DLP is not enough for Cybersecurity

Insider threat landscape

In today’s modern world, we are constantly trying to attain a seamless business execution leveraging cloud, mobility, and other growth channels. While we are constantly engaging ourselves in addressing risks pertaining to cyber-attacks, intrusions, company reputation, and retaining customer and external threats and DLP seems to be the optimum solution adopted by CXOs/CISOs.

Data revealed by eminent research organizations point out that more than 70% of cyber-attacks are focused internally. Employers are led to being vulnerable with the leak of sensitive information, due to which insider monitoring has now become a need of the hour. Data Leak Solution (DLP) has become a de-facto standard for CXOs/CISOs. Along with patching the systems with DLP, CXOs/CISOs are focusing on adding more endpoint products to address issues pertaining to data compliance (Asset management), software compliance (Piracy), and seasonal attacks (Ransomware, anti persistent threats, malware). Hence the layered approach is enforced with an endpoint installed with multiple agents.

So what went wrong at the product level?

End users inconvenience – The existence of multiple endpoint products has started to impact the end-user experience.

TCO Impact – CXOs/CISOs are facing challenges justifying the viability of disparate endpoint systems and associated queries from the board, post-deployment.

Hidden Cost – The cost incurred due to drilling multiple reports from endpoint products that include the cost of taking an action to an incident, cost of analytics, inclusion of multi-product scenario has eventually led to an overall increase in TCO pertaining to generating ROI.

Identifying the right offender – Difficulty in narrowing down on mala-field and disgruntled users before they move out of the net.

Seasonal Impact – Effects of attacks such as WannaCry and Botnets are making life more difficult for CXOx/CISOs.

Multi-device – It is extremely difficult for the CXOs/CISOs to monitor all devices under one roof.

The bottom line is that the traditional end-user onboarding (best of the breed) model is facing a steep decline.

Ground challenges faced by CXOs/CISOs during the DLP implementation process:

While CXOs/CISOs started solving the insider threat puzzle, what came out was a surprise of operational issues:

Early Warning Signals – Absence of appropriate resources that could help in narrowing down employees who could be potential insiders based on their behavior patterns.

Architecture Maturity – Lack of flexibility while implementing an endpoint product is a problem for CXOs/CISOs.

Process Integration – OEMs just offer an out-of-the-box manual with no concentrated efforts towards understanding the company process. While CXOs/CISOs expect the process to be overlooked during the deployment of solutions that monitors employee activity, to be in adherence with the company process.

Co-creation – A common issue haunting CXOs/CIOs is the inability of the OEMs to understand the pressure points and offer software accordingly.

Analytics – CXOs/CISOs face difficulty in delivering data due to the existing pre-defined reporting structures and formats.

Development Support – Access to development kits, OEM technical team support, and unavailability of APIs prove to be a big challenge while adapting to new technology.

Block Mode – CXOs/CISOs highlighted running DLP on a block mode as a big challenge, mainly due to operational and cultural issues.

Management Reporting – CXOs/CISOs addressed this factor as the most time-consuming one.

Summarizing the expectations of CXO/CISO from endpoint solutions:

  • The need for an integrated endpoint solution capable of monitoring all devices and applications from a single client.
  • No impact on user convenience and experience due to low run-time impact at the device level.
  • Early warnings before the leak happen.
  • A system that can monitor user behavior, application usage and provide an integrated view then create a granular policy, reducing the tedious data classification task.
  • Understand the business processes and adapt to co-creation.
  • Immunity from attacks such as Ransomware and Malware.
  • Display unknown scripts, which are executable in nature that is being entered into the organization with outbound connections.
  • Stop users from executing pirated applications or infected machine propagation.
  • Monitor user productivity across business applications and remove non-productive applications hurting the IT investments.
  • Software should help in managing data confidentiality and integrity of data leak and encryption while providing application and device control.

Download the whitepaper at https://downloads.dataresolve.com/resources/whitepapers/dlp-is-not-enough/