DATA LOSS PREVENTION (DLP)
DLP is an established market in security, filled with long-standing providers that offer platform solutions to help buyers detect, identify, monitor and/or control the flow of their sensitive data. Despite the DLP market's maturity, there remains some fundamental gaps in capabilities — mainly the ability to identify and classify data that misses canned "detection filters."
Detecting data exfiltration must use analytics to watch other indicators, like data movement, activity, popularity and the like. And incorporate even more watch factors about user profiles, such that they can be linked to data (documents) in order to better identify, or set, risk thresholds.
Customer data losses are sometimes accidental (e.g., losing a laptop containing tens or even hundreds of thousands of customers records), but the data loss that enterprises need to monitor most closely are the deliberate acts
With big data, identifying behaviors that are indicative of data exfiltration is challenging within today’s SIEM vendors
Use existing open source big data technology to collect sensor data in real-time
Detecting anomalous behavior with unsupervised and supervised learning models in SIA
- Baseline user activity
- Detect deviation from the norm, i.e, z score
- Machine Learning to detect patterns