Data Loss Prevention
Use a data loss prevention (DLP) strategy to categorize sensitive data, identify data formats indicative of personal identifiable information (PII), and restrict exfiltration of sensitive data.[1]
Techniques Addressed by Mitigation
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1005 | Data from Local System |
Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted. |
|
| Enterprise | T1025 | Data from Removable Media |
Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted. |
|
| Enterprise | T1048 | Exfiltration Over Alternative Protocol |
Data loss prevention can detect and block sensitive data being uploaded via web browsers. |
|
| .002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
Data loss prevention can detect and block sensitive data being uploaded via web browsers. |
||
| .003 | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
Data loss prevention can detect and block sensitive data being sent over unencrypted protocols. |
||
| Enterprise | T1041 | Exfiltration Over C2 Channel |
Data loss prevention can detect and block sensitive data being sent over unencrypted protocols. |
|
| Enterprise | T1052 | Exfiltration Over Physical Medium |
Data loss prevention can detect and block sensitive data being copied to physical mediums. |
|
| .001 | Exfiltration over USB |
Data loss prevention can detect and block sensitive data being copied to USB devices. |
||
| Enterprise | T1567 | Exfiltration Over Web Service |
Data loss prevention can be detect and block sensitive data being uploaded to web services via web browsers. |
|