Category Archives: Cisco

  • 0

How Cisco Engineers Used Machine Learning to Solve an Impossible Problem

Category : Cisco

In 2015 Rich West, a systems architect with Cisco’s infosec team, approached an engineer on Cisco’s Advanced Security Research team with a novel problem. The infosec team was looking for a way to protect Cisco employees from malware in encrypted traffic without sacrificing their privacy. At the time, there was really only one viable option, which was to proxy and inspect all SSL and TLS traffic by decrypting it.

When done maliciously it’s referred to as a man-in-the-middle attack. And even when done as a defensive measure, it can still be viewed as a breach of privacy, since it essentially breaks the encryption trust chain of any end user sending traffic to a secure site like a bank or an encrypted e-mail service. It’s also computationally expensive, enough so to cause a substantial degradation in network performance, not to mention the burden of managing extra SSL certificates, which are required to re-sign traffic after it is inspected.

Rich West and his team decided ultimately that the privacy trade-off was not worth it. They wanted a new approach, one that didn’t involve sending Cisco’s internal traffic through a bottleneck inspection point. To help, West contacted Cisco Engineering Fellow David McGrew.

A Complex, Unsolved Problem

McGrew had been working in Cisco’s Advanced Security Research group on new ways of algorithmically finding malware using NetFlows. When West made his team’s case for needing a method of finding attacks in encrypted data, McGrew decided to see if he could blend the two efforts. What followed is a two-year project that is now nearing its completion.

It is part of Cisco’s launch announced this week, a host of new networking products and software aimed to fundamentally change the blueprint of modern networks to one that is powered by intent and informed by context.

The data model McGrew and his team developed is called Encrypted Traffic Analytics (ETA), and it represents a huge step forward in Cisco’s goal to use its massive network and data set, combined with automation and machine learning, to apply security everywhere.

Encryption is most often viewed as a good thing. It keeps private Internet transactions and conversations private, free from man-in-the-middle attackers looking to glean private info or alter data in transit.

With the growing use of cloud services in enterprise environments, and the gentle pushes from companies like Google and Mozilla that force sites to use TLS, companies are accepting and routing a lot more encrypted traffic.

All encrypted traffic must first be signed with a certificate from a trusted certificate authority (CA). New authorities are spurring the growth in TLS traffic by making the process much easier and more cost-effective. A recent CSO article quoted a vice president at Venafi who described a “dangerous scenario” in which the cost of encryption has now effectively dropped to zero, leaving it a cheap operative for hackers to employ. And they are doing so.

Cyber attackers are hiding their command and control activity and data exfiltration efforts by passing through common ports just like normal TLS or SSL traffic.

For McGrew, detecting malware mixed in with that normal traffic was a rich, complex use case involving massive data sets, which is just the type of problem he enjoys tackling.

A NetFlow, he said in an interview, contains valuable information, but also has its contextual limitations. “It tells you what two devices talked, how long, how many bytes they sent, and things like that.” But it’s by no means a complete picture.

McGrew believed, however, the debate of privacy versus security should not always be a duality—a one-or-the-other choice. He also knew that in order to find a solution for a problem this complex, he’d need to create it from scratch, which would involve a lot of code writing and intensive data modeling.

‘OK, What Do You Need?’ — ‘Data. Lots of data.’

McGrew needed resources to get started, so he tapped Cisco’s Technology Investment Fund.

‘Tech Fund’ projects at Cisco are typically those that develop new products or technologies with the goal of disrupting the status quo. These projects can often take years to develop.

Even with funding secured, before a project could be formed and code written, McGrew also needed help obtaining and analyzing data samples from Cisco’s enormous network, including malware samples.

To leap this hurdle, McGrew enlisted the help of Blake Anderson in March 2015. Anderson is a data scientist who obtained his Ph.D. studying the application of machine learning to cybersecurity. At the time, he was working with the Los Alamos National Laboratory in New Mexico, applying machine learning methods to malware analysis.

