Once upon a time, protecting critical assets meant keeping printed confidential information in locked boxes labeled “Top Secret “. Today we live in the world of digital assets where corporations place a high priority on protecting their data, but often struggle to deploy effective solutions. Traditional DLP solutions concentrate on locking documents down. As defined by Gartner, enterprise DLP provides visibility into the location and usage of data across a company, applies policies based on content and context, and then enables companies to respond before any data exfiltration occurs.
Historically, DLP solutions have focused on the identification of sensitive data through traditional data strings. Albeit a reasonable place to start, these methods often produced many false positives and some false negatives. Data within an organization is ever changing, so maintaining complete and accurate control is challenging. Additionally, traditional methods lack context. While known strings are easy to detect (e.g. credit card numbers), accurately identifying and protecting IP and other sensitive data is a more significant challenge.
When a breach does occur traditional DLP solutions generally doesn’t provide the visibility that security pros expect from a full data loss prevention solution. The ability to investigate the events that led up to the breach, the attack strategy and the ability to gather evidence are crucial for most security teams.
Even though the ultimate goal is to prevent any type of data loss, we all know the weakest links in any security chain are the people. Focusing solely on the data is a limiting strategy. What most organizations need is the ability identify threats, quickly gain context as it relates to the employee causing the threat, so that action can be taken. Additionally, its crucial to easily and quickly do a forensic investigation, to identify vulnerabilities and all individuals involved in the data breach.
Veriato Cerebral provides Data Loss Prevention by continually monitoring every user on the network 24/7. Machine learning ascertains the behavioral patterns of both individuals and groups. It’s continually looking for anomalies and signs of threat as well as key words that identify important data. Risk scores will be assigned to all individuals, helping security teams focus on areas of high risk.
If an alert is sounded, IT security can immediately understand the context by reviewing screenshot videos. These searchable videos (along with logs and reports showing all data movement) are crucial for detailed (yet simple to execute) forensic investigations. For more details click here.
Veriato provides protection for the following data loss scenarios:
Veriato monitors and alerts when sensitive documents or IP is accessed, copied, printed or moved under unusual circumstances. Additionally, Veriato AI will monitor psycholinguistic patterns to detect disgruntled employees by monitoring their sentiment for possible signs of threat.
Because gaining context on traditional DLP alerts can be difficult, Veriato would allow the security team to gain immediate context of the employee’s actions by viewing screenshot videos of any employee’s actions, corresponding to a DLP alert time.
When an employee leaves a company, 69%* admit to taking valuable data with them. Veriato watches for changes in behavior that signify an employee is about to leave including, the sudden archiving of email, large data downloads or moving large volumes to cloud storage or even an unusual amount of email attachments. *Osterman Research, 2017
Veriato will watch all cloud uploads and if the user is suddenly printing unusual volumes or unusual data, security will be alerted.
Specialized documents can be simply added as keywords, so that if someone outside the privileged group (board members, c-suite, engineering management etc.) accesses the document, security will immediately be alerted.
Veriato will watch all USB sticks and removable storage devices and if the user is suddenly copying large volumes or unusual data, security will be alerted.
Veriato will watch all print jobs and if the user is suddenly printing unusual volumes of data, security will be alerted.