With data loss prevention (DLP) and insider threat management (ITM) are converging, organisations should take extra care when choosing solutions – according to CoSoSys, maker of Endpoint Protector.
Chris Roney, writing for CoSoSys, said in a blog post that an integrated, enterprise focused DLP is moving more toward integration with specific security solutions for specific technologies or aspects of the cybersecurity landscape.
“A similar shift is taking place in ITM as well as DLP. These two disciplines are merging, or rather, ITM is increasingly being viewed as a component of DLP,” Roney wrote.
Typically, solutions converge as companies seek better ways of dealing with long-standing threats while still focusing on new areas such as cloud security.
“For example, it was thought that DLP for email should be integrated with other aspects of email security to provide comprehensive coverage,” Roney added, noting also that separate DLP and ITM systems can conflict or duplicate functionality.
Noting that integrations can sometimes leave vertical gaps necessitating a “fill” with specialist DLP software, Roney said that data may not be sufficiently prioritised in protections offered with integrated DLP offerings.
“For example, in the case of email, such solutions ensure that every aspect of email transmission is secure, including that any data included in emails is not sensitive data,” Roney said.
“The goal of such solutions is to make email secure, not prevent data theft, data leakage, data exfiltration, or data breaches.”
On the other hand, ITM on its own risks not considering why users are a vector of vulnerability when it comes to data, Roney suggested. An example might be new hires that haven’t yet been fully trained in cybersecurity policy.
For example, Innovacer is one customer that used Endpoint Protector by CoSoSys not only to gain file exchange visibility but to protect data, especially with users working beyond the office on both Windows and Linux based devices.
In this case study, CoSoSys explained that the healthcare company wanted advanced control over data and help with malicious and suspicious activities.
Endpoint Protector’s device control module helps prevent data leaks by monitoring and controlling USB and peripheral ports, while the content-aware protection module protects data in motion with content inspection and contextual scanning of data.
The content-awareness module targets data leakage and data loss through various exit points such as web browsers, email clients, and applications like Microsoft Outlook, Skype or Dropbox.
The e-discovery module also scans data stored on endpoints, identifying confidential information, and allowing Administrators to take remediation actions, the company said.
( Photo by Artur Tumasjan on Unsplash )
