https://community.isc2.org/t5/Cloud-Security/Here-s-why-you-need-CASB-SASE-DLP-Data-Lifecycle-Management/m-p/68011#M399 <P>With the right kit and integrations this kind of behaviour is detectable at outset in real time and straight up preventable.</P><P>&nbsp;</P><P>The attacker took critical company data and sent it to his personal Google account, just with a CASB there are at least five vendors that can detect and prevent that out of the box.</P><P>&nbsp;</P><P>Add in the rest of the controls and send them to a good SIEM, and do anomaly detection and properly staff it. Well, probably you’re looking at a 10-20 million dollar investment for a company the size of Google with its assets, however this was not a skilled attacker so you could have been aware from the moment he tried to take the first file, and very likely before. Just a policy preventing transfer of documents to a personal Google Google account would have detected and prevented this.</P><P><SPAN><BR />However as a very good salesman once said:</SPAN></P><P>&nbsp;</P><P>”No one want’s back-up, everyone wants recovery…”</P><P><BR /><BR /></P><P>&nbsp;</P> Thu, 07 Mar 2024 23:55:07 GMT Early_Adopter 2024-03-07T23:55:07Z https://community.isc2.org/t5/Cloud-Security/Here-s-why-you-need-CASB-SASE-DLP-Data-Lifecycle-Management/m-p/67976#M396 … and a whole lot of analytics!<BR /><BR />Maybe Google will “Chronicle” this… <span class="lia-unicode-emoji" title=":face_with_tongue:">😛</span><BR /><BR /><A href="https://www.bbc.com/news/world-us-canada-68497508" target="_blank">https://www.bbc.com/news/world-us-canada-68497508</A> Thu, 07 Mar 2024 04:04:11 GMT https://community.isc2.org/t5/Cloud-Security/Here-s-why-you-need-CASB-SASE-DLP-Data-Lifecycle-Management/m-p/67976#M396 Early_Adopter 2024-03-07T04:04:11Z https://community.isc2.org/t5/Cloud-Security/Here-s-why-you-need-CASB-SASE-DLP-Data-Lifecycle-Management/m-p/68005#M398 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/797288093">@Early_Adopter</a>Security the AI models from the outset, would have reduced some of these issues.&nbsp; But without it being built in from the outset, we are all in experimentation land and catch up mode.</P><P>&nbsp;</P><P>This issue should have been detected a lot earlier on.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P> Thu, 07 Mar 2024 21:18:41 GMT https://community.isc2.org/t5/Cloud-Security/Here-s-why-you-need-CASB-SASE-DLP-Data-Lifecycle-Management/m-p/68005#M398 Caute_cautim 2024-03-07T21:18:41Z https://community.isc2.org/t5/Cloud-Security/Here-s-why-you-need-CASB-SASE-DLP-Data-Lifecycle-Management/m-p/68011#M399 <P>With the right kit and integrations this kind of behaviour is detectable at outset in real time and straight up preventable.</P><P>&nbsp;</P><P>The attacker took critical company data and sent it to his personal Google account, just with a CASB there are at least five vendors that can detect and prevent that out of the box.</P><P>&nbsp;</P><P>Add in the rest of the controls and send them to a good SIEM, and do anomaly detection and properly staff it. Well, probably you’re looking at a 10-20 million dollar investment for a company the size of Google with its assets, however this was not a skilled attacker so you could have been aware from the moment he tried to take the first file, and very likely before. Just a policy preventing transfer of documents to a personal Google Google account would have detected and prevented this.</P><P><SPAN><BR />However as a very good salesman once said:</SPAN></P><P>&nbsp;</P><P>”No one want’s back-up, everyone wants recovery…”</P><P><BR /><BR /></P><P>&nbsp;</P> Thu, 07 Mar 2024 23:55:07 GMT https://community.isc2.org/t5/Cloud-Security/Here-s-why-you-need-CASB-SASE-DLP-Data-Lifecycle-Management/m-p/68011#M399 Early_Adopter 2024-03-07T23:55:07Z