Why is DLP Failing?

Scottrade, Anthem, Sony Hacked, data breached.   Home Depot, data breached, Target ....

will 2016 move in the same direction as 2015, 2014 and 2013?

When studying these patterns, it’s important to understand that it’s the degree and severity of the incident (i.e.. Target), not the rate of occurrence that makes news.

According to the Ponemon Institute[1], the average cost of a data breach is $188 per record with an average of $5.4 million in the U.S. and Target reports to have paid over one billion dollars in recovery damages.

A DLP solution is the last level of defense that addresses data extrusion security against advanced attacks, malware, Frenemies (employee mistakes) and unauthorized users trying to steal data.

So why is DLP failing? 

For those familiar with data and security breaches, there have been several recent notable violations: EBay, Adobe Systems, Target and Neiman Marcus. In other words, hackers, malware, botnets, and employees with malicious intentions can oftentimes beat the DLP systems, overthrowing entire organizations and making market leading DLP models look primitive.

Does compliant equate to secure?

A company can be fully ‘compliant’ and still lack the necessary tools to stop a data breach.  Global Payments Inc., an electronic processing company whose estimated breach will cost close to $94 Million USD was fully compliant with PCI and others[2].

Global Payments Inc. CEO Paul Garcia said, “I can't be terribly specific … We had security measures in place that caught it [data-breach].” He did however acknowledge that while their DLP or ‘loss-prevention’ quickly spotted and counteracted data ex-filtrated from the company, it hadn't prevented the data infraction. Garcia later admitted, “So partly it [DLP] worked and partly didn't work.”[3]

Whoops!

The conclusion is simple:

The current ‘market leading’ DLP technology is outdated and unable to accomplish the fundamental function of real data protection security:

1.      Requirements compliant with PCI, HIPAA, GLBA, SOX etc. are not good enough to halt a breach.

2.      Hackers are five steps ahead of organization’s current security ecosystem.

3.      Security & Compliance Officers are not proactive about security education.

4.      The current market leading DLP cannot cover all 65,000+ ports and protocols.

5.      The current market leading DLP cannot enforce policies in real-time.

6.      The current market leading DLP detection engines have too many errors and false positives halting business processes.

7.      The current market leading DLP costs are unaffordable.

8.      The current market leading DLP can take years to fully deploy and requires multiple engineers to manage.

 

Bottom Line

The function of DLP system protection is to be a precise tool that monitors and protects sensitive data. Security and compliance officers must understand and require that their DLP system is able to have answers to questions such as,

What data do I want to protect?” and

Can my DLP system classify data correctly in real-time?”  or

Can I truly prevent a data breach?

Also the solution must provide:

-        Real-time inspection of sensitive data

-        100% Detection Accuracy on fingerprinted data

-        Coverage of ALL Ports ALL Protocols ALL Channels

-        Plug and Play - easy to use (Unified Policy Making, Workflow, Deployment, etc.)

-        Effective Data Classification – Zero False Positives

-        Prevent Data Leakage

If your DLP system cannot accomplish these basic requirements, it’s time to CHANGE to or consider a different Data Loss Prevention solution which can.


[1] https://www4.symantec.com/mktginfo/whitepaper/053013_GL_NA_WP_Ponemon-2013-Cost-of-a-Data-Breach-Report_daiNA_cta72382.pdf

[2] http://www.bankinfosecurity.com/global-payments-breach-tab-94-million-a-5415/op-1

[3] http://www.wired.com/threatlevel/2012/04/global-payments-breach/

Security that's Built for Today to be Prepared for Tomorrow TM

No Comments Yet.

Leave a comment

You must be Logged in to post a comment.