When Anderson joined Cisco, McGrew’s small team had been developing analysis tools and had some success identifying specific applications using only NetFlow data. For instance, they were able to spot when a NetFlow was coming from a user’s Chrome browser or Microsoft’s update service. But the team had not yet applied any malware data.

To get the samples they needed, Anderson and the team worked with practically every product team at Cisco, including the internal infosec team, the Talos threat intelligence group and the recently acquired ThreatGRID team, which joined the Cisco portfolio in 2014.

After spending months writing more than 10,000 lines of code, McGrew and Anderson had a practical test for their data models. Using millions of packet captures and known malware samples, Anderson began sifting through it all and finding the “most descriptive characteristics” that would differentiate what was malware and what was benign traffic without decrypting anything.

“I think [gathering the right data] was the most important thing,” Anderson said. “Whereas a lot of times you see people saying, ‘We have this interesting data, what can we do with it?’ We took the opposite approach.” Anderson and McGrew began with a wish list of what data they would need, and then shopped it around Cisco’s product teams to help make it possible.

Fingerprinting Hidden Malware

Since at least 2009 attackers have been finding ways to abuse the trust system of the Internet by using forged, stolen or even legitimately signed SSL certificates.

TLS certificates signed by a valid CA give users reassurance that the site they’re visiting is legitimate. But it can also prove a false reassurance, as this sense of trust can play right into the hands of attackers. They will use that false sense of safety to lure victims into handing over their login credentials or downloading a malware payload.

Phishing sites like this one use free encryption keys to create an illusion of a safe, encrypted, legitimate site.

In the last few months, attacks using legitimate TLS certs appear to be rising. Part of the reason may be that obtaining a valid TLS certificate has become essentially free through CAs like Let’sEncrypt, and incredibly easy as mentioned before. As a result, phishing authors have capitalized on the opportunity and have been recently flooding the Internet with phishing sites spoofing legitimate sites like PayPal or bitcoin wallet providers.

Easily obtainable crypto keys can prove to be a sort of double-edged sword.

According to Rich West, security departments are, in a way, a victim of their own success. “They’ve pushed IT departments, vendors and app developers to better secure data in motion, but that creates new challenges for how to handle these encrypted flows,” he said.

Fortunately, by analyzing millions TLS flows, malware samples and packet captures, Anderson and McGrew found that the unencrypted metadata in a TLS flow contains fingerprints that attackers cannot hide, even with encryption. TLS is really good at obscuring plain text, but by doing so it also creates a “complex set of observable parameters” that engineers like McGrew and Anderson can use to train their data model.

For instance, when a TLS flow begins, it starts with a handshake. The client (like your Chrome browser) sends a ClientHello message to the server it’s trying to reach (like Facebook). The “hello” message includes a list of parameters, like what cipher suite to use, what versions are acceptable and a list of optional extensions.

ETA examines the ClientHello exchange, which holds many fingerprints that can be used to determine what traffic is malware.

TLS metadata like the ClientHello are not encrypted, because they transfer back and forth before the encrypted messages begin. This means Anderson’s model can analyze the unencrypted data with no knowledge of what is actually inside the message. And the model will then accurately categorize what traffic is malware and what is benign.

According to Anderson’s latest testing, not only does this approach preserve user privacy by not breaking encryption, but tests of ETA against large samples of  network data and malware samples show promising results for its accuracy. Using only NetFlow features, ETA catches malware about 67 percent of the time. When ETA is fed those NetFlow features with additional feature sets like Service Packet Length (SPL), DNS, TLS metadata, HTTP and others, the accuracy jumps up to more than 99 percent.

“The position Cisco is in,” Anderson said, “gave us all this data, and the Tech Fund Project allowed us to do this rapid prototype approach. It’s really invaluable, and allowed us to get some pretty powerful results quickly.”

With all the right resources, and as a result of their inter-departmental work, McGrew and Anderson have in two short years created a promising solution for a dire problem in cybersecurity.

