Protecting PII is Still a Problem
Protecting PII is one of the central challenges for today’s enterprises. Firms large and small invest heavily in security budgets to ensure their networks are well protected and data remains intact.
But before organizations can protect their sensitive data, they need to be able to identify it.
All large organizations seeking to protect personal data, particularly for compliance reasons, usually use Regular Expressions and Templates (based on REGEX) in order to detect files containing PII.
The problem with these models, however, is they employ definitions that are too generic to accurately categorize data on a modern network. This lack of nuance and specificity often triggers waves of false positives. This tends to overwhelm security teams and makes the solutions completely impractical.
Not only are these alerts disruptive from an operations perspective, but they are also costly. IT and security end up pouring time and resources into responding to alerts that are completely irrelevant. This in turn ends up hurting security as analysts struggle to distinguish between false alarms and actual threats.
In order to detect personal data both efficiently and reliably, enterprises need a more sophisticated approach, one that uses a variety of markers to accurately categorize the full spectrum of company files and data sets.
Efficient & Reliable Detection
GTB’s Differential Fingerprinting for data categorization allows for multi-column policies to detect PII. The model uses contextual methods to spot files containing personal identifying information such as the proximity of names and policy or account numbers. With this system, data is detectable in all states, when in motion, at rest, or at the endpoint. This ensures both stored data and data in the process of exfiltration can be identified.
The efficacy of this approach has been demonstrated across multiple industries. Why is it then, that large corporations are not utilizing such an effective detection methodology?
The answer: inability to scale.
Large corporations typically host millions of records in their databases. Adding fingerprint markers to the entire database can result in inflated data volumes with even small files ballooning into 100GB packets. Downloading, transferring, and otherwise working with files of this size is exceedingly difficult and can grind operations to a halt.
The solution lies in a gradual transition approach, updating individual workstations during after-hours, one department at a time. In this way, GTB’s Differential Fingerprinting technology can be deployed to update the changes to fingerprints from the previous runs only allowing a smooth and uninterrupted transition.
Visibility: Accurately, discover sensitive data; detect and address broken business process, or insider threats including sensitive data breach attempts.
Protection: Automate data protection, breach prevention and incident response both on and off the network; for example, find and quarantine sensitive data within files exposed on user workstations, FileShares and cloud storage.
Notification: Alert and educate users on violations to raise awareness and educate the end user about cybersecurity and corporate policies.
Education: Start target cyber-security training; e.g., identify end-users violating policies and train them.