September is Insider Threat Awareness Month. It marks the growing emphasis enterprises and governments are putting on addressing the risks posed by these highly evasive and detrimental threats. In our last article, we outlined some of the hurdles enterprises face in mitigating insider attacks.

In this article, we assess the effectiveness of Data Loss Prevention (DLP) in addressing insider threats. According to our recent ‘Insider Threat Report 2022 – Singapore Edition’ [1], 99% of enterprises felt that constant monitoring of user behaviour could help in the swift discovery of insider threats. In this regard, DLP, which continuously identifies, monitors and blocks sensitive data whether it’s in use, in motion or at rest, helps prevent data from being exfiltrated or accidentally exposed. DLP is relied on not just to prevent data leakages, but to also stay compliant with regulations such as the GDPR or HIPAA.

Ultimately, having to factor in these considerations and more has made DLP policy creation a daunting task. At the same time, with constantly changing attack vectors, security teams need to continuously update classification rules and action plans to account for new types of sensitive data, new access points and new threats. According to the report, nearly half of the enterprises surveyed find policy creation and maintenance a major challenge for DLP.

Where DLP policies are not tailored to meet the dynamic needs of the enterprise, false positives are more likely to arise. A notorious feature of data loss prevention, false positives have long plagued security teams with unnecessary investigations and filtering. The report found that false positives were the most frequently encountered challenge for DLP, mentioned by 56% of enterprises. Without context-aware policies and without adequate remediation, many harmless transactions continue to be inaccurately flagged, impacting enterprise productivity.

While DLP can be relied on to initiate accurate last-mile alerts, not providing full visibility into data creation, transmission and storage affects the proactive identification of threats and vulnerabilities. The report found that 40% of enterprises mentioned a lack of real visibility as a key challenge of implementing DLP, as it fails to provide them with real-time analyses, reports and insights into potentially harmful data transactions taking place.

Finding the perfect solution

While DLP can go a long way in staving off data leakages and exfiltration, deploying a solution that allows enterprises to create dynamic, user-centric policies with end-to-end visibility greatly augments the capabilities DLP has to offer. CoSoSys Endpoint Protector, for example, equips security teams with detailed reports on user activity and insights into transactions involving sensitive data. It also provides granular, content-aware and context-aware policies that enterprises can adapt to their own specific needs.

Synopsis