WEBVTT 1 00:00:00.150 --> 00:00:01.500 In this lesson, 2 00:00:01.500 --> 00:00:05.940 we will learn about vulnerabilities and data security. 3 00:00:05.940 --> 00:00:07.020 Vulnerabilities 4 00:00:07.020 --> 00:00:11.610 and data security involve identifying system weaknesses 5 00:00:11.610 --> 00:00:13.440 and ensuring sensitive data 6 00:00:13.440 --> 00:00:17.430 is protected from unauthorized access or loss. 7 00:00:17.430 --> 00:00:20.430 Vulnerability and data security concepts 8 00:00:20.430 --> 00:00:24.540 include vulnerability scans and data loss prevention, 9 00:00:24.540 --> 00:00:26.610 or DLP, tools. 10 00:00:26.610 --> 00:00:30.630 Vulnerability scans are automated applications used 11 00:00:30.630 --> 00:00:31.650 to scan for 12 00:00:31.650 --> 00:00:35.790 and detect security flaws, misconfigurations, 13 00:00:35.790 --> 00:00:39.570 or unpatched software on the enterprise network. 14 00:00:39.570 --> 00:00:44.400 DLP is a security strategy that monitors, detects, 15 00:00:44.400 --> 00:00:47.550 and prevents unauthorized transmission 16 00:00:47.550 --> 00:00:50.310 or exposure of sensitive data. 17 00:00:50.310 --> 00:00:53.490 Let's learn more about vulnerability scans 18 00:00:53.490 --> 00:00:56.250 and data loss prevention tools. 19 00:00:56.250 --> 00:00:59.940 First, we have vulnerability scans. 20 00:00:59.940 --> 00:01:02.160 Vulnerability scans are used 21 00:01:02.160 --> 00:01:07.160 to identify potential security flaws in a network or system. 22 00:01:07.230 --> 00:01:09.150 Vulnerability scans search 23 00:01:09.150 --> 00:01:11.820 for weaknesses throughout a network, 24 00:01:11.820 --> 00:01:16.050 such as unpatched software, incorrect configurations, 25 00:01:16.050 --> 00:01:18.600 or other issues that could be exploited 26 00:01:18.600 --> 00:01:20.040 by an attacker. 27 00:01:20.040 --> 00:01:21.900 In an enterprise environment, 28 00:01:21.900 --> 00:01:25.740 vulnerability scans should be used regularly 29 00:01:25.740 --> 00:01:28.110 to ensure systems remain secure 30 00:01:28.110 --> 00:01:31.170 and compliant with industry standards, 31 00:01:31.170 --> 00:01:34.800 where the primary goal is to catch vulnerabilities 32 00:01:34.800 --> 00:01:36.960 before they are exploited, 33 00:01:36.960 --> 00:01:41.960 allowing IT teams to patch or reconfigure IT systems. 34 00:01:42.180 --> 00:01:43.350 For example, 35 00:01:43.350 --> 00:01:48.000 a company may run automated weekly vulnerability scans 36 00:01:48.000 --> 00:01:51.660 on their network to detect any new weaknesses, 37 00:01:51.660 --> 00:01:54.330 and ensure the weaknesses are addressed 38 00:01:54.330 --> 00:01:57.150 before they become serious threats. 39 00:01:57.150 --> 00:02:01.200 As implied, vulnerability scans should be scheduled 40 00:02:01.200 --> 00:02:04.590 and automatic in an enterprise setting 41 00:02:04.590 --> 00:02:07.470 to maintain consistent security. 42 00:02:07.470 --> 00:02:09.600 Running scans regularly, 43 00:02:09.600 --> 00:02:14.250 often weekly, or even daily depending upon the system, 44 00:02:14.250 --> 00:02:17.700 ensures that new vulnerabilities are identified 45 00:02:17.700 --> 00:02:19.980 as soon as they arise. 46 00:02:19.980 --> 00:02:24.240 Enterprises should also schedule vulnerability scans 47 00:02:24.240 --> 00:02:27.360 after significant changes to the system, 48 00:02:27.360 --> 00:02:29.670 such as software upgrades 49 00:02:29.670 --> 00:02:31.980 or configuration changes, 50 00:02:31.980 --> 00:02:35.160 to ensure these updates haven't introduced 51 00:02:35.160 --> 00:02:37.020 any new weaknesses. 