McGrew said it’s a solution that likely could only have come from a company like Cisco, with both the resources and, just as important, the data to do it.

“For an engineer, for a scientist, being able to really focus on the technology is a fantastic privilege,” McGrew said. “Being a product engineer you don’t get to do that as often.”

Anderson’s hope is that ETA can be applied nearly anywhere through a software code update, and provide enforcement for encrypted malware at any location on the network. Any appliance handling network traffic could then be converted into a security appliance, even if its function is not security.

“I think it makes a lot of sense to push more of the decision making and enforcement to routers and switches,” Anderson said. “We can still train the models in the cloud, but we can push a lot of the intelligence to the network level. Me personally, I would like to see integration of this type of detection integrated into the actual data path, and [done] in an efficient way.”

Source: https://continuum.cisco.com/2017/06/20/security-without-compromise-how-cisco-engineers-used-machine-learning-to-solve-an-impossible-problem/?CAMPAIGN=Security&Country_Site=us&POSITION=Social+Media&REFERRING_SITE=LinkedIn&CREATIVE=Cisco%20Security

Author: Owen Lystrup


  • 0

Malicious Spam Comes Roaring Back and Cisco Email Security is Ready

Category : Cisco

“Did you get my email? The really urgent one? About funding for your new project?” “Maybe. I can’t tell. My inbox is full of spam and I am busy scrutinizing every email and domain name to make sure the sender is a valid person that I actually know and the attachment is a valid… Oh wait, now my screen is locked and someone wants bitcoins to reopen all my files.”

Far-fetched, perhaps, but it would be close to the truth without effective email security. Malicious email messages are the leading way in which attackers gain access to company networks and a critical point of vulnerability for organizations of all sizes. Ransomware is a billion-dollar industry and one of the fastest growing markets for attackers – and email is the most common delivery mechanism for it. Data breaches resulting from phishing attacks – also known as Business Email Compromise – are daily headlines. And spam, which had been at all-time lows for several years, is roaring back in astronomical volumes – and more spam messages are now malicious. In fact, without email security, for every 100 emails in your inbox, 65 would be spam, and five would contain malicious content. Which five are malicious? That’s where email security comes in.

Given the importance of email in running your business, the need for effective email security has never been greater. And fortunately, Cisco Email Security makes tackling each of these challenges easy. In a recent test by Opus One, Cisco Email Security was shown to have the best spam effectiveness and the lowest false positive rate against 5 other vendors. It can also be deployed with Cisco Advanced Malware Protection (AMP), our industry-leading solution that has been a leader in NSS testing for the past three years – detecting 100% of malware with the fastest time to detection in the most recent test. That’s a powerful combination – a one-two punch if you will – that helps you not just cut down spam, but drastically reduce risks from malware, spear phishing, ransomware and other sophisticated attacks. And Cisco Email Security is vastly more effective because it is part of our overall architecture and benefits from Talos, Cisco’s threat research team that continually incorporates up-to-date intelligence into all products and solutions in the portfolio.

Clearly, not all email security is created equal and “good enough” is no longer, well, good enough. So, of course, we decided to make ours even better. With our latest release of Cisco Email Security, we are improving an already threat-centric product, and adding features that offer even greater visibility into inbound and outbound threats, geo-location control over protection, and greater security for administrative access to meet today’s access policy requirements. Below is a quick overview of some of the new features that can help your organization gain more control and better protect against the latest email threats.

Better Protect Against Cyber Crime with Geolocation Based Filtering

When you have no business relationships with a given region and your email volume from that location suddenly spikes, you can be relatively certain that the content is malicious, possibly even targeted cyberespionage. When your CFO gets persistent emails from a geography known to produce sophisticated spearphishing attacks, the ability to quickly control email content based on the location of the sender better protects your executives against compromise.

With Geolocation Based Filtering, Cisco Email Security now enables organizations of all sizes to scan and block malicious content according to policies set for the country from which the emails originated. Emails can be whitelisted/blacklisted by country or, at a more granular level, content and message filter policy can be set to block, quarantine or filter emails based on the location of the sender.

