A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire - Micah Brown (Circle City Con 2019 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire
Micah Brown

Circle City Con 2019

1. What is Data Governance (3 min)
2. Data Governance policy enforcement tools (10 min)
a. File and user access integrity scanner
b. File / drive encryption with Key management
c. Data Classification tools
e. DLP Client Endpoint
f. DLP Network Sniffers
g. DLP Repository Scanner (file share, web file store, DB, etc)
h. DLP Email
i. DLP Web
j. DLP incident ticketing system with evidence
k. Overlaps
3. Define your goals - Even IT Security Management will be confused when it comes to the vast options presented by Data Governance. It is our job to inform them of impacts to potential decisions and guide them to understand implications. (5 min)
a. Lead the project from the Engineer / Analyst up
b. What to features to turn on / configure
c. How do you handle alerts: Active vs Historical
d. Rules / Law / Regulations and unexpected implications - personal data, HIPPA, PCI, etc
e. Making a very juicy attack target for red team / adversary
f. Bring all parts of company as part of decisions (HR, Compliance, Legal, IT, and Business)
4. The great potato event of April 2017 (5 min)
a. Separate Test / Pilot / Prod
b. Increased cost of micro fragmentation on a global scale
c. How do you find balance in the Data Governance tools
5. Residual cost of Solution - Our initial ruleset was generating on average 100 incidents per user per day. By default, we estimated that a single Data Governance Analyst could review one incident every five minutes (12 incidents per hour, 96 incidents per day). True incidents will take longer. (5 min)
a. Present costs as quantifiable (with our current ruleset you will need 4,235 Data Governance analysis working in perfect synchronicity with no duplication of effort)
b. Default Data Governance Rule STINK
c. Learn to love REG-EX (https://regex101.com, or 2017 Derbycon Matt Scheurer - Regular Expressions Overview)
d. Danger of tuning / “over”-tuning
i. Hot button patterns: Driver’s License and Credit Card are very challenging to tune
ii. Is the juice worth the squeeze?
iii. If you exempt the “Datastar 3000” drive from DLP, then can go to retail store and order that make / model
6. Weaponize-ing the end users (building a culture in which the end user acts as a data classification advocate) (3 min)
a. Why data classification is the answer to a mature solution
b. Challenges in weaponizing the end users
7. Let’s build a policy (10 min)
a. I will model a galactic Data Governance policy roughly inspired by Frank Herbert’s Dune Universe where we have five planets that each have different allegiances (allies and enemies status) with the other four planets. I drew great inspiration in this part by Magic the Gathering’s color pie (https://magic.wizards.com/en/articles/archive/making-magic/mechanical-color-pie-2017-2017-06-05) as the roles / personalities and interactions between the colors are one of the fundamental pillars of the game. However, leveraging a galactic civilization is more relatable to most people.
i. A is an ally of planets B & E but enemies of planets D & C
ii. B is an ally of planets A & C but enemies of planets E & D
iii. C is an ally of planets B & D but enemies of planets A & E
iv. D is an ally of planets C & E but enemies of planets A & B
v. E is an ally of planets A & D but enemies of planets B & C
vi. At a high level each planet will have a data classification public, diplomatic, confidential, diplomatic, and confidential
1. Public information can be shared with everyone
2. Diplomatic can be shared with everyone but must have integrity and non-repudiation.
3. Confidential can be shared internal within the planet or with allied planets.
4. Confidential can not be shared outside of planet of origin.
b. I will show some strategies to visualize and document these policies
c. Building
8. How to detect / bypass a Data Governance solution (3 min)
a. Most Governance client solutions can create incidents on a read, write, execute but can it detect an encrypt - need to test
b. High cost of decrypting network traffic
i. Hardware
ii. Latency
iii. New vulnerability
c. If can, steal the incident

Micah K Brown is a member of the IT Security Engineering team at American Modern Insurance, part of the Munich RE Group. Over the past two years he has served as the lead Engineer on the DLP implementation for Data Loss Prevention for the Munich RE organizations located in North and South America. In this role Micah has learned the many intricacies of what works in a successful DLP project. In his free time, Micah serves on the Greater Cincinnati ISSA Chapter as Vice President. Micah graduated from the University of Cincinnati and holds an active CISSP.

Back to Circle City Con 2019 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast