Microsoft Purview Data Loss Prevention Can Detect Data Theft Attempts -- Redmondmag.com

Microsoft Purview Data Loss Prevention Can Detect Data Theft Attempts

By Kurt Mackie
05/05/2022

Microsoft Purview Data Loss Prevention is able to detect file transfer utilities used by ransomware attackers, Microsoft announced on Wednesday.

Ransomware attackers use commonly available file transfer utilities to "exfiltrate" (or grab) data from victim organizations, typically uploading the data to a cloud storage service. It's possible to use Microsoft Purview Data Loss Prevention (formerly known as "Microsoft 365 Data Loss Prevention") to detect such data theft attempts, even when the attackers have renamed the file transfer utility to disguise it.

Here's how the announcement described it:

If configured correctly, Microsoft Purview DLP can detect adversaries utilizing any FTU or cloud application to exfiltrate sensitive data from endpoint devices. Microsoft Purview DLP can also identify the execution of these tools when adversaries rename them to remain undetected.

The announcement also named the file transfer utilities that are most commonly used by such attackers. They included rclone, MEGASync, ShareX, Filezilla, PCloud, WinSCP, PuTTy and FreeFileSync.

The data exfiltration protection isn't automatic with Microsoft Purview Data Loss Prevention. It has to be set up by IT pros, and the announcement listed the steps to take. After proper setup, Microsoft Purview Data Loss Prevention will generate audit logs on data exfiltration efforts and it'll also send alerts.

Microsoft Purview Data Loss Prevention was rebranded last month as part of an overall Microsoft Purview (formerly "Azure Purview") product announcement. With this rebrand, Microsoft promised that its data governance and compliance protections were getting integrated.

Microsoft this week announced a free 90-day trial of Microsoft Purview solutions, as described in this document. The free trial lets IT pros use all Microsoft Purview solutions, including the Data Loss Prevention one. However, organizations need to have an active Microsoft 365 E3 subscription to use the free trial.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.