52 00:02:37.020 --> 00:02:41.070 Automating this process reduces the risk of human error, 53 00:02:41.070 --> 00:02:44.520 and ensures that scans are conducted on time 54 00:02:44.520 --> 00:02:47.970 without the need for manual initiation. 55 00:02:47.970 --> 00:02:50.250 Finally, regularly reviewing 56 00:02:50.250 --> 00:02:54.360 and analyzing scan reports allows the security team 57 00:02:54.360 --> 00:02:56.310 to prioritize patches 58 00:02:56.310 --> 00:03:01.310 and fixes based on the severity of detected vulnerabilities. 59 00:03:01.560 --> 00:03:06.030 Several tools are widely used for vulnerability scans, 60 00:03:06.030 --> 00:03:09.947 including OpenVAS, Nessus, and Qualys. 61 00:03:10.815 --> 00:03:11.648 OpenVAS, 62 00:03:11.648 --> 00:03:14.910 the Open Vulnerability Assessment Scanner, 63 00:03:14.910 --> 00:03:16.680 is an open-source tool 64 00:03:16.680 --> 00:03:20.070 that is commonly used in enterprise environments 65 00:03:20.070 --> 00:03:24.840 to perform network scans and identify vulnerabilities. 66 00:03:24.840 --> 00:03:26.820 Nessus, on the other hand, 67 00:03:26.820 --> 00:03:29.490 is a popular commercial tool known 68 00:03:29.490 --> 00:03:32.490 for its extensive vulnerability database, 69 00:03:32.490 --> 00:03:33.780 ease of use, 70 00:03:33.780 --> 00:03:36.480 and powerful plugin system. 71 00:03:36.480 --> 00:03:40.650 Nessus plugins allow users to customize scans 72 00:03:40.650 --> 00:03:44.580 based on the specific needs of the organization, 73 00:03:44.580 --> 00:03:48.390 such as checking for particular vulnerabilities, 74 00:03:48.390 --> 00:03:52.260 or ensuring compliance with regulatory standards. 75 00:03:52.260 --> 00:03:53.580 For example, 76 00:03:53.580 --> 00:03:57.420 an enterprise may use a Nessus plugin to check 77 00:03:57.420 --> 00:03:59.220 for vulnerabilities related 78 00:03:59.220 --> 00:04:03.060 to Payment Card Industry Data Security Standard, 79 00:04:03.060 --> 00:04:06.390 or PCIDSS, compliance. 80 00:04:06.390 --> 00:04:10.620 Finally, Qualys offers a cloud-based solution 81 00:04:10.620 --> 00:04:14.700 that continuously scans an enterprise's infrastructure 82 00:04:14.700 --> 00:04:17.880 and integrates with asset management systems 83 00:04:17.880 --> 00:04:22.380 to monitor potential vulnerabilities in real time. 84 00:04:22.380 --> 00:04:27.380 Second, we have data loss prevention, or DLP, tools. 85 00:04:27.900 --> 00:04:30.480 Data loss prevention tools are used 86 00:04:30.480 --> 00:04:34.080 to prevent sensitive data from being accidentally 87 00:04:34.080 --> 00:04:38.250 or intentionally shared with unauthorized parties. 88 00:04:38.250 --> 00:04:42.990 DLP tools monitor data in transit, at rest, 89 00:04:42.990 --> 00:04:47.250 and in use across various enterprise systems, 90 00:04:47.250 --> 00:04:51.090 detecting when sensitive data is at risk. 91 00:04:51.090 --> 00:04:52.740 In an enterprise, 92 00:04:52.740 --> 00:04:56.880 DLP solutions are integrated into workflows 93 00:04:56.880 --> 00:04:58.800 to protect sensitive data, 94 00:04:58.800 --> 00:05:01.020 such as customer records, 95 00:05:01.020 --> 00:05:02.820 intellectual property, 96 00:05:02.820 --> 00:05:05.220 and financial information. 