By Ivan Lee, Director of Sales Engineering, APJ at CounterTack
Since May 2018, more than half of all companies in the world have been affected by the EU’s new GDPR regulations. Businesses with no offices in the EU still need to abide by regulations if they do business or have staff inside the EU. These days, C-level executives are working hard to make sure their companies comply with GDPR regulations while also mitigating the risk of a security breach.
Within GDPR rules, there are many regulations one must comply with. One of the major requirements that companies need to be aware of is Incident/Breach Response. Article 33 requests that companies need to notify all personal data breaches to supervisory authorities within 72 hours. Companies must provide the following details:
- The nature of the personal data breach including where possible, the categories and approximate number of data subjects affected, and the categories and approximate number of personal data records impacted.
- The name and contact details of the data protection officer or another point of contact in case more information is needed.
- A description of the likely consequences of the personal data breach.
- A description of the measures taken or proposed by the controller to address the personal data breach, including where appropriate, measures to mitigate possible adverse effects.
In my conversations with CSO or SOC managers, most of them mention that their current traditional security systems/gateways are not sufficient to comply with GDPR. Most of their current systems consist of traditional security solutions such as AntiVirus, which alone is NOT enough to detect insider, unknown, or zero-day malware. Additionally, these products are not able to provide detailed forensic data; they cannot help CSO/SOC managers give detailed reports to supervisory authorities within 72 hours. CSO/SOC managers need to know how quickly the malware came in, the exact consequences of the breach, and the appropriate next steps to take.
An EDR (Endpoint Detection & Response) solution will be the key. CounterTack’s EDR big data behavior engine will monitor, alert, and respond to endpoint security breaches and assist you step by step.
Example 1: An insider, John, tries to steal a few invoice files with customers’ personal information. CounterTack’s EDR big data behaviour engine is able to detect, alert and stop John from stealing those customers’ personal data files.
Below you can see CounterTack EDR behaviour engine has detected John’s attempt to copy the Invoice1.doc file to a USB external storage (Kingston DataTraveler 2.0, Serial Number 0B0E1491E807)
Then CounterTack EDR stops John in his tracks. In the below console, you can see CounterTack EDR deleted all the Invoice files from the external USB storage and successfully stopped John from violating policy.
Now the SOC manager can easily write detailed security breach reports quickly and hand them to the supervisory authority within 72 hours.
Example 2: A zero-day malware attack has installed a keylogger into an endpoint to try to steal sensitive company information.
In the case below, CounterTack’s EDR behavior engine has detected phishing and a malware installation on an endpoint. CounterTack’s Digital DNA® (DDNA) memory behavior engine automatically reverse engineers memory binary images and examines code for potentially malicious behavioral traits & threats.
The victim downloaded malware from an internal source:
CounterTack DDNA automatically reverses engineers the memory images and shows the message: “This program installs hooks into the Windows Messaging chain. This is very common with keyloggers but can be used for any Windows message type.”
Now the SOC manager can use CounterTack EDR’s conclusion to write up the report to supervisory authorities within 72 hours and propose how to mitigate it.