Provide Strong Outbound Protection with Advanced Malware Protection (AMP)

Not only do organizations have to worry about the damage done by incoming malware, you can also face a loss of IP or domain reputation if malicious content leaves your organization via email. This can result in potential downtime, additional costs and creates additional work for already busy IT teams. Now with the same license, you can enable AMP to monitor both inbound and outbound emails.

But the value of AMP doesn’t stop there. AMP continuously monitors and analyzes all file activity, processes, and communications from the moment it hits your network until it leaves. If a file starts behaving maliciously at any point in time, AMP will detect it and retrospectively provide tracking and analysis to show where it’s been and what actions it’s taken, so that your security team can quickly and surgically remediate any issues. Only Cisco offers Advanced Malware Protection across the network, endpoints, and into the cloud, giving administrators the visibility and control needed to more quickly locate end users sending malicious files and remediate any issues.

Stronger Access Control with Two-Factor Authentication

Attackers often abuse privileged accounts to access critical data, stage breaches and create additional points of vulnerability and it is a risk that must be addressed by compliance teams in many industries. Cisco Email Security now offers Two Factor Authentication for access to Email Security Appliance (ESA), Cloud Email Security (CES) and Security Management Appliance (SMA), enabling a dynamic second factor for role-based access that can be enforced using a token or One Time Password (OTP).

To achieve more effective security, speed matters. So, Cisco Email Security now offers Engine Rollback, so that admins can rollback current engine and signature updates to previous versions. This gives IT teams the control they need to quickly take action and helps reduce the time it takes to detect and remediate problems.

With this release, Cisco also adds the most effective Data Loss Preventionfeature ever to ensure you keep your sensitive data where it should be. The new Cisco DLP solution delivers high-performance, comprehensive data loss prevention – helping organizations of all sizes prevent leaks, enforce compliance, and protect their brand and reputation.

How many emails did you get since you started reading this? How many spam messages and phishing attacks did your email security keep at bay, so you could find the emails your colleagues have sent with critical business content? With email and spam volumes continuing to rise, effective email security will remain a key priority for all organizations, regardless of size or industry. Look out for more blogs on this critical topic including information about federal certifications. In the meantime, is it OK if I have someone send you an email with more details?

Source: https://blogs.cisco.com/security/enhanced-visibility-and-control-with-cisco-email-security?CAMPAIGN=Security&Country_Site=us&POSITION=Social+Media&REFERRING_SITE=LinkedIn&CREATIVE=Cisco%20Security


  • 0

Why Firepower Threat Defense

Category : Cisco

Demo Friday: Why Firepower Threat Defense?

(Live Webinar June 16, 2017 at 1:00pm Eastern Time / 10:00am Pacific Time)

Get more from your NGFW with the fully integrated capabilities of Firepower Threat Defense (FTD). With integrated analysis from network to endpoint, Firepower Threat Defense helps you improve detection and early warning and more rapidly contain threats with automated network segmentation and remediation actions. Through its integration with other security solutions from Cisco and leading third parties, FTD shares intelligence, context, and policy controls consistently, helping you better achieve pervasive and consistent enforcement.

This session will include a side by side comparison of ASA and FTD and include a demo of the Firepower 2100 series.

Agenda

  • 45 minutes of demo
  • 15 minutes of Q&A

Register now


  • 0

Cisco Accelerates Digital Transformation with Enterprise Agreement Launch

Category : Cisco

This is exciting.

It has been just over a year since my first blog in which I stated, “To win in today’s market where disruptive startups and agile competitors are advancing on all sides, digitizing the enterprise to infuse greater agility and innovation is critical. This means transforming your operating model, which includes reimagining products and services and business models…” And in almost every blog since, I have touted the necessity of transforming your business and operating models to become a digital company.

By helping our customers reimagine both how they work (operating models) and the value they deliver to customers (business models), the completely refreshed Cisco Enterprise Agreement enables them farther along their digital transformation journeys and accelerates the pace of future progress. Here’s why.

