It would depend on the policy.
It would depend on the policy.
Most companies contract with a third-party to do the classification for them. There's just too many domains out there to try to manage something like that manually.
Well for starters, most of that work is done by our compliance folks. The group that I'm in just manages the infrastructure.
I'm fairly confident thought that spreadsheets would easily be detectable provided the information wasn't encrypted within the spreadsheets.
Most of the alerts are generated by folks themselves doing personal business while at work.
As for the stuff we might not be able to detect - again - encryption is key (pun intended).
But in all honesty a lot depends on the data classification, which is set by the data owner.
Confidential data is supposed to be encrypted while the data is at rest and while it's in motion.
In that regard the data leakage products aren't going to see it.
(Yes I know a malicious actor could just as easily encrypt our own precious data and send it to themselves undetected.)
Look, security is a balancing act. A company could make their network more secure than it is but no work could get done if they did. No company can be expected to plug all the holes that might exist, but you look for the highest risks with the largest impacts and you mitigate those risks accordingly.
I just checked. Turns out ours can do it too but I don't remember ever seeing it on a roadmap of something to turn on.
Not sure what benefit it would provide us anyway tbh.
Actually it's important for any publicly traded companies.
It's not just HIPAA, but also Sarbanes-Oxley, GLBA, the SEC, and a myriad of other pesky CFRs.
LOL. Because it's not wiretapping when you're sniffing the communication going on your own private network.
For my Company, we're looking for patterns indicative of SSNs, credit card numbers, and certain keywords such as "confidential", "proprietary", or other keywords that refer to sensitive internal projects or other sensitive company information.
And Googling for information isn't "data leakage", because your activity is bringing information INTO the company (from the results of your Google search) so we don't care a lot about that.
SSH can't be proxied like SSL traffic. The reason SSL traffic works is precisely because of the existence of a wildcard certificate issued from a Trusted Root CA. (I also manage our PKI too).
But SSH — as a matter of good practice — should be heavily restricted. In other words, good security policy dictates you don't let anyone on your network blithely open up an outgoing SSH connection to any host on the Internet.
Agreed. But the OP's Ask Slashdot isn't about Data Leakage, it's about SSL proxying.
Now, if you WANT to have a discussion about Data Leakage, well then grab a cup of coffee and pull up a chair.
I do this shit for a living.
Considering that I actually do this (Internet filtering) for a living for a medium-sized company let me tell you why we do it.
We're concerned about an employee either accidentally or maliciously transferring customer data or other sensitive data to an unauthorized party.
We're also acutely aware of the liabilities and sensitivities imposed by us breaking the SSL channel, inspecting the payload, and then re-encrypting it on our employees behalf, which is why we go out of the way NOT to break the chain for sites that are healthcare or financial related.
But your Gmail is fair game.
SpaceX should build it in Matamoros, Mexico instead.
When no legal methods exist for consumers to obtain content in a way they demand, of course the only option left for them then is to illegally obtain that which they desire.
Does The Pirate Bay have any accessible proxies via TOR (.onion), NameCoin (.bit), or the Invisible Internet Project (.i2p)?
I'd like to see the MAFIAA try to shut those down.
Google pfSense and set it as your firewall.
That site you are looking for...
It already exists!
It's called Reddit.
grep me no patterns and I'll tell you no lines.