Microsoft Purview Data Loss Prevention Can Detect Data Theft Attempts

Microsoft Purview Data Loss Prevention is able to detect file transfer utilities used by ransomware attackers, Microsoft announced on Wednesday.

Ransomware attackers use commonly available file transfer utilities to "exfiltrate" (or grab) data from victim organizations, typically uploading the data to a cloud storage service. It's possible to use Microsoft Purview Data Loss Prevention (formerly known as "Microsoft 365 Data Loss Prevention") to detect such data theft attempts, even when the attackers have renamed the file transfer utility to disguise it.

Here's how the announcement described it:

If configured correctly, Microsoft Purview DLP can detect adversaries utilizing any FTU or cloud application to exfiltrate sensitive data from endpoint devices. Microsoft Purview DLP can also identify the execution of these tools when adversaries rename them to remain undetected.

The announcement also named the file transfer utilities that are most commonly used by such attackers. They included rclone, MEGASync, ShareX, Filezilla, PCloud, WinSCP, PuTTy and FreeFileSync.

The data exfiltration protection isn't automatic with Microsoft Purview Data Loss Prevention. It has to be set up by IT pros, and the announcement listed the steps to take. After proper setup, Microsoft Purview Data Loss Prevention will generate audit logs on data exfiltration efforts and it'll also send alerts.

Microsoft Purview Data Loss Prevention was rebranded last month as part of an overall Microsoft Purview (formerly "Azure Purview") product announcement. With this rebrand, Microsoft promised that its data governance and compliance protections were getting integrated.

Microsoft this week announced a free 90-day trial of Microsoft Purview solutions, as described in this document. The free trial lets IT pros use all Microsoft Purview solutions, including the Data Loss Prevention one. However, organizations need to have an active Microsoft 365 E3 subscription to use the free trial.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube