Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Data Loss Prevention

Use a data loss prevention (DLP) strategy to categorize sensitive data, identify data formats indicative of personal identifiable information (PII), and restrict exfiltration of sensitive data.(Citation: PurpleSec Data Loss Prevention)

ID: M1057

Version: 1.0

Created: 04 Aug 2021

Last Modified: 30 Aug 2021

Domain	ID		Name	Use
Techniques Addressed by Mitigation
Enterprise	T1020	T1020.001	Automated Exfiltration: Traffic Duplication	Implement Data Loss Prevention (DLP) solutions to monitor, detect, and control the flow of sensitive information. DLP tools can be configured to block unauthorized attempts to exfiltrate data, such as preventing emails from being forwarded to external recipients or monitoring for suspicious data transfers. By creating email flow rules and applying policies to detect anomalies, DLP solutions help mitigate the risk of data exfiltration over alternative protocols.
Enterprise	T1005		Data from Local System	Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted.
Enterprise	T1025		Data from Removable Media	Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted.
Enterprise	T1048		Exfiltration Over Alternative Protocol	Data loss prevention can detect and block sensitive data being uploaded via web browsers.
		T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Data loss prevention can detect and block sensitive data being uploaded via web browsers.
		T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	Data loss prevention can detect and block sensitive data being sent over unencrypted protocols.
Enterprise	T1041		Exfiltration Over C2 Channel	Data loss prevention can detect and block sensitive data being sent over unencrypted protocols.
Enterprise	T1052		Exfiltration Over Physical Medium	Data loss prevention can detect and block sensitive data being copied to physical mediums.
		T1052.001	Exfiltration over USB	Data loss prevention can detect and block sensitive data being copied to USB devices.
Enterprise	T1567		Exfiltration Over Web Service	Data loss prevention can be detect and block sensitive data being uploaded to web services via web browsers.
		T1567.004	Exfiltration Over Webhook	Data loss prevention can be detect and block sensitive data being uploaded to web services via web browsers.
Enterprise	T1537		Transfer Data to Cloud Account	Data loss prevention can prevent and block sensitive data from being shared with individuals outside an organization.(Citation: Microsoft Purview Data Loss Prevention) (Citation: Google Workspace Data Loss Prevention)

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Data Loss Prevention

Techniques Addressed by Mitigation

References