DLP Data Detection Techniques
DLP Data Detection Techniques are critical to understanding which DLP solution will be the most effective in accurately identifying an organization’s unique sensitive data types. Unfortunately, the detection methods are not discussed much these days. I think this is because most buyers would quickly recognize why DLP tools have a reputation for ineffectiveness (false positives/negatives, etc.).
The reality is that these detection methods have everything to do with the success or failure of any data protection effort. Generally speaking, there are two main categories of detection techniques: Content and Context. As you might guess, the content-focused approach inspects the textual content of the data in question. Content is an ever-changing target and can be modified in order to hide sensitive content, not to mention the fact that in many cases, data does not have any identifiable textual content to key on.
By contrast, data context provides additional detection elements that are factual and do not change. In the same way that individuals have a factual, unchangeable place and date of birth, so too, does data. These contextual elements include: data origin/provenance, data interaction with users/groups/applications, data destinations (staging locations, endpoints, network shares, cloud and SaaS apps, websites, endpoint apps, etc.), data activity (file open, move, copy, rename, delete, etc.).
Combining content detection techniques with the unchanging, factual context elements listed above, facilitates more accurate detection of sensitive data. This is especially true of data types that do not include much (if any) textual content or that simply don’t fit the traditional identifying data points like credit card or social security numbers.
If you’ve ever questioned why your DLP solution is so false-positive prone, it’s very likely the result of too much reliance on content inspection techniques. Most traditional DLP tools do not offer much in the way of context information beyond simple source/dest, sender/recipient (of the last known action or location). It’s time to consider a new approach to data protection: Cyberhaven (https://lnkd.in/eDrguK3h)