|
To effectively protect sensitive data including difficult to define, unstructured or "free form" data, and structured information, companies should look to solutions that combine different data analysis technologies. A "defense in depth" strategy works equally as well within a solution as it does by combining different types of solutions. In the case of data analysis three layers should always be applied:
Context Based Analysis
Context analysis is best used when sensitive information comes from a known source - e.g. software code from a "version control solution."
Identity Based Analysis
Identity should always be used to apply "need to know and need to act" analysis e.g. - does the employee have rights to view or edit the data. It is also critical that user actions be tracked, including transfer of information between applications through cut and paste, screen capture, or other means.
Content Based Analysis
Content is best used for information that is formatted in a way that is recognized by key word or dictionary analysis technology - e.g. social security numbers, credit card numbers and other PII and PHI data.
The type of content analysis technology utilized and how it is deployed are critical for success. Content analysis technology is continually improving with new types of ever more intelligent analysis. Simple dictionary or key word search capabilities have been supplemented by more intelligent and effective similarity and pattern matching. This constantly improving field of analytical technology quickly leaves "proprietary and custom built" technologies behind. For this reason Verdasys decided to partner with Autonomy and fully integrate the industry leading IDOL content analysis engine into Digital Guardian.
The Digital Guardian Difference
With the advanced capabilities of Autonomy fully integrated into the Digital Guardian Agent, Verdasys provides the most comprehensive content monitoring, filtering and analysis capability available on host-based architecture. Digital Guardian's Adaptive Content Inspection (ACI) protects sensitive data through content monitoring and filtering of data "at rest", "in use" and "in motion". Digital Guardian ACI supports over 300 file formats and 90 languages.
Digital Guardian's host based architecture enables content scanning capabilities to be distributed across the organization to all protected laptops, desktops, mobile devices and servers. At all of these points, content scanning and policy enforcement occur before the potentially damaging activity is completed by the user.
This means data is monitored and protected before it:
- Is encrypted
- Moves into a tunneled messaging format
- Is cut, copied, pasted, printed, or screen-captured at the end point
The ACI module scans data-at-rest, data in use or data in motion and adds a level of data protection that exceeds all network based content monitoring and filtering appliances. With the added capabilities of contextual and identity based analysis, Digital Guardian offers the most complete data loss prevention (DLP) solution available.
Network Content Monitoring
Network content monitoring and filtering is an appliance based technology often used to protect information from escaping over a companies network. These solutions are often deployed as part of a defense in depth strategy, but do not offer the completeness of protection that is often expected. Network content monitoring and filtering systems are unable to:
- Protect most data that is encrypted
- Protect data that moves through networks using tunneling like Microsoft's PPTP technology
- Protect data that is on mobile devices
- Protect data that is copied from an endpoint to an external device
- Protect against stenographic attacks
- Provide instant user feedback that an action might put the company at risk
Implementing this technology alone is an incomplete DLP solution that protects only a small portion of data in use or in motion. |
