On July 19th, 2022, Gartner published their latest Market Guide for Data Loss Prevention. The guide defines DLP challenges, outlines categories and Representative Vendors, and provides recommendations for security leaders responsible for email security.
Here are our key takeaways from the guide.
Time to Sunset Your Legacy DLP Implementation
“Traditional DLP vendors focus more on conventional and data-specific content inspection methods, which can lead to incident fatigue and a siloed view of data movement.” — Gartner Market Guide for DLP, 2022
We have known this all along. DLP architecture that is focused on data-specific content inspection are prone to false positives. This has been the biggest pain point for the DLP industry for decades. Think about a simple content pattern matching for SSN numbers (for customers based in the US). Although content matching has become smarter, it still cannot overcome the issue of flagging any 9-digit number sequence as a potential leakage of sensitive information.
“Invest in a DLP solution that not only provides content inspection capabilities but also offers extra features such as data lineage for visibility and classification, user and entity behavior analytics (UEBA), and rich context for incident response.” — Gartner Market Guide for DLP, 2022
Gartner recommends that you should consider forward-looking DLP technology that employs user and entity behavior analytics that can complement content-based pattern matching to reduce false positives. At Armorblox, we see exponential growth in our ability to reduce false positives by using Natural Language Understanding (NLU). Click here to read our blog on how we are able to reduce the false positives by a factor of 10x.
Modern DLP Should Also Address Insider Risk
“We also see convergence of DLP with insider risk management solutions. This brings together the capabilities of insider risk management solutions and UEBA in one single solution. Traditional DLPs focus more on content and are data-centric, so they cannot distinguish between malicious behavior and an accident. However, by enriching DLP events with a user-centric view, it will be easy to distinguish between the malicious and negligent act of an end user.” — Gartner Market Guide for DLP, 2022
Supply chain and insider risk threats have hit the headlines in the last several years. Between February 3 and 14, 2020, cybercriminals gained access to computers at one of General Electric’s partners, Canon Business Process Services, which handles document processing and accounts payable for many large corporations. The bad actors managed to take over a Canon email account following a successful phishing attack. They were thus able to access sensitive information on current and former GE employees and beneficiaries, including birth and death certificates, direct deposit forms, tax forms, and driver’s licenses.
“Apart from providing content-inspection capabilities, these solutions also analyze the day-to-day behavior of the users and thus enrich DLP events with contextual analysis. They track who, what, when, where and how for any data exfiltration scenarios.” — Gartner Market Guide for DLP, 2022
We see the trend of utilizing machine learning to address insider threats and supply chain attacks in our customer portfolio. At Armorblox we look at thousands of signals to understand the context of email communications and user behavior to stop sensitive data from falling into the wrong hands. By bringing our innovation in Natural Language Understanding (NLU) to DLP we are able to stop the leakage of sensitive data by either malicious or accidental behavior of insiders and supply chain vendors.
Email is Still the #1 Vector When It Comes to DLP
“Email is one of the most prevalent means of sending sensitive information and a priority for most clients. Worldwide end-user spending on public cloud services is forecast to grow 20.4% in 2022 to $494.7 billion, up from $410.9 billion in 2021, according to the latest forecast from Gartner. In 2023, end-user spending is expected to reach nearly $600 billion.” — Gartner Market Guide for DLP, 2022
Follow the 80/20 rule and address the most pressing need first. If there is one project that you can undertake to solve for DLP, it should be to tackle your email service. As more and more enterprises choose a cloud-delivered email service, it is important that you address DLP to protect your organization from losing sensitive data.
“Most vendors of email security solutions now include, or can provide, DLP capabilities in their products. These solutions use artificial-intelligence-based algorithms to track users’ email patterns and notify users if they may be accidentally sending sensitive information. Also, most of the EDLP solutions include email DLP capabilities.” — Gartner Market Guide for DLP, 2022
If you are evaluating a next-generation email security solution ensure that it has DLP capabilities. The last thing you want is to invest in an email security solution that does not include DLP. Integrated DLP helps to improve security posture while keeping the administrative overheads simple and easy.
- Traditional DLPs focus more on content and are data-centric, so they cannot distinguish between malicious behavior and an accident. However, by enriching DLP events with a user-centric view, it will be easy to distinguish between the malicious and negligent acts of an end user.
- Today, the DLP market is evolving as we see a convergence of IRM and DLP tools. This approach utilizes content-inspection capabilities with behavioral analytics and machine learning and also helps in reducing the number of false positives.
- Invest in a DLP solution that can understand the full lineage of the data, identify baseline activities for the user, and compare subsequent actions to the baseline activity by gathering contextual clues about the who, what, when, and where of the data.