Data Loss Prevention

 View Only
  • 1.  Can we use Data Loss Prevention (DLP) to Protect encryption keys?

    Posted Feb 16, 2017 03:32 AM

    I would like to setup DLP in Network taping mode to identify and protect if someone is sending the encryption keys outside to organization.

    Is it possible to configure such rule in the DLP policy? 



  • 2.  RE: Can we use Data Loss Prevention (DLP) to Protect encryption keys?

    Trusted Advisor
    Posted Feb 16, 2017 04:11 AM

    hello,

     yes it is possible, encryption keys are usually only flat text file so you can analyze content / format. so you could:

    - search for specific filename

    - search for simple keywords in files (e.g. "-----BEGIN RSA PRIVATE KEY-----")

     

    you may edit one of your companys private keys on order to check exact format especially if you want to go deeper in content analysis (like using a DI with a custom validator or a regexp)

     

     regards

     



  • 3.  RE: Can we use Data Loss Prevention (DLP) to Protect encryption keys?

    Posted Feb 16, 2017 05:38 AM

    Thanks Stephane...

    Can you also suggest, if I can achieve that by EDM (Exact Data Matching),  IDM ( indexed Data Matching) or DCM (Described Content Matching)?



  • 4.  RE: Can we use Data Loss Prevention (DLP) to Protect encryption keys?

    Broadcom Employee
    Posted Feb 16, 2017 10:36 AM

    In additon to Stephanie's suggestions for generic key matching, if you have specific keys that you want to protect you can use an IDM and then use partial match to detect attempts to obsucate the key. If someone is trying to leak the key outside they will likely try ot send it in parts instead of as a single intact key file. As the private keys are obviosuly a concern you could use the remote IDM indexer to generate the index so as not to compromise the keys by placing them in full view on an internet accesible system.



  • 5.  RE: Can we use Data Loss Prevention (DLP) to Protect encryption keys?

    Trusted Advisor
    Posted Feb 17, 2017 05:32 AM

    EDM wont be right way to do it for sure....IDM is a good idea (if you are able to get access to all private keys you want to protect or the most sensitive one)...DCM will work , you just need to find pattern or keywords to look for.

     You may also look at what you did not find in document. Like looking for a plain text file without any of the most common keyword in different language or without any punctuation (as if i am not wrong . , ; are not allowed in private key definition)