With the frequent occurrence of data security incidents, the current security situation in various industries is becoming more and more severe. However, the most damaging security threats are not external attacks or malware, but internal employees with access to sensitive data and systems.
According to the content collected by the security internal reference platform, internal threat incidents have occurred frequently in various industries in recent years, but the situation in different industries is quite different.
Industries with highly sensitive personal information: operators, banks, public security, etc., have more restrictions on data query and download, and the risk of data query is the most serious, followed by selling data;
Industries with sensitive information in daily life: schools, hospitals, logistics, etc. have weak awareness and ability of information risk management and control, and the risk of selling data is the most serious;
Intermediary industries: real estate, insurance, headhunting, etc., the private exchange of user data has become flooded;
l Emerging technology industries: the Internet, biology, intelligent manufacturing, etc., the main risk is the leakage of the company's intellectual property data.
Insider threats mainly refer to the negative impact on the property and reputation of the enterprise caused by the employees of the enterprise through the theft of sensitive data, abuse of access rights or fraud.
Insider Threats Primarily From Data Usage
So, what are the reasons for the frequent occurrence of insider threat incidents?
Analyze from the perspective of the whole data life cycle:
Data will have different risks in the process of collection, transmission, storage, use, sharing, and destruction. However, traditional security devices have a certain foundation for data collection, transmission, storage, and destruction. Security is relatively lacking.
At the same time, due to the great fluidity of data use, complex application system scenarios, and imperfect personnel authority control, the pain points and difficulties in data security construction often focus on data use and sharing security. In the process of data usage, insider threats emerge quietly.
Analysis from the perspective of data flow space:
From a spatial perspective, around the entire data transfer process, data security protection needs to take into account the security of the terminal domain, application domain, storage domain, hardware domain, and the flow and transmission process among them. Relatively high risk occurs in the application domain, which mainly includes various application system login, access, query, download, export, etc. The current market generally lacks good solutions in the application domain because it involves a large number of systems and scenarios.
How to protect data usage security
Therefore, internal threats mainly come from the use of data, so how can enterprises protect the security of data use?
Taking the data use security practice of a commercial bank as an example, based on the data use security management and control platform independently developed by Jidun Technology - Jidun·Mizong and an in-depth understanding of customer needs, the application system data use security monitoring solution was finally completed.
First of all, sort out the needs of the bank, mainly in two aspects.
The first is compliance requirements: layout in advance and respond to data security-related supervision, evaluation, and audit-related requirements.
The second is business requirements: there are a large number of business application systems (including CRM, transaction systems, risk information systems, etc.) in the industry that involve sensitive customer data, and currently there is no application access monitoring capability at all; A large number of sensitive data leakage risk points.
Secondly, based on the specific business of the bank, several core systems were selected for implementation first, mainly because these systems have relatively dense sensitive data, a large amount of personal financial information, and complex personnel. For these systems, starting from employee login, all key operating behaviors of employees in the system are monitored in real time and risk identification is carried out throughout the process.
Risk identification is mainly for real-time monitoring during the process, including account risk identification, interface risk monitoring, data access behavior detection, data copy cutoff detection, data export behavior detection, etc.
The implementation of the application system data security monitoring solution was highly recognized by the person in charge of the bank's information security. He commented: "Jidun Technology has strong product capabilities and practical experience in internal data security control. The implementation of Mitrace helps us The project goal of adequate defense and risk control in advance, real-time management and control of malicious behavior during the event, and quick traceability and determination of responsibility after the event has been well realized."
How to realize the implementation of data security protection
So, how is the implementation of data security protection implemented?
Combined with years of practical experience in data security, data use security needs to grasp the three cores of "who is using it, what is being used, and how to use it " . Based on the zero trust framework and the analysis of user and entity behavior based on the artificial intelligence model , an active security prevention and control system for data use is built for the whole process of data use in internal applications.
1. People-centered: In the process of using and accessing system data, people are the main actors. By collecting "dynamic" behavioral information, environmental information and relatively "static" personnel authority, organizational structure, job department and other information, a personnel system is constructed. Subject portrait to identify personnel risks.
2. Focusing on business scenarios: Through the mining of behavioral characteristics of internal personnel in different dimensions such as account numbers, permissions, access behaviors, and data operations, identify abnormal data access risks and achieve precise positioning and judgment.
3. Based on data classification and grading: through the introduction of data security gateways, based on sensitive identification and classification and grading rules in the process of data access and use, identify the importance and sensitivity of currently accessed data, so as to carry out targeted protection.
4. User and Entity Behavior Analysis (UEBA) is the starting point: Behavior analysis technology based on the zero trust framework and artificial intelligence model can efficiently identify behavioral risks in data usage, and respond to alarms in real time, and link relevant business systems to deal with risks when necessary Behaviors are effectively blocked and intercepted.
The realization of all this requires the support of a comprehensive data security internal control platform overall framework, which we divide into two planes. They are control plane and data plane respectively.
❥ Data plane: Realize behavioral data collection, sensitive data identification, and real-time data dynamic desensitization protection through the "application data dynamic access proxy gateway".
❥ Control plane: Based on real-time analysis of behavioral data, security risks are discovered, alarms are generated, and responses are executed.
The data use security management and control platform can cover the entire process of internal employee login, query, download, batch export, pull, and permission modification through asset sorting beforehand, real-time monitoring during the event, and investigation and tracing after the event. To the effect of active security prevention and control.
The construction of a data security use management and control platform allows businesses to use data in a safe and controllable manner, and restores the true "data freedom" of businesses, making internal threats nowhere to hide.