X-Day is February 15, 2018GDPR deadline sooner than most think
What is X-Day?
X-Day is short for Exfiltration Day, and represents the date 100 days prior to the inception of the General Data Protection Regulation (GDPR) on May 25, 2018. FireEye’s M-Trends 2017 noted that it took organizations an average of 99 days between data breach and discovery. Most companies breached after February 15th, 2018 will only discover the attack after GDPR is in force, a situation which could have real-world consequences.
As DNS is rarely monitored, it has been found to be one of the most discrete and widely used options for cyber criminals to carry out data theft. Proper protection of this protocol is essential when observing GDPR rules- far too many organizations rely on legacy solutions that perform only peripheral analysis, allowing confidential data to be exfiltrated without triggering any alarms.
Below are resources to help make sense of GDPR compliance, understand data exfiltration and tunneling via the DNS, and learn how to mitigate breaches through secure DNS architectures.