Zero Trust DLP—A Knock-out Punch for Legacy DLP and UEBA?

Knock, knock.

Who’s there?

The future?

The future who?

The future of people-centric data loss prevention.

Wake up people! It’s humans that move files, change documents, print spreadsheets, and upload files to Google Drive before they give their resignation. Data, machines, and applications don’t have arms or legs, hands or feet—they simply do what a human user tells them to do. Enough of trying to write rules and policies that require pre-determined data classification and identification of crown jewels; the whole exercise is like a dog chasing its tail!

Understanding human intent is the most important element of a data security and loss prevention strategy that will work in today and tomorrow’s virtual economy driven by a distributed workforce highly dependent on SaaS applications.

Why?

1. Content detection that triggers on every file using heavy endpoint agents is archaic, often creates more questions than answers, and routinely ‘blue screens’ user machines as they are trying to do their jobs.
2. Heavy on-premises deployment models only deliver partial data-lifecycle visibility.
3. Lack of context and user behavioral analysis informing automated prevention actions results in a high number of false positives.
4. Configuration and administration of rules and policies comes at notable cost and time commitment for endpoint security specialists.

Yesterday, here at DTEX Systems, we announced the release of DTEX InTERCEPT for Zero Trust Data Loss Prevention. To the best of our knowledge, the solution is the industry’s first and only Zero Trust ‘People-Centric’ Endpoint DLP product and it seems leading industry analysts and customers agree.

“Modern DLP requires a multi-faceted approach, which the InTERCEPT platform embraces. By utilizing machine learning and “next-generation” behavioral analytics, DTEX looks to address the limitations it sees with today’s approach to DLP by looking broadly at a number of vectors when assessing how any piece of information is being used,” said Paul Stringfellow, Senior Analyst with GigaOm. “DTEX does not rely solely on data classification, though it still plays a role in its approach. This solution instead uses a data lineage approach, not looking at individual data actions in isolation but rather at the who, what, where, when, and why of usage to build a more detailed and accurate picture of user intent.”

“With DTEX InTERCEPT, we understand what is happening to our data, who is using it, and where it is going, because we can truly evaluate behavior,” said Bruce Moore, CIO at the Victorian Rail Track Corporation. “If important data is being used or replicated in ways that seem abnormal or unnecessary, such as attempts to copy to external drives or uploads to non-corporate cloud storage sites, this signals a risk. If this behavior is negligent, we can take steps to educate the user. If it is malicious, we can take appropriate action to ensure that data meant for our organization, stays within our organization.”

Below is a breakdown of the 7 Behavioral DLP capabilities that DTEX InTERCEPT for Behavioral Data Loss Prevention provides to help cyber security pros meet the dynamic needs of today’s distributed organization.

• Workforce Behavioral Intelligence & Analytics: DTEX InTERCEPT for Zero Trust Data Loss Prevention demystifies the context and intent of human behaviors without violating the trust and privacy of employees. DTEX utilizes data science to collect, analyze, and baseline acceptable user behavior by role, department, and geography. Alert stacking and activity scoring algorithms accurately detect deviations that precede data loss events and prevent data loss resulting from compromised, malicious, and negligent behaviors.

• 360 Degree Enterprise DMAP+ Visibility: DTEX InTERCEPT employs continuous, lightweight endpoint meta-data capture and behavioral monitoring across every Windows, Mac, Linux, and Citrix endpoint and server, both on and off network. More than 500 data elements are collected, analyzed, and used to continuously update a forensic audit trail of scored user behaviors and made available to analysts in real-time for response and investigations.

• File Lineage Forensics & Auditing: DTEX InTERCEPT for Zero Trust Data Loss Prevention delivers a full audit history detailing file activity to enable a real-time, contextual understanding of the severity of ‘indicators of intent’ that precede a data loss event. It delivers a full audit trail of who is involved and when each file is created, modified, aggregated, obfuscated, archived, encrypted, and deleted. These added attributes provide a clear distinction between normal activity and true data loss scenarios.

• Sensitive Data Profiling: DTEX InTERCEPT’s sensitive data profiles and analytics addresses issues caused by traditional DLP solutions by inferring sensitivity based upon file lineage, file location, creation, user role, file types, and many additional file attributes. This telemetry is correlated with a user’s behavior profile, as well as leading data classification tools, to detect data loss without reliance on content-aware rules. This dramatically decreases false positive events, the time needed for administrators to tune rules, and analyst time to investigate data loss alerts.

• Risk-Adaptive Data Protection: DTEX InTERCEPT protects sensitive data and IP from leaving an organization with multiple, highly accurate and dynamic enforcement capabilities. Data loss is prevented intelligently when a user’s behavioral risk score exceeds an organization’s threshold by blocking specific application processes and network connections that are not part of normal or approved workflows. This includes blocking FTP, large files in email, and access to certain cloud services. Additionally, SOC teams and analysts can remotely remove a user’s credentials and lock them out of their device. These risk-based blocking features best meet the requirements of today’s distributed workforce, reduce operational overhead, and eliminate false positives.

• Regulatory Data Loss Compliance: DTEX InTERCEPT supports a balanced and proportional approach to data loss prevention that exceeds the requirements of regulatory mandates with out of the box compliance for HIPAA, CCPA, GDPR, SOX, PCI DSS, ITAR, and others.

• Cloud Architecture & Interoperability: DTEX InTERCEPT’s SASE architecture introduces a lightweight forwarder that requires no more than 3-5MB of bandwidth per day per endpoint and utilizes less than 1% CPU. Data is collected and synchronized in near real-time with DTEX’s Cloud Analytics Engine for analysis, detection, and prevention, eliminating the likelihood of user productivity issues and ensuring seamless interoperability with NGAV, IAM, and UEBA solutions.

The future of data loss prevention and protection is people-centric, not data-centric. DTEX InTERCEPT for Zero Trust Data Loss Prevention takes a human approach utilizing hundreds of meta-data elements that genuinely express a user’s actions and intent when interacting with data. No more false positives; simply real-time, risk-based scoring of risk to data that prevents exfiltration events.

The future is HERE! In fact, I’m presenting on this topic at tomorrow’s SANS Institute’s Virtual Data Security Summit. That’s Friday, November 12th 11:55 AM – 12:30 PM EST. You can (and should!) register here: https://www.sans.org/webcasts/data-security-solutions-forum-118145/.