Data Exfiltration in Government Organizations

Friday, August 24, 2018

It’s no secret that US Government Agencies are feeling the pressure – with relentless cyber-attacks – both nation state and otherwise, they are having to strengthen their security posture like never before – in fact, the Federal government has just awarded a $1billion contract to Booz Allen to fortify cyber defenses across a number of key agencies. Now more than ever it’s critical that agencies are equipped with the technology necessary to protect confidential and valuable data yet judging from the 2018 Federal Cybersecurity Risk Determination Report and Action Plan from the OMB, there are a number of key shortcomings – and one of these is monitoring data loss and exfiltration. 

During the risk assessment, the report found that 73 percent of agency programs are either at risk or high risk in this critical area.  In addition, only 40 percent of agencies reported the ability to detect the encrypted exfiltration of information at government wide target levels. Only 27 percent of agencies report that they have the ability to detect and investigate attempts to access large volumes of data, and even fewer agencies report testing these capabilities annually. Simply put, agencies cannot detect when large amounts of information leave their networks. 

So then, what can government agencies, and other organizations do to improve their ability to detect when large amounts of information leave their networks? The answer is email data loss prevention that has rules written specifically to detect and prevent IP, PII and classified information from leaving the organization via email.  

In this blog post, we’ll explore how the use of email DLP can help large organizations – whether federal or not – feel more confident in their ability to detect and investigate data exfiltration attempts.  

Employees can access email from any device — on the road, at home, or at the office. But this shouldn’t come at the expense of data security. Detecting malicious activity and data exfiltration via email can be challenging, especially if traffic is encrypted, but it can be achieved reliably with the use of email DLP. For this blog, I’ll use the Fidelis Mail Sensor as the example – because it’s the solution I know and love, and heck – everyone needs a shameless plug once in a while.  

The Fidelis Mail Sensor works by monitoring and analyzing simple mail transfer protocol (SMTP) traffic to detect and protect against threats buried in email messages and attachments by quarantining or dropping messages that violate policy. The mail sensor then initiates analysis once the entire email message is received from the downstream Mail Transfer Agent (MTA), so that a single action can be taken against any security violation.  

In fact, the Fidelis Mail Sensor can also be deployed in the cloud to examine Office 365 mail traffic to and from a Microsoft Exchange® server. Every email message is scanned in its entirety and analyzed by Fidelis’ proprietary threat intelligence and Malware Detection Engine — including signature, heuristic, sandbox, and machine learning analysis — to identify any inbound and outbound threats such as malware, malicious attachments, and all importantly - data leakage. The Fidelis Mail Sensor goes beyond traditional email security tools to inspect content and detect threats and data leakage buried deeply within email messages and attachments.  

In conclusion, this solution can provide a deep level of visibility into content transferred in and out and with the ability to analyze encrypted traffic – the risk associated with data loss is dramatically reduced. Government agencies may be at a high-risk level now. But with new technology being developed to help answer these ever-changing issues – there is no reason why the risk associated with data loss should continue.  

- Sam Erdheim
Vice President of Marketing