Prevent Confidential Data Being Encrypted
One of the challenges of securing data from leaks is preventing important files from being encrypted by file /text encryptor.
We certainly cannot block all programs that can convert confidential data into regular data by blocking those programs based on process names or hashes.
By using Digital Guardian, we can easily block any program from opening or reading confidential data, then let the legitimate programs like notepad and Office program to keep access to confidential files.
Here's the easy example how we do it:
<and> <equal> <evtSrcFileIsClassified /> <bool value="true" /> </equal> <not> <in> <curProcessImageName /> <list> <string value="WINWORD.EXE" /> <string value="EXCEL.EXE" /> <string value="POWERPNT.EXE" /> <string value="notepad.exe" /> <string value="explorer.exe" /> </list> </in> </not> <in> <evtOperationType /> <list> <constOpFileRead /> <constOpFileOpen /> <constOpAdePaste /> </list> </in> </and>
You may want to add more logical operations such as comparing the hashes of processes that can open important files to prevent the insider threat from bypassing this protection method.