GDPR Data Protection Checklist for Enterprises

Data protection laws, such as the EU General Data Protection Regulation (GDPR) and the U.S. California Consumer Protection Act (CCPA), have become a compliance focal point for organizations worldwide. These types of laws are paramount in regulating the processing of personal data and have driven significant changes in the ways enterprises collect, process, and, most importantly, protect personal data.

Keeping data secure is a primary focus for businesses across the globe. This is important for enterprises conducting business in several areas of the world, such as Europe, not only from a legal compliance standpoint but also from a trust standpoint. Users and potential customers feel more confident working with a business they know values the protection of their personal information from cyberthreats.

General Requirements of Data Protection Laws

Data protection laws generally require that controllers and processors utilize necessary technical and organizational measures to ensure an appropriate level of security based on the risk, taking several elements into account: current best practices, implementation costs, and the likelihood and severity of the risk to the rights and freedoms of natural persons. These requirements must be followed, even in some cases in applicable regions in which the enterprise conducts business. This holds true if the organization has no physical presence in that location.

GDPR Compliance with Arbor DDoS and Omnis Network Security Solutions

Section 2, Article 32

GDPR Section 2, Article 32 is “the heart of the GDPR” for security professionals. This article lays out the requirements for the protection of personal data, including the following examples:

• “The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services” (Article 32:1 (b))
• “The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident” (Article 32: 19 (c))
• “A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing” (Article 32:1(d))

These elements all align with the capabilities of NETSCOUT’s Arbor distributed denial-of-service (DDoS) and Omnis Cyber Intelligence (OCI) solution sets. For Article 32, we have created a checklist that may help assess how you can use Arbor and Omnis solutions to protect your networks and applications against attacks targeting personal data.

Several common vulnerabilities exist in enterprise networks that may implicate GDPR compliance if they are not solved. Arbor solutions help close off many of the doorways these vulnerabilities open. See below for a list of five vulnerabilities you may be facing and how Arbor can help prevent them:

1. Reliance exclusively on stateful devices such as load balancers, firewalls, and intrusion-prevention systems (IPSs)
   • These devices are susceptible to state exhaustion DDoS attacks. Arbor DDoS protection solutions provide an intelligently automated, layered, fully managed combination of on-premises and in-cloud DDoS attack protection.
2. Inability to protect your connection to the internet from saturation due to volumetric DDoS attacks'
   • Arbor DDoS protection provides automatic countermeasures to stop many types of DDoS attacks, including volumetric, TCP state exhaustion, “low and slow” application-layer, and more-advanced threats—both inbound and outbound.
3. Inability to detect stealthy “low and slow” application-layer and multivector DDoS attacks that crash servers
   • Many cloud service providers struggle in this area. Arbor Cloud Signaling intelligently and automatically connects local DDoS protection with Arbor Cloud DDoS protection services for the mitigation of attacks that cannot be managed by your on-premises deployment.
4. Inefficient and manual DDoS mitigation due to time lost communicating and coordinating with cloud service providers during attacks
   • Arbor Cloud offers multiple Tbps of global in-cloud mitigation powered by a security operations center (SOC) staffed 24/7 with highly trained DDoS protection experts.
5. Outdated DDoS protection because you cannot easily update your threat intelligence and DDoS policies to handle scale and encrypted traffic
   • Arbor solutions support a wide range of mitigation platforms and capacities, from 2U appliances (1Gbps–160Gbps) to virtual software (sub 1Gbps) to multiple Tbps of global Arbor Cloud protection.
   • Arbor offers unified DDoS attack protection for hybrid cloud environments, such as a combination of on-premises and AWS environments.
   • Arbor offers in-box Secure Socket Layer (SSL) decryption capabilities for identifying threats hidden in encrypted traffic.
   • Atlas Intelligence Feed (AIF) continuously updates with the latest DDoS protection based on up-to-date global threat intelligence from NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT).

Section 2, Article 33

GDPR Section 2, Article 33 deals with notification of personal data breaches to proper supervisory authorities. This article’s requirements include:

• In the event of a data breach, enterprises shall, without undue delay and, where feasible, not more than 72 hours after becoming aware of the breach, notify the supervisory authority of the personal data breach (Article 33:1)
• The degree of compliance can affect the level of financial penalties. The supervisory authority takes into account “technical and organizational measures implemented by the enterprise pursuant to Articles 25 and 32” (Article 82: 2 (d)) and “the manner in which the infringement became known to the supervisory authority, in particular, whether, and if so to what extent, the controller or processor notified the infringement” (Article 83: 2 (h))

The speed with which Arbor DDoS protection solutions can detect a breach may be a strong contributor to maintaining GDPR compliance, helping avoid financial penalties, and building trust with customers.

