M1057 Data Loss Prevention
Use a data loss prevention (DLP) strategy to categorize sensitive data, identify data formats indicative of personal identifiable information (PII), and restrict exfiltration of sensitive data.1
| Item | Value |
|---|---|
| ID | M1057 |
| Version | 1.0 |
| Created | 04 August 2021 |
| Last Modified | 30 August 2021 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Addressed by Mitigation
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1005 | Data from Local System | Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted. |
| enterprise | T1025 | Data from Removable Media | Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted. |
| enterprise | T1048 | Exfiltration Over Alternative Protocol | Data loss prevention can detect and block sensitive data being uploaded via web browsers. |
| enterprise | T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Data loss prevention can detect and block sensitive data being uploaded via web browsers. |
| enterprise | T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Data loss prevention can detect and block sensitive data being sent over unencrypted protocols. |
| enterprise | T1041 | Exfiltration Over C2 Channel | Data loss prevention can detect and block sensitive data being sent over unencrypted protocols. |
| enterprise | T1052 | Exfiltration Over Physical Medium | Data loss prevention can detect and block sensitive data being copied to physical mediums. |
| enterprise | T1052.001 | Exfiltration over USB | Data loss prevention can detect and block sensitive data being copied to USB devices. |
| enterprise | T1567 | Exfiltration Over Web Service | Data loss prevention can be detect and block sensitive data being uploaded to web services via web browsers. |