One of the biggest frustrations with implementing and managing legacy DLP solutions is managing policies. Part of this is the industry’s fault. Legacy DLP solutions have conditioned security teams to believe that data can best be secured by granular and complex policies.
These require teams to follow a strict process:
It can take months or years to identify and classify all the data in an organization. And, once you are done, that scan is already out of date based on new data created, added, or modified during the process. In legacy DLP environments, these activities must be completed before data protection can begin. In addition, teams must update and maintain policies as inevitable false positives disrupt legitimate workflow. As organizations add new classes of data and/or new user groups, the entire process must start again.
While policies will always have a role in DLP, a policy free strategy provides more accurate protection and faster time to value. The Reveal Platform by Next accomplishes this by moving intelligence to the endpoints.
With machine learning on each endpoint, Reveal eliminates the need for pre-classification of data and granular policies. Instead, Reveal’s real-time data classification considers content and context to identify and classify data as it is created and used. Content level inspection identifies patterns for PII, PHI, PCI, and other fixed format data types. Contextual inspection identifies sensitive data in both structured and unstructured data without predefined policies.
Machine learning on each endpoint allows autonomous decision making - without dependence on network connections. Behavior analysis on the endpoint also minimizes the requirement for granular policies and their resulting false positives. Individual baselines surface individual anomalies, isolating risks to each device and user. Agents are deployed quickly and deliver immediate visibility to user behavior and risk, driving value right away.
A policy free approach eliminates workflow disruptions due to outdated policies and data created after discovery and classification scans. In legacy DLP solutions, new data types, new users, and new threats result in new rules and false positives that interrupt legitimate data use. A policy-free approach understands acceptable behavior for each user and reports on risks to data without preset rules.
A policy free approach is better able to adapt to new threats. Insider threats are individual threats and require DLP solutions to understand the context of individual activities. Individual baselines provide analysts with context to actions.