Insights: In Data LossAvoiding a “Panama Papers” Episode

Lessons must be learnt from the Panama Papers fiasco, where 11.5 million documents (2.6 TB data, mostly emails) were leaked from the internal database of Panamanian law firm Mossack Fonseca. Almost 40 years of confidential financial information, identifying numerous high-ranking govern-ment and public officials from around the world, was last year disclosed online by the International Consortium of Investigative Journalists (ICIJ).

Using e-discovery tools, like those employed in the forensics pursuit of illegal activities such as insider trading and tax evasion; ICIJ uncovered why key political figures – such as Sigmundur David Gunnlaugsson, the Prime Minister of Iceland; David Cameron, the Prime Minister of the United Kingdom and Vladimir Putin, the President of Russia – have all been subject to significant scrutiny; and prominent international organizations are now being investigated for fraudulent and criminal behaviour.

apvera.com

Insights Data Loss Prevention

How did Panama Papers Episode happen?

“Organizations should fully understand the magnitude,

intensity and acceleration of technology risks

over the past 12 months. They should implement

robust insider threat management systems as well as

compliant operating processes to mitigate these risks."

MOSSAKFONSECA

Personal

Information

FinancialData

DATACOLLECTION

MaliciousInsider

DATAEXPOSED

Lack ofVisibility &Controls

DataStored

2.6 TBData Leak

Why Insight 360™

11.5 million documents 2.6 TB data of mostly emails were leaked from Panamanian law firm Mossack Fonseca. Private, sensitive financial information of prominent international organisations and key political figures and were compromised. Many are now being investigated for criminal and fraudulent behaviour.

Apvera Insight 360™ uses artificial intelligence and machine-learning based User & Entity Behaviour Analytics plus a highly integrated Intrusion Detection & Protection System capabilities to protect against internal and external threats, malicious actors, ihherent vulnerabilities and complex cyber security attacks.

Data Loss Prevention delivers visibility, movement, access and prevention of data loss in one integrated analytics behavioral platform.

Benefits • Beyond Perimeter Protection • Frictionless Deployment • End to End Policy Control • Sensitive Asset Protection

apvera.com

Reputational damage, can you or your customers bear it The cold, hard truth is the reputation of family offices, hedge funds and fiscal empires are fickle. It takes very little to reverse decades of good intentions, charitable actions and business best practice, just ask Mossack Fonseca.

Insights Data Loss Prevention

International regulations and complianceHow far reaching can a breach be to your business, and what are your legal obligations to risk management across the different jurisdictions of your own, and your customers’ regional offices? Typically, senior manage-ment and the board are legally responsible.

Proliferation of the devicesIncreasingly cyber security criminals are operating more sophisticated attacks that take advantage of mobiles, printers, IoT (Internet of Things) devices; consequently targeting innocent and inexperienced victims inside prominent business and government organizations.

Modernizing corporate data policies As traditional networking and security solutions are considered ineffective, a new approach is required. Public WiFi, refreshing passwords and public cloud usage policies need to be revaluated. End user education is paramount.

User and entity based behavioral analytics By leveraging artificial intelligence and machine-learning algorithms, malicious activity that would otherwise go unnoticed can be exposed. By applying forensic and analytic techniques, like those used ‘after the event’ in the Panama Papers, anomalous internal/external behavior can be found through real-time, live, deep-packet inspection.

Always protect your most valuable assets The data owned by your business - financials, client related information, employee records etc. - is probably your most valuable asset. Whether your reputation is at risk from confidential information being made public or if its important data being stolen to commit fraud, a comprise to your online systems could lead to huge losses. Protect your data with adequate cyber security measures.

Monitor unusual network activity and malicious Insider ThreatProtect against irregular data exfiltration, whether it be 2.6TB stolen in one hit, or in small batches sent to a suspicious destination Internet address over an extended period. Non-intrusive oversights can help prevent against innocent mistakes, such as Phishing & Ransomware exposures, or even mitigate the chance of more intentional, premeditated insider attacks (e.g. IP, financial or personal data theft).

Classify your most sensitive data ‘Not all data is considered equal’, nor should it be safeguarded in the same way. Micro-segmentation, encryp-tion-at-rest, and physical asset segregation are but a few techniques that can be employed to deter abuse of privileged access and Insider Data Exfiltration.

How might this breach have been avoided?

What could have been done to mitigated the breach?

The breach at Mossack Fonseca could have been avoided through proactive deployment of intrusion analytics, user & entity behavioural analytics (UEBA), and data loss prevention (DLP). Combining industry best practices for these three cyber security techniques; Apvera Insight 360™ delivers DLP visibility, movement, access and prevention in one sophisticated platform.

Protect your business from online compromises with Apvera Insight 360™

Apvera is a next generation threat intelligence platform that aims to enable organizations to deliver Insight into user behavioral usage patterns. We help companies understand enterprise security by focusing on user interaction levels and relationships with services and applications that may be deemed a threat; ensuring compliance with IT policies. Apvera leverages analytics to anticipate and prevent security breaches by identifying irregularities in usage behavior.

Insights Data Loss Prevention

apvera.com

Key Features and Benefits

Sensitive Asset Protection

all high value assets with fine grained

access intelligence, adding an invaluable

additional layer of security on top of existing

industry standard windows & active directory policies.

End to End Policy Control

Policy engine that enables contextual network access control across any device

that traverses the environment. Contextual controls are

based on multiple variables, including user, time, location,

access, and device.

Frictionless Deployment

Agent and cloud API based approaches lack the ability to

measure risk across larger distributed environments. Non-intrusive plug & learn

sensor-based technologies allow for device agnostic granular policies across any context.

Allow organizations to monitor, alert, analyze, investigate,

respond, share, and detect known and unknown threats regardless of organizational

size or skill set, widening the circle of protection

on premise and in the cloud.

Beyond the Perimeter

Gain actionable intelligence empowers organizations with crucial insights and enables to anticipate

Find granular enforceable activities related to user, device, keywords, location, and applications

Uncover broad internal and external public misuses of data, exposures and exfiltration

Understand the extent of compliant and rogue application adoption and usage

Discover actionable anomalous employee behavior by checking against historical patterns

Pinpoint threatening users, devices and risky user transactions caused by advanced persistent threats

Find DLP offers an extra layer of data security on top of industry standard AD and windows policies

Address compliance and legal hold requirements through insightful risky behavior and threat analysis

Insights Data Loss Prevention

DATACLASSIFICATION

Employee

Content

Application

Network

DeviceEmployeeDevices

3rd PartyApplications

Sensor

On-Premiseor Cloud

DATACOLLECTION

AdvancedCorrelation

PatternDetection

BehavioralAnalytics

HistoricalContext

EVENTWAREHOUSE

Policy

Visualization &Governance

who . what . when . where . how

UNITED STATES2443 Fillmore St Suite #380-7232San Francisco, CA 94115

+1 415 891 2270

SINGAPORE#07-11 Blk 71 Ayer Rajah CrescentSingapore, 139551

+65 3158 8697 sales@apvera.com

HONG KONG4/F, C Wisdom Centre37 Hollywood RoadHong Kong S.A.R.

+852 5803 2940

Where Apvera Steps In

The infographic above demonstrates the threat mitigation life cycle and how Apvera Insight 360™ can be installed inside a business’s existing network. Whether your objective is to assess risks, enforce policies, or discover and secure sensitive content in your environment, the platform can give you a simple, real time view of your network, highlighting any potential risks. It also includes predictive technology that will alert you when an online activity or behaviour is suspicious before it escalates into something more serious.