97 00:05:05.220 --> 00:05:07.710 These systems monitor data 98 00:05:07.710 --> 00:05:10.200 as it moves through various channels, 99 00:05:10.200 --> 00:05:12.870 such as email, cloud storage, 100 00:05:12.870 --> 00:05:15.150 and internal applications, 101 00:05:15.150 --> 00:05:17.610 to ensure that it isn't accidentally 102 00:05:17.610 --> 00:05:19.620 or intentionally shared 103 00:05:19.620 --> 00:05:22.020 with unauthorized parties. 104 00:05:22.020 --> 00:05:23.070 To do this, 105 00:05:23.070 --> 00:05:27.690 DLP solutions are designed to automatically detect, 106 00:05:27.690 --> 00:05:31.470 classify, and protect sensitive information 107 00:05:31.470 --> 00:05:36.150 as part of the day-to-day processes within the business, 108 00:05:36.150 --> 00:05:39.810 ensuring compliance with regulatory requirements 109 00:05:39.810 --> 00:05:42.870 and internal security policies. 110 00:05:42.870 --> 00:05:46.620 Then, DLP tools enforce policies 111 00:05:46.620 --> 00:05:49.920 that define how sensitive data should be handled 112 00:05:49.920 --> 00:05:52.050 within the organization. 113 00:05:52.050 --> 00:05:54.420 These policies may include actions, 114 00:05:54.420 --> 00:05:59.070 such as alerting security teams, blocking transmission, 115 00:05:59.070 --> 00:06:01.980 quarantining the data for review, 116 00:06:01.980 --> 00:06:05.520 or using a technique known as tombstoning, 117 00:06:05.520 --> 00:06:07.830 which replaces sensitive content 118 00:06:07.830 --> 00:06:11.100 with information about the policy violation 119 00:06:11.100 --> 00:06:13.080 and how to remediate. 120 00:06:13.080 --> 00:06:17.310 For example, a DLP system may block the sending 121 00:06:17.310 --> 00:06:20.580 of an email containing credit card numbers 122 00:06:20.580 --> 00:06:23.940 while simultaneously alerting the security team 123 00:06:23.940 --> 00:06:26.160 to investigate the incident. 124 00:06:26.160 --> 00:06:29.580 During this process, the system scans the content 125 00:06:29.580 --> 00:06:32.610 of outgoing emails in real-time, 126 00:06:32.610 --> 00:06:37.020 identifying any sensitive data, like credit card numbers, 127 00:06:37.020 --> 00:06:40.620 based on predefined patterns or keywords. 128 00:06:40.620 --> 00:06:43.470 Once detected, the DLP system 129 00:06:43.470 --> 00:06:47.400 enforces the organization's security policies. 130 00:06:47.400 --> 00:06:50.520 So if the policy is set to block, 131 00:06:50.520 --> 00:06:52.590 the email is immediately stopped 132 00:06:52.590 --> 00:06:55.440 before it leaves the organization, 133 00:06:55.440 --> 00:06:57.600 preventing the accidental 134 00:06:57.600 --> 00:07:00.750 or malicious transmission of sensitive data 135 00:07:00.750 --> 00:07:03.450 to an unauthorized recipient. 136 00:07:03.450 --> 00:07:07.410 Or if the DLP policy is set to quarantine, 137 00:07:07.410 --> 00:07:09.480 the email is not delivered, 138 00:07:09.480 --> 00:07:13.710 but instead held in a secure queue for further review 139 00:07:13.710 --> 00:07:17.220 by the security team or compliance officer. 140 00:07:17.220 --> 00:07:21.300 This allows the team to inspect the email's content, 141 00:07:21.300 --> 00:07:23.460 evaluate the context, 142 00:07:23.460 --> 00:07:26.820 and decide whether to release it, modify it, 143 00:07:26.820 --> 00:07:28.650 or permanently block it. 144 00:07:28.650 --> 00:07:32.880 In cases where the DLP policy uses tombstoning, 145 00:07:32.880 --> 00:07:36.180 sensitive information, like credit card numbers, 146 00:07:36.180 --> 00:07:38.160 could be automatically replaced 147 00:07:38.160 --> 00:07:41.220 with a placeholder, such as redacted, 148 00:07:41.220 --> 00:07:42.660 ensuring the document 149 00:07:42.660 --> 00:07:45.810 or email can still be shared internally 150 00:07:45.810 --> 00:07:48.630 without exposing sensitive data. 151 00:07:48.630 --> 00:07:50.010 This method ensures 152 00:07:50.010 --> 00:07:53.100 that business workflows continue smoothly 153 00:07:53.100 --> 00:07:57.030 while maintaining compliance and protecting critical data 154 00:07:57.030 --> 00:07:59.400 from unauthorized exposure. 