1. Home
  2. Mitigations
  3. Data Loss Prevention

Data Loss Prevention

Use a data loss prevention (DLP) strategy to categorize sensitive data, identify data formats indicative of personal identifiable information (PII), and restrict exfiltration of sensitive data.[1]

ID: M1057
Version: 1.0
Created: 04 August 2021
Last Modified: 30 August 2021
Enterprise Layer
download view

Techniques Addressed by Mitigation

Domain ID Name Use
Enterprise T1025 从可移动介质获取数据

Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted.
Enterprise T1005 从本地系统获取数据

Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted.
Enterprise T1537 传输数据至云账户

Data loss prevention can prevent and block sensitive data from being shared with individuals outside an organization.[2] [3]
Enterprise T1048 替代协议渗出

Data loss prevention can detect and block sensitive data being uploaded via web browsers.
.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol

Data loss prevention can detect and block sensitive data being uploaded via web browsers.
.003 Exfiltration Over Unencrypted Non-C2 Protocol

Data loss prevention can detect and block sensitive data being sent over unencrypted protocols.
Enterprise T1020 .001 自动化渗出: Traffic Duplication

Implement Data Loss Prevention (DLP) solutions to monitor, detect, and control the flow of sensitive information. DLP tools can be configured to block unauthorized attempts to exfiltrate data, such as preventing emails from being forwarded to external recipients or monitoring for suspicious data transfers. By creating email flow rules and applying policies to detect anomalies, DLP solutions help mitigate the risk of data exfiltration over alternative protocols.
Enterprise T1041 通过C2信道渗出

Data loss prevention can detect and block sensitive data being sent over unencrypted protocols.
Enterprise T1052 通过物理介质渗出

Data loss prevention can detect and block sensitive data being copied to physical mediums.
.001 Exfiltration over USB

Data loss prevention can detect and block sensitive data being copied to USB devices.
Enterprise T1567 通过网络服务渗出

Data loss prevention can be detect and block sensitive data being uploaded to web services via web browsers.
.004 Exfiltration Over Webhook

Data loss prevention can be detect and block sensitive data being uploaded to web services via web browsers.

References

  1. Michael Swanagan. (2020, October 24). 7 Data Loss Prevention Best Practices & Strategies. Retrieved August 30, 2021.
  2. Microsoft. (2024, January 9). Learn about data loss prevention. Retrieved March 4, 2024.
  1. Google. (n.d.). Use Workspace DLP to prevent data loss. Retrieved March 4, 2024.