A key barrier to digital transformation is complexity. In fact, the average amount of overspending due to complex software licensing is 25%*.  The evolution and alignment of Cisco’s operating model with its portfolio allows customers the flexibility to consume our innovation in a far more integrated way.

With the new EA, we have turned complexity into simplicity, a key enabler of digital business transformation. Now customers have a simplified buying model, a real-time consumption model view of licenses, and a blanket enterprise-wide contract. These capabilities allow customers to centralize license management, predict budgets, and have a strategic, multiyear relationship with Cisco.

The Cisco EA Improves Simplicity, Flexibility, and Growth—Three Keys to Digital Business Transformation

A guiding principle of Cisco’s own digital transformation is to provide more value through new business models and continuous innovation. Importantly, the new EA delivers the same abilities to our customers. They now have access to the latest improvements in Cisco software and applications across our networking, collaboration, and security portfolios. With this foundation, they can more quickly create and launch new business models that to win against disruptive competitors.

Next, the new EA encourages business success by giving customers a 20% growth allowance, eliminating retroactive charges, and providing a credit for existing solutions so customers always know the value of their Cisco investment is protected. In short, there is no longer a penalty for growth, a top business priority for any company fighting every day to thrive in a world of digital disruption.

The enemies of digital transformation are complexity, rigidity, and stagnation. The new Cisco EA removes these barriers and replaces them with simplicity, flexibility, and growth. This will enable our customers to transform their business faster, more successfully, and more securely than ever before.

* IDC Software Licensing and Pricing Predictions, 2016


  • 0

Cybersecurity Threat Landscape Has Grown Exponentially

Category : Cisco

Cyber crooks are now casting a wider net, attacking not just PCs and mobile phones but also Internet-connected devices like security cameras or routers, which has “exponentially” increased the risk landscape, Cisco CEO Chuck Robbins said today.

The $49 billion firm has a $2 billion security business and is helping customers across the globe devise their security strategy both proactively and reactively.

“The threat landscape is getting so much bigger. The distributed denial-of-service (DDoS) attacks where 50,000-100,000 IoT devices were enslaved in a botnet (Mirai attack), Wannacry. The risk is going to increase exponentially and we have to have a robust end-to-end architecture to actually solve this,” Robbins said at the Internet of Things (IoT) World Forum here.

He added that 71 per cent of executives around the world say cyber security concerns are slowing down their digital progress.

“We block 20 billion threats per day. We have a team of 250 threat researchers… Security is fundamental… You have to acknowledge that threats will get in, and you will have to build a similar strategy to make sure that you can identify, remediate and defending (against) them proactively,” Robbins said.

The US-based tech firm Cisco will launch its ‘IoT Threat Defense’ solution with features like network behaviour analytics and malware protection to provide visibility and analysis of traffic to and from IoT devices and detect anomalies, block threats, identify compromised hosts, and help mitigate user error.

Earlier this month, ‘Wannacry’ ransomware took on the world by storm, infecting thousands of computers globally, including in India. The malware locked computers and the cybercriminals demanded $300 in cryptocurrencies to unlock the devices.

While the government maintains that there were few stray incidents in India, various reports by security solutions companies said the Asian country was amongst the worst hit nations by Wannacry.

According to Cisco’S 2017 Annual Cybersecurity Report, such cyber attacks can impact operations, reputation, and revenue of organisations. Also at stake is unauthorised access to the enterprise’s networks, data and IP loss, and even business shutdown, the report notes.

With industries like manufacturing, healthcare and utilities like power companies introducing more Internet-connected (IoT) devices, it becomes pertinent that they have robust security systems in place.

Over the last few months, Cisco has ramped up its security operations in India to cash in on the burgeoning opportunity. Last month, it set up its fifth global cyber range lab in Gurugram to train Indian firms and government agencies on real-world cyber attacks.

