Data Loss Prevention (DLP) is both a strategy as well as software products and technologies that are designed to prevent critical information from being leaked by end users – either inadvertently or deliberately – outside of an organization’s network. The impact of data loss and leaks is staggering – the Ponemon Institute’s Cost of a Data Breach report puts the total cost of a breach at $3.92 million dollars and each lost record representing a cost of $150.
DLP software constantly monitors the movement of information through communication methods such as email, instant messaging and file transfers, when in use on an endpoint or stored on-premise or in the cloud, and alerts SOC analysts when malicious activity is suspected.
The system can be configured to respond based on pre-defined policy and rules to enable analysts to most efficiently investigate and respond to the alerts and prevent future incidents, yet the DLP system must be continuously monitored to assure proper configuration and execution of the strategy to prevent data leaks. A medium-sized organization could experience hundreds of DLP violations per day; augmenting DLP triage and response processes with automation is critical to mitigating risk.
DTonomy’s AI Assisted Security Orchestration Automation and Response (SOAR) Platform contains playbooks for DLP configuration workflows to provide real-time critical information about the robustness of the system’s security, and assist analysts in quickly triaging DLP alerts to mitigate security risk.
Customer Use Case 1:
DLP Configuration Assurance for SOC Teams
DLP policies are configured and implemented in email, cloud systems, and endpoints. It is important to assure that they are correctly configured at all times. This customer scenario demonstrates how they augment their DLP with automation to assure the email DLP policy is configured correctly.
This automation assures security teams that the DLP is configured correctly.
Customer Use Case 2:
Triaging DLP Alerts
DLP alerts are generated from a variety of different products including email, cloud systems, endpoints, etc. Due to the high volumes of alerts, analysts can be overwhelmed and many alerts can be ignored.
This customer scenario demonstrates how automated playbooks can help to resolve DLP alerts and mitigate security risk.
This automated playbook enables the customer to only have to triage 5 of 100 DLP alerts each day, reducing the meantime to resolution from 15 minutes to 2 minutes on 100 alerts. This improves the efficiency of the SOC team by 87% and reduces the false-negative number of alerts by 90%+.
When deployed in conjunction with a DLP solution, DTonomy’s playbooks autonomously and continuously test the validity of the system to ensure that a strong security strategy is being enforced while enabling security analysts to more quickly triage and respond to alerts.
See DTonomy AIR in action today! Request a demo.
