Extended detection and response or “XDR”, a new, and much lauded approach to threat detection and response.
According to its proponents, XDR provides holistic protection against cyberattacks, unauthorized access, and general misuse of data.
The capabilities touted by XDR supporters are indeed impressive. With this model, security teams can identify hidden threats and exfiltration attempts both proactively and quickly. The XDR approach creates powerful endpoint protection, blocking malware and other exploits through AI-powered systems. It also offers simple and clear visibility for all enterprise data, in all its forms, and in all databases.
All of this sounds great. The only issue we have is that it’s being advertised as something totally innovative and new.
DLP or XDR?
While some are trying to draw a distinction between Data Loss Protection and XDR, the truth is, DLP done correctly delivers on everything promised by the “new” XDR model and more.
DLP as DDR / XDR
GTB’s DLP system is in its essence a DDR (Data Detection and Response) Platform, providing full AI-driven endpoint security, data classification, and automated alerts. There’s just one small difference: GTB does it more accurately. With GTB, security teams can all but eliminate false positives ensuring their resources aren’t being drained and their attention is focused on only the real threats.
The GTB Data Security that Workstm platform enhances and modernizes features across the enterprise, including Cloud Access Security Broker (CASB), Secure Access Service Edge (SASE), Insider Threat and Risk Management, Endpoint Protection Platforms (EPP), and Data Discovery Classification capabilities, resulting in a platform that accurately and automatically detects attempted data breaches while providing automatic responses to streamline the DLP effort.
Visibility: Accurately, discover sensitive data; detect and address broken business process, or insider threats including sensitive data breach attempts.
Protection: Automate data protection, breach prevention and incident response both on and off the network; for example, find and quarantine sensitive data within files exposed on user workstations, FileShares and cloud storage.
Notification: Alert and educate users on violations to raise awareness and educate the end user about cybersecurity and corporate policies.
Education: Start target cyber-security training; e.g., identify end-users violating policies and train them.
- Employees and organizations have knowledge and control of the information leaving the organization, where it is being sent, and where it is being preserved.
- Ability to allow user classification to give them influence in how the data they produce is controlled, which increases protection and end-user adoption.
- Control your data across your entire domain in one Central Management Dashboard with Universal policies.
- Many levels of control together with the ability to warn end-users of possible non-compliant – risky activities, protecting from malicious insiders and human error.
- Full data discovery collection detects sensitive data anywhere it is stored, and provides strong classification, watermarking, and other controls.
- Delivers full technical controls on who can copy what data, to what devices, what can be printed, and/or watermarked.
- Integrate with GRC workflows.
- Reduce the risk of fines and non-compliance.
- Protect intellectual property and corporate assets.
- Ensure compliance within industry, regulatory, and corporate policy.
- Ability to enforce boundaries and control what types of sensitive information can flow where.
- Control data flow to third parties and between business units.