Data Loss Prevention (DLP) vs Data Threat Protection (DTP)
Massimo A.
Google Cloud Sales - Customer Engineer - Infrastructure Modernization - Public Sector
"Chalk Talk" on Cybercrime
- Is the best defense the behavioral analysis?
- Is the best defense the attack..., ..., so, whenever you notice weaknesses, you hang on to it and try to fix it?
Leveraging the behavioral analysis in order to increase security levels and counteract cybercrime attacks.
With this new approach, you can switch from Data Loss Prevention (DLP Logic), maybe no longer available/applicable in the era of Big Data, to dynamics of Data Threat Protection (DTP), capable of identifying anomalies in Data Streams.
(1) Data Loss Prevention (DLP)
Data Loss Prevention asks every customer to carry out an in-depth analysis of all the data present in the Company for the degree of confidentiality and importance.
After that phase, every DLP system is limited to implementing the rules on the handling of the defined datum: and this is the main limit of a DLP Project, since the dynamism to which the Company Data is subject does not always allow it to be placed inside precise and codified procedures.
[moreover, consider the cost of analysis and the fear for negative impact on business productivity]
(2) Data Threat Protection (DTP): Analyzing User Behaviors
The real weak link of any security continues to be only one: the user!!!
We should not focus solely on the patterns of attacks, but analyzing user behaviors to bring out policy violations, compliance violations, and/or abnormal traffic from endpoints that make it think of a compromise in data confidentiality.
It is necessary to have a strong language strategy to protect critical data, monitoring all flows technically observable and including, not only the repository where the data is located and their handling, but also the actions of the user who access, move or alter the data, including precursor events.
The main advantages for DTP strategy is: Information Protection, very simple to implement, does not require (in its DTP approach) any complex activity of data classification or finger print of the same.