryption is used to inhibit outsiders from reading, modifying, or duplicating encrypted data. Encrypted data can still be viewed in a file listing, but prohibits unauthorized persons from reading file contents. Even if stolen, encrypted data remains unreadable unless it can be decrypted. An important aspect of data encryption to keep in mind is that data encryption doesn’t protect files from being deleted. Therefore, it is recommended that all encrypted data is backed up, and that data encryption be employed as one facet of a defense-in-depth security strategy.
Without email encryption, employees can accidently or purposely leak sensitive information by sharing it via email. When dealing with regulatory compliance, a remote workforce, and project outsourcing, email encryption allows for a secure way to share information. Email encryption usually uses public-key cryptography. This is where the user has a public key that other anyone canuse to encrypt email messages, but only a unique private key can be used to decrypt the messages they receive. Symmetric key encryption, also known as private key encryption, is a less popularmethod that uses the same, unique key for both encryption and decryption.
Encryption software encodes computer data so that it only can be retrieved using a specific key. There are various types of encryption software for both business and personal use. There are many encryption tools for personal use that are open source and free to use, while enterprise-grade encryption software is typically sold by software security vendors. Additionally, most encryption software programs provide different versions and features in an effort to better fit the encryption needs of the user.
With all the different choices available, choosing the right encryption software can be difficult. When deciding on what encryption software is right for you or your company there are some things to consider. For personal use, free open source encryption software is usually enough to take care of the user’s encryption needs. However, for businesses, especially those with employees or third parties that communicate frequently from multiple locations, enterpsie-grade encryption software choices might be necessary. It is important to do your research when comparing data encryption software tools. There are many online sources for encryption software reviews that break down the software product, compare price points, and provide customer testimonials.
Encryption Security Threats
The main issue with encryption is the threat of an attack by a hacker. The most basic method hackers use to gain access to encrypted information is brute force, or simply trying every possible key until the right one is entered. Since the length of the key reflects the number of possible keys, the longer the key, the more difficult it is for the hacker to discover the right decryption key. A second method of breaching encrypted information is called a side-channel attack, where the attacker finds an error in the encryption system’s design or execution. There are also many decryption or cracking technologies available that can help hackers decrypt sensitive information much more efficiently.
Digital Guardian for Windows
The DG Windows Agent has been protecting data in Windows operating system environments for more than ten years. Learn about the most complete data protection for Windows.