Data Loss Prevention and Anti-Virus for SSH, SFTP, Remote Desktop
Data loss prevention (DLP) systems are employed to counter the risk of valuable or sensitive data ending up in possession of unauthorized parties. Network Data Loss Prevention (DLP) tools and anti-virus products typically monitor the network traffic at designated network entry/exit points and uses predefined criteria to filter the sensitive data from the flow of traffic. Once identified the data loss prevention tool takes action to stop the data transfer in real time, and typically triggers an alert on the detected attempt.
Encrypted Protocols and Data Loss Prevention Tools
While the approach above works for most normal traffic, it struggles when encrypted network protocols (such as SSH (Secure Shell), SFTP (SSH File Transfer Protocol), RDP (Windows Remote Desktop), or SSL/TLS) are used. Encryption
blinds the data loss prevention software's interception and filtering tools and renders them incapable of reacting to illegitimate transfers of protected data.
Encrypted communications protocols, such as the SSH protocol, utilize modern encryption algorithms to hide the transferred data. While this guarantees data privacy and confidentiality, it also prevents traditional data loss prevention tools and anti-virus systems from seeing the transferred data and files.
Overcoming Encryption in DLP Software
CryptoAuditor provides visibility, control, and recording of what happens inside encrypted sessions. It can observe traffic inside SSH, Remote Desktop, and SSL/TLS sessions and filter the content of the encrypted protocol stream to enforce a corporate DLP policy. This enables internal auditors, forensics investigations, and early warning analytics systems to inspect the contents of the sessions.
CryptoAuditor uses the ICAP to integrate with data loss prevention systems. This protocol is supported by most commercial DLP and anti-virus products. CryptoAuditor can use it for both alerting and for preventative DLP.
Enhancing DLP Systems - CryptoAuditor
Modern malware is sophisticated, and the trend is towards more and more complex attacks that combine multiple protocols, approaches, and techologies. Attackers are well aware and educated on modern information security technologies and make extensive use of the same tools their counterparts at corporate IT departments use.
Data loss prevention solutions that do not address encrypted connections are not sufficient to meet the real-life demands of today. Most DLP solutions can be siginificantly improved by extending their reach into the encrypted protocols. CryptoAuditor from SSH Communications Security offers a transparent solution for monitoring, controlling, and auditing encrypted connections. With integration to data loss prevention solution CryptoAuditor allows the corporate DLP policy to cover also the threats that are hidden under the cover of encryption.