The company has also set up a Security Operations Centre (SOC) in Pune — its fourth after the US, Poland and Japan — to provide a broad range of services, including monitoring of threats and its end-to-end management for enterprise needs. It will be linked to other Cisco SOCs across the world.

These centres are part of Cisco’s $100 million investment commitment to India.


  • 0

AMPlify your Security

Category : Cisco

See how our customers are enhancing their security posture with AMP for Endpoints

At Cisco we know that security teams are a critical piece of what’s possible in any organization and simplifying their job is of utmost importance to us. We believe that by allowing customers to see more, protect better and respond faster we can keep businesses more secure and make IT more productive.

We work hard to make AMP for Endpoints a powerful solution that provides our customers with the visibility and control they need to protect their organizations from today’s advanced attacks. We know there is no silver bullet when it comes to security technology and that with the expanding attack surface and evolving tactics and strategies of attackers, we’ve got our job cut out for us.

As we work to continuously strengthen and improve our AMP products, one thing we find incredibly important is user feedback. We make it a point to listen to and engage users early and often when we’re planning our roadmap and building product enhancements and integrations. Whether it be through our quarterly customer briefings, customer forums or various meetings and webinars, we believe the voice of the customer is an integral component to everything we do.

That’s why we are excited to share the results from our recent AMP for Endpoints customer survey! This survey was sent to 8500 global AMP for Endpoint users in numerous industries and of varying company sizes. We received 1060 responses.

Here are several quotations from customers and a few statistics from our recent survey that shows how AMP for Endpoints is making an impact.

These results are just a small view into what users had to say in our recent survey. To see more results and learn more about how AMP for Endpoints has helped organizations, contact us


  • 0

Now What? Moving Forward After the WannaCry Attack

Category : Cisco

Deep Breath. WannaCry surged into headlines fast – grabbing attention as it spread throughout networks and the world.

And it shows how crafty attackers are – as they continuously evolve ransomware (and other types of malware) to keep us on our toes. We know that ransomware has used email to infect computers. Web pages too. And now WannaCry (like Sam-Sam in 2016) has evolved to spread on its own inside a network, like the internet worms of yesterday, locking up other vulnerable computers. Yikes.

If you’d like a world-class, in-depth analysis, see our blog by Talos, Cisco Security’s threat intelligence team, for more on how WannaCry operates and how Cisco Security protects customers.

But back to that shifty ransomware. We have to protect our email. Web pages too. Prevent ransomware from getting onto endpoints. Now we see the network playing an important role. So what does this mean? It means ransomware, capable of doing damage in so many ways, underscores the need for defense-in-depth, as we’ve always known, with the right team backing up great technology to respond in worst-case scenarios.

First a best practices reminder. Make sure your organization is fully patched per Microsoft guidance and all the appropriate ports are blocked – Talos and Microsoft outline this in detail. Then consider how to bring layers of protection to bear to give you the best chance to stop ransomware.

This defense-in-depth thinking shaped our Ransomware Threat Defense solution, a set of products we’ve tested calling on layers of protection from DNS security to endpoint security to email to network security, to best keep ransomware at bay.

View a visual timeline of WannaCry Ransomware Defenses at Cisco.

Learn more on WannaCry from Cisco Talos security researchers in our upcoming webinar, OAuth Phishing and WannaCry Ransomware Attacks: Are You Protected? on May 18, 2017 at 1 p.m. ET / 10 a.m. PT.

Some key elements of Ransomware Defenses:

Ransomware Defense Solution

Fighting it in all the places where it tries to do damage.See how it works >

 

Network Security and Segmentation

Detect and block malicious network activity (on SMB connections in this case) and prevent lateral spread of malwareAdvance Your Defenses >

 

Endpoint Protection

Cisco Advanced Malware Protection (AMP) for Endpoints stops ransomware files from running on endpoints.Watch the 5 min overview >

 

Cloud Security

Block connections from malware to command-and-control servers on the internet.Cloud-Delivered Security >

Incident Response

Strengthening readiness and response to attacks.

Better Response to Attacks >


  • 0

It’s not if. It’s when.

