Choosing a solution for protecting sensitive data requires proper planning and research. Teams need to consider not just what the vendors say, but also how the feature set fits with the resources and capabilities of their organization. Legacy data loss prevention (DLP) and insider risk management (IRM) solutions were designed for organizations with large IT and security teams. Most organizations today – particularly midsize organizations – do not enjoy that luxury, yet they are still held to the same compliance standards and data protection bar as those with larger teams.
We designed Reveal for today’s work environment, technology stack, and threat space. We also considered the need for simplifying management and accelerating time to value while protecting data. Below are Reveal features we believe are critical for teams to consider.
Ease of adoption and management: Organizations want to protect their sensitive data without overwhelming scarce security resources. This requires a simple solution to deploy and manage, providing rapid time to value. In an independent evaluation, GigaOm rated Reveal as exceptional for ease of adoption, management, and cost.
Machine Learning on the endpoint: Legacy solutions require centralized aggregation and analysis of information. This can include classifying data, analyzing data usage, detecting anomalies, and alerting IT and security teams. This leaves organizations vulnerable in a work-from-anywhere world. Reveal leverages machine learning (ML) on each endpoint; we’re the only DLP and IRM solution to inspect content instantly and baseline each user and device in days to name risky activity, on and off the corporate network.
On-use content classification: A requirement of any DLP or IRM solution is identifying and understanding sensitive data. Legacy solutions address this by making data classification a prerequisite to protecting data. This can require months of discovery across all data sources and endpoints, delaying protection and time to value. Reveal’s approach eliminates data pre-discovery and classification. Instead, it identifies and classifies data as it is created and used when it’s most at risk. This more efficient approach focuses on data in active use and protects your organization from the moment the platform and agents are deployed.
USB controls: Identifying and blocking threats to sensitive information is the core function in DLP and IRM. According to the 2022 Cost of Insider Threats Global Report by the Ponemon Institute, 43 percent of the incidents investigated involved USB removable media. Because Reveal can identify and classify sensitive data as it is created and accessed, it can block users from writing sensitive files to USB storage devices. In addition, Reveal can also distinguish between authorized and unauthorized USB devices to prevent users from mounting unauthorized USB drives that may hold malware and prevent users from copying sensitive information to unauthorized devices.
Event streaming: Data forensics are necessary for breach investigations. Reveal’s Security Information and Event Management (SIEM) streaming service provides a simple configuration process that enables organizations to reduce response times through the automated ingestion of detections into their existing SIEM tools and workflows. Security teams can replay and analyze event streams to reconstruct the events leading to a security incident, name the root cause, and gather evidence for remediation, compliance, or legal purposes.
Simplified Triage and investigations: Once data classification schemes are created, legacy solutions require detailed rules dictating what actions each class of users can take with each class of data. The inevitable false alerts frustrate users and complicate investigations. Legacy DLP logs are packaged in a difficult to read, code-like format, which requires extensive administrative training. The Reveal management console was designed with the software security skills gap in mind. The interface is highly visual; it is one pane of glass that guides security analysts through their work. Human readable and correlated reporting gives the analysts the context needed to investigate, assess, and respond at a user or group level without the overhead.
Incident-based training: Not all data loss events are deliberate. People make mistakes and annual training events need to be reinforced with regular coaching throughout the rest of the year. Reveal promotes good cyber hygiene by prompting users when they try to take actions that could put data at risk. It can even present users with policy reminders and safe alternatives as a way to guide. One of our customers saw a 50% reduction in alerts in just over a week.
Respect for Employee Privacy: Employee privacy and data protection are often seen as mutually exclusive goals. But intrusive employee monitoring solutions communicate distrust and can harm organizational culture. A Gartner study showed employees are twice as likely to pretend to be working in response to monitoring programs. Unlike legacy DLP solutions, we took a privacy by design approach to Reveal. It uses pseudonymization while detecting and mitigating threats without compromising the privacy of users and preventing bias in monitoring users’ activities. Scoped investigations limit what an investigator is allowed to see and the time of the investigation. The focus is squarely on protecting data and only if the risk is deemed sufficient does the identity of the users become part of the investigation.
Next built Reveal for today’s work environment, technology stack, and threat space. It is cloud native with smart agents for fast deployments, immediate visibility to risk, and rapid time to value. It protects data on and off the corporate network and across SaaS, messaging, and video conferencing apps.
We know every environment is different and means data protection needs vary, contact us and we’ll tailor a demo to your needs.