Edge Pereira will demonstrate in this session why Office 365 DLP is making security cool again. With several demos and samples this session is great for you to understand how DLP works and how to setup one yourself.
1. Office 365 User Group – Brisbane - Australia
Office 365 DLP Makes Data Protection Cool Again!
Edge Pereira – Senior Consultant - Avanade
edge@superedge.net
4. Define: Cool
Space Shuttle Endeavour attached to the International Space Station, May 23, 2011
Source: http://www.esa.int/spaceinvideos/Videos/2011/06/ISS_with_Space_Shuttle_Endeavour_and_ATV-2_Docked
7. “By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses,
and PII (name, address, SSN, DOB, phone number, etc.)…”
1 Billion
Criminals are starting to favour PII
over financial information, because
it's easier to sell and leverage
Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html
Records Compromised in 2014
8. “It was often said that people were the weakest link in any security chain—and that was true when attacks were less
sophisticated. But today, no amount of education will stop hackers from getting into your network.”
$400
Million
There were 2,122 confirmed data
breaches in 2014
Source: http://www.forbes.com/sites/gilpress/2015/05/22/stopping-data-breaches-whose-job-is-it-anyway/
Losses Due to Data Breaches
9. “SCAMS strip Australians of at least $80 million a year and gathering a vault of personal information that can be used in
fraud sprees.”
$80
Million
Criminals are buying and selling
names, addresses, birth dates, bank
account and other personal details
on the black market to commit
identity fraud or find scam victims,
a report warns.
Source: http://www.heraldsun.com.au/news/law-order/scammers-steal-80-million-a-year-and-personal-information-from-australians/story-fni0fee2-1227358157405
Individual Losses Due to Scammers
13. “The personal details of world leaders – including David Cameron, Barack Obama and Vladimir Putin – have been
accidentally revealed in an embarrassing privacy breach.”
It has been discovered that an employee at the Australian immigration department mistakenly sent personal information of all
world leaders attending the G20 Summit to organisers of the Asian Cup football tournament.
And the heads of government were kept in the dark about the employee’s blunder.
The passport numbers and visa details of United States president, Barack Obama, the Russian president, Vladimir Putin, the
German chancellor, Angela Merkel, the Chinese president, Xi Jinping, the Indian prime minister, Narendra Modi, the Japanese
prime minister, Shinzo Abe, the Indonesian president, Joko Widodo, and the British prime minister, David Cameron, were all
exposed.
Source: http://www.independent.co.uk/news/world/personal-details-of-obama-putin-cameron-and-merkel-sent-to-wrong-email-address-by-g20-summit-organiser-10142539.html
Leaks and Training
18. 50%
Of the IT organizations will use security services firms that
specialize in data protection, security risk management and
security infrastructure management to enhance their security
postures
Source: http://www.gartner.com/newsroom/id/2828722
By 2018, Data Leakage Protection
19. Archiving for Non-Microsoft Data
Social — Twitter, Facebook, Yammer, LinkedIn, etc.
Instant messaging — Yahoo Messenger, GoogleTalk, Jabber, etc.
Document collaboration — Box, DropBox, etc.
Verticals — SalesForce Chatter, Thomson Reuters, Bloomberg, etc.
SMS/text messaging — BlackBerry, MobileGuard, etc.
29. Content Analysis Process
Joseph F. Foster
Visa: 4485 3647 3952 7352
Expires: 2/2012
Get
Content
4485 3647 3952 7352 a 16 digit number
is detected
RegEx
Analysis
1. 4485 3647 3952 7352 matches checksum
2. 1234 1234 1234 1234 does NOT match
Function
Analysis
1. Keyword Visa is near the number
2. A regular expression for date (2/2012)
is near the number
Additional
Evidence
1. There is a regular expression that matches
a check sum
2. Additional evidence increases confidence
Verdict
30. Force the DLP Updates
# Office 365 UserGroup – Brisbane – Australia
# Edge Pereira – edge@superedge.net
#
# Force the DLP down to the users using remote powershell
#
$cred = get-credential
$session = new-pssession -configurationname Microsoft.Exchange -connectionuri
https://ps.outlook.com/powershell/ -credential $cred -authentication basic -allowredirection
Import-pssession $session
Set-executionpolicy unrestricted
Start-managedfolderassistant <username>
Get-pssession | remove-pssession