Data Theft
Use this section to detect when data is being leaked due to malware or malicious transactions. When you select these options, the cloud service searches for and reports on outbound passwords, encrypted files, network data, and other types of information that could be indicative of a malicious act.
To see if your organization is at risk for data theft:
Steps
-
Select the types of data to look for.
Information Type Description Common password information Searches for outbound passwords in plain text Encrypted files - known format Searches for outbound transactions comprising common encrypted file formats Encrypted files - unknown format Searches for outbound files that were encrypted using unknown encryption formats IT asset information Searches for suspicious outbound transactions, such as those containing information about the network, software license keys, and database files. Suspected malware communication Identifies traffic that is thought to be malware “phoning home” or attempting to steal information. Detection is based on the analysis of traffic patterns from known infected machines. Password files Searches for outbound password files, such as a SAM database and UNIX / Linux passwords files - Select an action to take when matching data is detected. Select Block to prevent the data from being sent through the web channel. Select Monitor to allow it. (Incidents are created either way.) You can filter by action in the Data Security Incident Manager.
-
Select a sensitivity to indicate how narrowly or widely to conduct the search.
Select Wide for the strictest security. Wide has a looser set of detection criteria than Default or Narrow, so false positives may result and performance may be affected. Select Narrow for tighter detection criteria. This can result in false negatives or undetected matches. Default is a balance between the two.
Some data theft classifiers cannot be changed from their default setting. Severity is automatically calculated for these types.