Data leaks and information disclosure caused by employees is an issue with which security teams regularly contend. Committing credentials to Github is one of the more well-known ways this issue arises. Recently, posting sensitive data on public Trello boards has also made headlines. In this post, we explore a way security teams themselves often unintentionally expose sensitive company information.
- User (usually a security analyst) submits a suspicious file or URL to a sandbox.
- Sandbox analyses the behaviour of the submission (by opening the file or visiting the URL) and provides the user with analysis results allowing them to determine if the URL or file represents a threat.
- Sandbox stores and makes publicly searchable the results of the analysis so other companies may inform and protect themselves.
How security teams can cause data leaks
URLs containing email addresses
Password reset emails
File Sharing Services
Electronic Signature Services
The increased availability of free and powerful URL scanners is a good thing. Sandboxes provide an accessible way for security teams, who are often resource-constrained, to quickly collect important context around suspicious URLs and files.