Malicious Data Leak Prevention and Purposeful Evasion Attacks: An approach to Advanced Persistent Threat (APT) management

Existing Data Leak Prevention (DLP) solutions are inherently incapable of scaling beyond trivial scenarios of “Accidental Data Leak” wherein no “Purposeful Evasion Attack” is encountered. Nevertheless, these attacks can render a DLP system completely useless (or greatly depreciate the effectiveness/usefulness of any DLP solution). A true DLP solution, therefore, must support “Malicious Data Leak Prevention” capability wherein “Purposeful Evasion Attacks” can be effectively detected and prevented. With the advent of Advanced Persistent Threats (APTs) against Information Security and DLP Systems, “Purposeful Evasion Attacks” have emerged as the most sophisticated class of threats against DLP solutions. Unfortunately, “Purposeful Evasion Attacks” have also remained un-addressed in their most basic forms. This paper presents (1) an insight into the lifecycle of APTs launched against Information Security and DLP systems, (2) a classification of real-life “Purposeful Evasion Attacks” against Information Security and DLP systems, (3) a reference model for enabling Malicious Data Leak Prevention (called 3-D Correlation Paradigm).