Data Classification and Handling

Category

Requirement

CSCC

SAMA CSF

ECC-1

Data Classification & Handling

All data assets and all IT assets are categorized in accordance with applicable statutory, regulatory, and contractual requirements

2-6-1-2

2-1-5
2-7-3-2
4-2-3-1

Lucidum discovers every asset and every account in your environment, even those not discovered by your security solutions. Lucidum uses proprietary rule-based algorithms and machine learning algorithm to find all the data in your environment. Lucidum then examines the data, classifies the data and assigns a risk value to the data. In ascending order from least risk to most risk, data is classified as public (lowest risk), private, confidential, restricted (highest risk)

The overall risk score for an asset is greater if the associated data is more sensitive.

Lucidum can help you inventory and classify assets and data and monitor security policies for them.

After Lucidum ingests data from your security solutions, Lucidum uses graph data, machine learning, and predictive analytics to detect and classify all assets and users, even those not detected by the solutions in your environment.

You can then create queries to find a list of all data and assets in your environment, export the list, or create dashboards.

You can also view pre-built dashboards, called Value-Oriented Dashboards or VODs. You can easily edit these dashboards to suit your needs or easily create your own custom dashboards about assets and data.

Data Governance & Exfiltration #

An example dashboard, Data Governance & Exfiltration, displays details about assets, users, and data.

The Data Governance & Exfiltration dashboard looks like this:

data_governance_exfiltration.png

The Data Governance & Exfiltration dashboard includes:

  • Count of Asset by Data Classification. Specifies the number of assets with private, confidential, and restricted data.

  • Sensitive Data Access by Remote Disabled User, by Manager. Specifies the number of remote users who are disabled in Active Directory and accessing confidential and restricted data. The count is organized by manager.

  • Zombie User File Access. Zombie users are those users who are using applications in your environment but are not managed in directory services. This chart specifies the number of zombie users accessing files.

  • Remote Zombie User w/Secure Data. This chart specifies the number of zombie users accessing confidential and restricted data.

  • Unmanaged by Department. This chart specifies assets that do not have endpoint management but are used by an Active Directory user, by department.

  • Unmanaged Assets by Dept. This chart specifies assets that do not have endpoint management, by department.

  • Disabled Users Accessing Files by Dept. Specifies the number of users who are disabled in Active Directory and are also accessing files, organized by department.

  • Unmanaged Assets by Mgr. This chart specifies assets that do not have endpoint management, by department.

  • Unknown Assets by Mgr. Assets that have been discovered by a DHCP tool or vulnerability scan but are not in Active Directory, by agent.

  • Unmanaged Accessing Data. This chart specifies assets that do not have endpoint management and the types of data these assets are accessing.

  • Disabled Users Accessing Files by Mgr. Specifies users who are disabled in Active Directory and accessing files. The count is organized by manager.

  • Disabled Users Accessing Files by User. Specifies users who are disabled in Active Directory and accessing files. The count is organized by manager.

Assets With File Access #

Another example dashboard, Assets with File Access, displays information about file sharing, FTP, SCP, and HTTP/HTTPS servers

The Assets with File Access dashboard looks like this:

assets_with_file_access.png

The Assets with File Access dashboard includes:

  • File Sharing Assets. Number of assets with one or more of these services: FTP, SSH, HTTP, NFS, CIFS or Microsoft-DS.

  • Public File Sharing Assets. Number of assets with a public IP address and one or more of these services: FTP, SSH, HTTP, NFS, CIFS or Microsoft-DS.

  • Public File Sharing Assets Managed. Assets with a public IP address, both with and without endpoint and one or more of these services: FTP, SSH, HTTP, NFS, CIFS, or Microsoft-DS. Displayed by assets with endpoint protection and assets without endpoint protection.

  • File Sharing Assets w/Critical CVEs. Number of assets with a public IP address, one or more critical CVEs, and one or more of these services: FTP, SSH, HTTP, NFS, CIFS, or Microsoft-DS.

  • File Sharing Assets Critical CVEs. Assets with a public IP address, one or more critical CVEs, and one or more of these services: FTP, SSH, HTTP, NFS, CIFS, or Microsoft-DS. Organized by CVE.

  • FTP Assets. Number of assets running the FTP service.

  • Public FTP Assets. Number of assets running the FTP service and with a public IP address.

  • Public FTP Assets Managed. Assets running the FTP service and with a public IP address. Displayed by assets with endpoint protection and assets without endpoint protection.

  • FTP Assets w/Critical Vulnerabilities. Number of assets running the FTP service and with a critical CVE.

  • FTP Assets Critical CVEs. Assets running the FTP service and with a critical CVE. Organized by CVE.

  • SCP Assets. Number of assets running the SCP service.

  • Public SCP Assets. Number of assets running the SCP service and with a public IP address.

  • Public SCP Assets Managed. Assets running the SCP service and with a public IP address. Displayed by assets with endpoint protection and assets without endpoint protection.

  • SCP Assets w/Critical Vulnerabilities. Number of assets running the SCP service and with a critical CVE.

  • SCP Assets Critical CVEs. Assets running the SCP service and with a critical CVE. Organized by CVE.

  • HTTP/S Assets. Number of assets running the HTTP service.

  • Public HTTP/S Assets. Number of assets running the HTTP service and with a public IP address.

  • Public HTTP/S Assets Managed. Assets running the HTTP service and with a public IP address. Displayed by assets with endpoint protection and assets without endpoint protection.

  • HTTP/S Assets w/Critical Vulnerabilities. Number of assets running the HTTP service and with a critical CVE.

  • HTTP/S Assets Critical CVEs. Assets running the HTTP service and with a critical CVE. Organized by CVE.