CASE STUDY

Preventing Data Leaks & Strengthening Security: A Federal Agency’s DLP Transformation

The Solution Strategy

Makpar started working on this program in 2017, expanding the existing DLP solution beyond email protection to include data at rest and data in use. Leveraging a deep understanding of the customer’s unique needs, Makpar tailored a DLP tool through extensive customization. The team developed custom Python APIs, Wise scripts, and VB scripts to enhance automation and integration with IRS data stores.

A key focus was refining detection algorithms to reduce false positives, ensuring that SSNs were accurately identified while minimizing unnecessary alerts. The solution also included proactive measures, such as eliminating USB drive usage to prevent unauthorized data exfiltration.

In addition, integrating data into Splunk provided real-time security insights, strengthening the customer’s overall cybersecurity posture.

Symantec (Broadcom) DLP Tool:

Customized to fit the customer’s unique requirements.

Customization is Key:

The off-the-shelf DLP tool required significant tailoring to meet the customer’s specific needs and reduce false positives.

Reduced Data Leakage:

The effort significantly decreased PII outflow, with only one or two serious incidents per year.

Challenge

The customer needed a robust Data Loss Prevention (DLP) system to protect Social Security numbers (SSNs) and other sensitive data across data in motion (email), data in use (on PCs/servers), and data at rest (stored data such as SharePoint). This initiative stemmed from a 2005 OMB mandate requiring federal agencies to implement DLP solutions.

While the customer initially prioritized data in motion, further enhancements were necessary to secure sensitive information comprehensively. In addition, minimizing false positives in SSN detection was critical to ensuring system effectiveness.

Tools Used

Python APIs, Wise Scripts, and VB Scripts:

Developed to automate processes and enhance integration.

Best Practices

Proactive Protection:

Implementing preventive measures, such as restricting USB drives, enhanced overall data security.

Data Visibility:

Continuous monitoring provided insights into sensitive data locations and exposure risks.

Benefits & Results for Clients

Main Benefits for Clients

Cost Savings:

The program saved an estimated $2 million annually by reducing the need for identity protection services.

Enhanced Cybersecurity:

The solution plugged critical data leakage gaps, notably improving security following high-profile data breaches.

Splunk:

Used to integrate critical data, enabling real-time security monitoring and dashboarding.

Collaboration:

Knowledge-sharing with other federal agencies and vendors strengthened the solution’s effectiveness.

Industry Recognition:

The customer was positioned as a leader in federal data protection, with other agencies seeking guidance.

Key Takeaways

  • Visibility is Paramount: The program helped uncover discrepancies between perceived and actual data protection levels.

  • Tailored Solutions Deliver Results: Customization of the DLP tool was necessary to meet the customer’s unique requirements.

  • Proactive Cybersecurity is Critical: The program’s success extended beyond DLP, influencing broader cybersecurity strategies such as Insider Threat detection.

Want to discuss how Makpar can help achieve your agency’s modernization goals? Get in touch with us today.