Again, the Arbor and Omnis solutions aid in combatting several vulnerabilities tied to the timely reporting of data breaches. Here’s a checklist showing how Arbor and Omnis may help address five common issues related to timely reporting of breaches:

1. Sole reliance on perimeter protection to detect and block data breaches from complex advanced threats
   • Arbor solutions streamline security workflows to detect and investigate threat activity across the network faster than traditional security solutions
2. Inability to detect a data breach in real time
   • Get real-time visualization of indicators of compromise (IoC) to view trends in new indicators and network activity
3. No visibility into the full extent of a data breach
   • Understand the full extent of a data breach with visibility that powers the identification of cyberthreats for impacted hosts and network connections
4. Difficulty correlating past activity with a current breach
   • Workflows exist for the investigation of past breach activity from full packet-level network archives
5. A lack of global threat context to help prioritize security resources to respond to breaches
   • Automatically apply the latest threat intelligence from AIF’s internet threat visibility and high-fidelity attack campaign indicators to your internal network activity

Section 1, Article 25

GDPR Section 1, Article 25 outlines the general obligations that must be taken to ensure data protection by design and by default. This works to enforce security planning from the ground up when planning security systems, by requiring businesses to “. . .implement appropriate technical and organizational measures . . . which are designed to implement data-protection principles . . . in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects” (Article 25:1).

The Arbor DDoS protection suite and Omnis Cyber Intelligence help strengthen cyberdefenses from the ground up. This helps to prevent threats from entering networks and to reduce the impact of DDoS and other cyberattacks. Multiple solution features can be used to minimize the following three vulnerabilities:

1. Reliance on manual and event-specific security processes against DDoS and advanced attacks
   • OCI provides automation of policies and processes such that, by default, data protection against DDoS and advanced threats is built in. For example:
     • Automatic detection and mitigation of attacks
     • Key incident response and security operations workflows
     • Integrated on-premises and cloud DDoS protection
2. A lack of global threat context to help prioritize security resources to respond to breaches
3. Reactive rather than proactive tools for what threats might come next

For the last two vulnerabilities here, NETSCOUT makes ATLAS global threat intelligence available via a separate license so that its continuously updated threat intelligence can provide context and a proactive security posture against DDoS and advanced threats.

Arbor DDoS and OCI Support GDPR Data Protection for Enterprises

Enhance user data safety and GDPR data protection compliance efforts in the enterprise with Arbor DDoS and Omnis network security solutions. These solutions provide automated response and mitigation for advanced threats and DDoS attacks to help maintain availability and protect sensitive user data. GDPR standards for data compliance require secure processing and storage of personal data, notification of personal data breaches, data protection by design and by default, and more. Arbor DDoS and Omnis network security solutions provide key tools to support GDPR compliance within an enterprise security stack.

The NETSCOUT solution helps assure data protection via Arbor and Omnis products. TheArbor DDoS protection solution protects against the following five specific vulnerabilities, in addition to many others:

1. Stateful devices and state exhaustion attacks
   • Arbor Edge Defense (AED) helps protect against attacks that firewalls, including next-generation firewalls, cannot. This stateless appliance lives on the network perimeter and is designed to stop attacks before they reach the core of the network.
2. Protection against volumetric attacks
   • Volumetric DDoS attacks overwhelm networks. Arbor DDoS solutions help identify this malicious traffic and, for Arbor Cloud customers, reroute it to worldwide scrubbing centers so that legitimate traffic is able to reach key networks and applications.
3. Detection of stealthy application-layer attacks
   • Arbor solutions have visibility into even the sneakiest of DDoS attacks. With packet-based intelligence, even stealthy application-layer attacks can be quickly identified and mitigated.
4. Efficient DDoS mitigation
   • Swift identification of DDoS attacks helps expedite mitigation. Early detection allows security teams to act quickly and employ mitigation measures faster than ever.
5. Updating threat intelligence and DDoS policies
   • AIF is a consistently updated database of the latest DDoS threats. Automatically block the majority of current known threats with this data feed that is available for direct integration with Arbor and other products.

Learn more about NETSCOUT’s  Arbor DDoS and Omnis network security solutions.