155 00:07:59.400 --> 00:08:02.910 Several data loss prevention tools are available 156 00:08:02.910 --> 00:08:04.350 to enterprises, 157 00:08:04.350 --> 00:08:09.350 including Symantec DLP and Microsoft Purview. 158 00:08:09.960 --> 00:08:13.470 Symantec DLP has robust capabilities 159 00:08:13.470 --> 00:08:16.770 to monitor data across multiple channels, 160 00:08:16.770 --> 00:08:20.790 such as endpoints, email, and cloud environments. 161 00:08:20.790 --> 00:08:25.110 It provides granular control over sensitive information 162 00:08:25.110 --> 00:08:28.290 by applying predefined policies that detect 163 00:08:28.290 --> 00:08:30.570 and prevent data loss. 164 00:08:30.570 --> 00:08:33.150 Microsoft Purview, on the other hand, 165 00:08:33.150 --> 00:08:36.570 integrates DLP functionality directly 166 00:08:36.570 --> 00:08:39.060 into Microsoft applications, 167 00:08:39.060 --> 00:08:42.840 such as SharePoint, Teams, and Outlook. 168 00:08:42.840 --> 00:08:45.210 This integration makes it easy 169 00:08:45.210 --> 00:08:49.110 for enterprises using Microsoft's suite of tools 170 00:08:49.110 --> 00:08:52.770 to protect sensitive data as it moves within 171 00:08:52.770 --> 00:08:55.530 and outside the organization. 172 00:08:55.530 --> 00:08:58.020 Both tools enable enterprises 173 00:08:58.020 --> 00:09:01.710 to enforce data protection policies effectively 174 00:09:01.710 --> 00:09:04.470 across various platforms. 175 00:09:04.470 --> 00:09:08.490 So remember, vulnerability scans 176 00:09:08.490 --> 00:09:12.210 and data loss prevention, or DLP, tools 177 00:09:12.210 --> 00:09:16.680 are key components of an enterprise's security strategy. 178 00:09:16.680 --> 00:09:21.480 Vulnerability scans help identify weaknesses in systems, 179 00:09:21.480 --> 00:09:23.580 such as outdated software 180 00:09:23.580 --> 00:09:27.750 or misconfigurations that attackers could exploit. 181 00:09:27.750 --> 00:09:30.870 These scans should be scheduled regularly, 182 00:09:30.870 --> 00:09:34.890 and automated to ensure consistent security monitoring 183 00:09:34.890 --> 00:09:37.050 and timely remediation. 184 00:09:37.050 --> 00:09:42.050 Next, DLP tools focus on protecting sensitive data 185 00:09:42.060 --> 00:09:45.600 by monitoring its movement across different channels 186 00:09:45.600 --> 00:09:47.850 within an organization. 187 00:09:47.850 --> 00:09:50.460 DLP tools enforce policies 188 00:09:50.460 --> 00:09:53.730 that prevent unauthorized sharing of data 189 00:09:53.730 --> 00:09:55.200 to ensure compliance 190 00:09:55.200 --> 00:09:57.390 with regulatory requirements, 191 00:09:57.390 --> 00:10:02.250 using actions such as alerts, blocking, quarantining, 192 00:10:02.250 --> 00:10:05.640 and tombstoning data when necessary. 193 00:10:05.640 --> 00:10:09.780 Together, vulnerability scans and DLP tools 194 00:10:09.780 --> 00:10:13.920 help businesses proactively secure their IT systems 195 00:10:13.920 --> 00:10:16.533 and protect valuable information.