2 cissp ® Official Study Guide Eighth Edition

782
Chapter 17 
■
Preventing and Responding to Incidents
looking for steganography attempts, and using watermarking to detect unauthorized 
data going out.
Advanced attackers, such as advanced persistent threats sponsored by nation-states, 
commonly encrypt data before sending it out of the network. This can thwart some com-
mon tools that attempt to detect data exfiltration. However, it’s also possible to include 
tools that monitor the amount of encrypted data sent out of the network.
Data Loss Prevention
Data loss prevention (DLP)
systems attempt to detect and block data exfiltration attempts. 
These systems have the capability of scanning unencrypted data looking for keywords 
and data patterns. For example, imagine that an organization uses data classifications of 
Confidential, Proprietary, Private, and Sensitive. A DLP system can scan files for these 
words and detect them.
Pattern-matching DLP systems look for specific patterns. For example, U.S. social secu-
rity numbers have a pattern of nnn-nn-nnnn (three numbers, a dash, two numbers, a dash, 
and four numbers). The DLP can look for this pattern and detect it. Administrators can set 
up a DLP system to look for any patterns based on their needs.
There are two primary types of DLP systems: network-based and endpoint-based.
Network-Based DLP
A network-based DLP scans all outgoing data looking for specific 
data. Administrators would place it on the edge of the negative to scan all data leaving 
the organization. If a user sends out a file containing restricted data, the DLP system will 
detect it and prevent it from leaving the organization. The DLP system will send an alert, 
such as an email to an administrator.

Download 19,3 Mb.

Do'stlaringiz bilan baham: