SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, October 13, 2009

"Protect the Data" -- What Data?

Posted on 4:14 AM by Unknown
This is another follow-on from my "Protect the Data" Idiot! post. If you think about the "protect the data" mindset, it's clearly a response to the sorts of data loss events that involve "records" -- credit card records, Personally Identifiable Information (PII), and the like. In fact, there's an entire "product line" built around this problem: data loss prevention. I wrote about DLP earlier this year in response to the rebranding effort taken by vendors to make whatever they sold part of the DLP "solution."

What's interesting to me about "protect the data" in this scenario is this: "what data?" Is your purpose in life to keep PII or other records in a database? That's clearly a big problem, but it doesn't encompass the whole security problem. What about the following?

  • Credentials used to access systems. For example, intruders often compromise service accounts that have wide-ranging access to enterprise systems. Those credentials can be retrieved from many locations. How do you protect those?

  • Systems that don't house PII or other records, but do serve critical functions. Your PBX, HVAC control system, routers, other network middleboxes, etc., are all important. Try accessing "data" without those devices working.

  • Data provided by others. The enterprise isn't just a data sink. Users make decisions and work by relying on data provided by others. Who or what protects that data?


Those are three examples. If you spend time thinking about the problem you can probably identify many other forms of data that are outside the "DLP" umbrella, and outside the "protect the data" umbrella.
Email ThisBlogThis!Share to XShare to Facebook
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Mandiant Webinar Wednesday; Help Us Break a Record!
    I'm back for the last Mandiant Webinar of the year, titled State of the Hack: It's The End of The Year As We Know It - 2011 . And y...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • Hakin9 04/2009 Issue
    I just received a review copy of the 04/2009 Hakin9 magazine. I am most interested in reading part two of Tyler Hudak 's article on au...
  • Human Language as the New Programming Language
    If you've read the blog for a while you know I promote threat-centric security in addition to vulnerability-centric security. I think ...
  • Guest Post on SecureThinking about Cyber Shockwave
    BT asked me to write a guest post on their blog, so I provided a new Reaction to Cyber Shockwave . I hadn't really addressed one of the...
  • Review of Web Security Testing Cookbook Posted
    Amazon.com just posted my five star review of Web Security Testing Cookbook by Paco Hope and Ben Walther. From the review : I just wrote ...
  • Review of The Web Application Hacker's Handbook Posted
    Amazon.com just posted my five star review of The Web Application Hacker's Handbook by Dafydd Stuttard and Marcus Pinto. From the rev...
  • Bejtlich Returns to PaulDotCom Podcast
    The guys at PaulDotCom posted the podcast .mp3 (39 MB) they conducted last week . It was another debate between myself and Ron Gula. We ...
  • Bejtlich Teaching Special Session of TCP/IP Weapons School at GTEC DC
    Through a custom arrangement with Black Hat I am pleased to announce that I will teach a special session of TCP/IP Weapons School 3.0 at t...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ►  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ▼  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ▼  October (21)
      • Bejtlich and Bradley on SANS Webcast Monday 2 Nov
      • Partnerships and Procurement Are Not the Answer
      • Initial Thoughts on Cloud A6
      • Wednesday is Last Day for Discounted SANS Registra...
      • Review of Hacking Exposed: Web 2.0 Posted
      • Review of Web Security Testing Cookbook Posted
      • Review of SQL Injection Attacks and Defense Posted
      • Review of The Web Application Hacker's Handbook Po...
      • "Protect the Data" from the Evil Maid
      • Report on Chinese Government Sponsored Cyber Activ...
      • DojoCon to Stream Talks Live
      • Bejtlich Teaching at Black Hat DC 2010
      • "Protect the Data" -- What Data?
      • "Protect the Data" Where?
      • "Protect the Data" from Whom?
      • "Protect the Data" Idiot!
      • NSM in Products
      • Technical Visibility Levels
      • Hakin9 5/2009 Issue
      • Incident Handler, Incident Analyst, Threat Analyst...
      • Traffic Talk 7 Posted
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile