Skip to content

M1057 Data Loss Prevention

Use a data loss prevention (DLP) strategy to categorize sensitive data, identify data formats indicative of personal identifiable information (PII), and restrict exfiltration of sensitive data.1

Item Value
ID M1057
Version 1.0
Created 04 August 2021
Last Modified 30 August 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Addressed by Mitigation

Domain ID Name Use
enterprise T1005 Data from Local System Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted.
enterprise T1025 Data from Removable Media Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted.
enterprise T1048 Exfiltration Over Alternative Protocol Data loss prevention can detect and block sensitive data being uploaded via web browsers.
enterprise T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol Data loss prevention can detect and block sensitive data being uploaded via web browsers.
enterprise T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol Data loss prevention can detect and block sensitive data being sent over unencrypted protocols.
enterprise T1041 Exfiltration Over C2 Channel Data loss prevention can detect and block sensitive data being sent over unencrypted protocols.
enterprise T1052 Exfiltration Over Physical Medium Data loss prevention can detect and block sensitive data being copied to physical mediums.
enterprise T1052.001 Exfiltration over USB Data loss prevention can detect and block sensitive data being copied to USB devices.
enterprise T1567 Exfiltration Over Web Service Data loss prevention can be detect and block sensitive data being uploaded to web services via web browsers.

References

Back to top