Demo - Find and Stop Data Exfiltration
Exfiltration of sensitive data poses risk for any organization. The cloud makes it easy to download and share data and one specific scenario poses extra risk as it often goes undetected. This is when exfiltration of data takes place from a sanctioned cloud service to a user’s personal cloud app.
Here we have a user logged into their corporate sanctioned cloud storage service, which is Box. The user downloads sensitive data, which is ok since this particular cloud service has been sanctioned by IT.
However, the user takes the data they just downloaded and uploads it to their personal cloud app. This is a frightening scenario given the fact that cloud security tools are often blind to activities that take place outside of the sanctioned cloud service.
Netskope can uniquely provide granular visibility of activities taking place across both sanctioned and unsanctioned cloud services. The Netskope active platform detects risky scenarios such as data exfiltration taking place from a sanctioned to an unsanctioned cloud service and reports an anomaly.
Here we see the summary of the event along with the sequence that involves a specific user downloading a specific piece of content from Box and uploading it to Dropbox. We get details about who the user is, the sequence of events, and what device they used.
We can pivot over to SkopeIT, which is Netskope’s event-by-event monitoring tool to get more detail about what took place. Here we see where the user downloaded the data from Box and uploaded the same data to his personal cloud app.
We can zoom into the details to get detailed information about the user including the association between the user’s corporation credentials and their personal credentials. This is a critical step to identifying a cross application data exfiltration event.
For the application, Netskope can uniquely tag and identify instances of cloud services. In this case, we see that the user downloaded the data from the sanctioned instance of Box.
We can also zoom into the event involving the exfiltration that took place into the user’s personal cloud app.
The next step might be to leverage Netskope’s contextual policy engine to prevent data exfiltration activities from taking place with this type of content to this type of unsanctioned cloud service. We will save that step for another demo.