Category : Cisco

How do you best defend against attacks that get stronger and smarter by the day? Make sure your security gets stronger and smarter too.

Cisco Security can help. Finally, a security approach that takes the burden off of teams and detects and remediates threats faster.

Move to more effective security with an integrated architectural approach that gives digital menaces less time to make their mark.

If you’re not on top of it, attackers will be.

Hackers have all the time in the world to lay foundations for crippling attacks—which means you have no time to waste in becoming less vulnerable. See how attacks are affecting other organizations.

  • 44% of security alerts aren’t investigated.
  • 49% experienced public scrutiny after a breach.
  • 22% lost customers because of attacks.
  • 29% lost revenue as a result of attacks.
What are you doing to stay secure in an expanding threat landscape?

View the cybersecurity report


  • 0

Cisco Security Integrated Solutions

Category : Cisco

Check out the new Security Operations Center in Cisco Experience Center Singapore and understand how an integrated security posture can protect customers against cyberattacks 24/7.


  • 0

Respecting Customer Privacy is Not an Option

Category : Cisco

There was recent news of a multi-billion dollar start-up that utilized an actual customer’s network environment for sales demonstrations.  To make matters worse, the practice went on for years, without the customer’s (which happened to be a medical facility) permission or knowledge (which had the potential of violating The Health Insurance Portability and Accountability Act of 1996 (HIPAA).  It is understandable for a company to want to demonstrate their products or services in a life-like manner, but data privacy and customer confidentiality are legal and regulatory obligations.  There are ways, however, to demonstrate products and services using data that is close to production while protecting your customer’s data, complying with your own company’s legal and regulatory obligations, and still produce a quality demo.

First, let us take a quick look at some of the reasons why maintaining the confidentiality of customer data is so important.  Beyond ethical and contractual reasons, there are also regulatory regimes and frameworks that span the globe that require the protection of personal data, such as HIPAA, Japan Personal Information Protection Act, OECD Guidelines, EU General Data Protection Regulation, and the APEC Privacy Framework.  In addition to legal and regulatory obligations, customers have become more ‘privacy aware’ in recent years, with increased attention to what data is collected, how it is used, who it is shared with, whether it’s sold or rented, and its eventual destruction.  A step to minimize privacy risk and exposure would be to de-identify or anonymize the data and set up a demo environment.

Anonymizing or de-identifying data prevents an observer from directly, or by aggregation and/or inference, identifying the actual person about whom the data relates (i.e., the data subject).  Properly anonymized data would no longer be Personally Identifiable Information (PII) if it were not possible to identify any individual data subjects.  De-identification, on the other hand, replaces PII with pseudonyms or alternative identifiers leaving only authorized users with the ability to re-identify the data subjects.

With a few simple steps, a company can anonymize or de-identify data to protect their customers, data subjects, and themselves.  For example, in Excel, a team can leverage formulas such as RIGHT(), REPT(), and LEN() to randomize or redact a social security number to show only the last 4 digits.  A macro can also be written to overwrite the original data for more complete anonymization.  The VBA code examples are also published on the internet and easily accessible to programmers.  Generalization is another way to accomplish this for data.  An example of generalization is taking specific data, such as household incomes $175,234, $64,502 and $32,324 and make them ranges “more than $150,000”, “between $100,000 and $50,000” and “less than $35,000”.  Other techniques include:

  • Data swapping: swap data across the table to make the original data locations and linkages randomized.
  • Randomization: using a mathematical formula to mix the data with random numbers or values.
  • Perturbation or Noise: add random values and mismatched data to overwrite and confuse the original data.
  • Redaction: suppressing or removing identifying data fields from the data set.

Anonymization or de-identification can provide your sales teams with data that is robust enough to give customers as realistic operation of the offering while fulfilling your legal and regulatory obligations and customer expectations of privacy and confidentiality.  The National Institutes of Standards and Technologies (NIST) has a robust guideline as well on de-identification: http://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf


Support