Security teams have a challenging job. They must manage an ever-expanding attack surface and protect huge volumes of data from bad actors who are constantly evolving their attack techniques. Research suggests roughly 21 billion devices could be connected to the internet at any given time. That could be 21 billion opportunities for a data breach or another incident to happen.
With increased attack surfaces and vulnerabilities in the era of work-from-home, security teams need more than just the right tools to do the job. They need to be able to apply imagination – something Einstein considered even more important than knowledge – to the work carried out with these tools if they are to achieve optimal protection.
Evolving defenses against cyber threats
According to IBM, the average data breach cost in 2021 was $4.24 million, a 10% rise from 2020’s findings. Gartner estimates that the worldwide information security market will reach $170.4 billion this year, due in large part to organizations evolving their defenses against cyber threats.
At the epicenter of this is data loss prevention (DLP), a category of tools that inspect content and contextually analyze data in any state. These tools automatically execute responses based on policies and rules set to limit the risk of inadvertent or malicious data exposure or leakage.
Effective DLP is a must-have
A strong DLP suite guards an enterprise’s data and helps incident response (IR) teams respond to and mitigate breaches. This is vitally important to the bottom line and reputation of the business, particularly in the era of the EU General Data Protection Regulation (GDPR).
In a post-pandemic world where remote working is the norm, the need for effective DLP has increased significantly. Aside from helping to manage the risk of external threats, DLP can assist SecOps teams with mitigating the risk of insider threats, such as an attacker who has compromised a privileged user account, abused their permissions, and attempted to move data outside the organization.
While there are instances of staff actively leaking data, many data leaks occur due to employees losing sensitive data in public, providing open Internet access to data, or failing to restrict access in line with organizational policies – often genuine mistakes which result from a lack of awareness and training rather than any bad intentions.
DLP helping SecOps teams in five key ways
SecOps teams are charged with protecting data on a network or endpoint in each of its forms: at rest, in use, and in motion. To be in the driver’s seat and create the appropriate rules or policies to protect data across these three classifications requires teams to understand their environment fully.
This is why organizations should consider implementing a flexible, scalable XDR (extended detection and response) architecture that can seamlessly integrate with their current security tools and connect all the dots to eliminate security gaps. With native integrations and connections for security policy orchestration across data and users, endpoints and collaboration, clouds and infrastructure, an XDR architecture provides SecOps teams with maximum visibility and control.
DLP is a key component of XDR because it provides intelligence in addition to protecting an enterprise’s data. DLP works within an XDR ecosystem in five key ways:
1. Collecting information regarding sensitive data: With DLP, practitioners can conduct two types of searches on captured content: forensic investigation (looking for keywords in files, emails, message attachments and headers so a practitioner can locate sensitive data that is out of place) and rule tuning (analyzing captured data so teams can efficiently alter the rules in a capture search to get the information they need more quickly, with more accurate results).
2. Scanning network systems to identify and protect sensitive files and data: DLP components are not limited to keyword searches – DLP can extract data from picture files for sensitivity according to enterprise rules. It can then remediate these files according to those rules, by encrypting them in situ, moving them to an encrypted storage point, or assigning the file a fingerprint. If a data leak occurs, that fingerprint allows teams to identify which files have been moved.
3. Device monitoring and control: From USB drives and USB-C to tablets (or any other device connected to laptops, desktops, or servers), files and removable media protection (FRP) protocols can be integrated with endpoint DLP to protect data. For example, DLP can enforce a rule that a USB drive with sensitive information can only be opened on a company-owned device.
4. Customizable database security: It offers the ability to automatically check that all relevant patches have been installed in a timely manner, flagging any nodes needing updates and alerting the systems administrator. By monitoring transactions in real time and identifying whether all installations are up to date, teams can better identify malicious activity.
5. Providing intelligence to identify what data has been compromised: When combined with any applicable anomalous user behavior analysis, DLP provides a basis for a more efficient IR workflow and makes the response team’s job easier when – not if – a data breach occurs.
A critical tenet for any SecOps team
Knowing what to protect, even before establishing protection, is key. So much so that comprehensive data visibility is a critical tenet for any SecOps team. Achieving this enables security teams to have the flexibility to create data protection parameters tailored to their own specific needs, creating an environment where the only limit on what they can achieve is their imagination. This is core to implementing DLP that not only addresses the vast array of threats and challenges they face today, but also puts them ahead of the curve for what is to come.