By Itir Clarke
As your organization embraces remote work and migrates to the cloud, the risk of data loss increases. Legacy data loss prevention (DLP) solutions weren’t developed with these new dynamics in mind.
In today’s world, your DLP solution must provide visibility across multiple channels of data loss—but not require multiple teams to manage it. It must scale with your company’s information protection needs while protecting data without interruption. And since data doesn’t lose itself, your DLP solution must be people-centric, providing insight into user behavior.
In its recently published “Market Guide for Data Loss Prevention,” Gartner mentions “Legacy DLP products and detection techniques were developed for on-premises workloads. Cloud migration has complicated the vendor selection process for clients, since these legacy approaches to DLP often are no longer viable.”
Let’s take a peek at some of the highlights of the report :
Next-generation DLP: Enhanced with classification and converged with insider threat management
Gartner states, “DLP is a mature technology, but the emergence of tools with a focus on cloud and insider risk management use cases has provided SRM leaders with the option to invest in a next-generation data security tool.”
In the report, Gartner identifies the key capabilities for Enterprise DLP platforms as:
- Visibility and policy enforcement for email, endpoint, cloud, web and private apps
- Centralized policy management and reporting functionality
- Content inspection and the ability to recognize classification tags or labels
- Data classification and data lineage capabilities for visibility, auditing, data controls and more
- User behavior monitoring and analytics for rich context for incident response
Gartner recommends “using Enterprise DLP if you have limited resources and if your users are transacting sensitive information through multiple channels” and suggests “Use consulting and managed services to shorten the time to value and augment lean IT and security departments.”
As a platform-player leader, Proofpoint Enterprise DLP expands on the required capabilities with our people-centric approach, our one agent, one console and one cloud-native platform, as well as our managed services for information protection:
- People-centric insights: Proofpoint Enterprise DLP brings together our solutions for email, cloud and endpoint DLP with an option to add web security. It combines content, behavior and threat telemetry from these channels to address the full spectrum of people-centric data loss scenarios. For example, leavers who feel entitled to take the intellectual property they worked on, a compromised user whose data is stolen by a hacker, or a careless user who accidentally emails a sensitive document to a partner.
- One console, one agent, one cloud-native platform: In a single console and using a single lightweight agent, Proofpoint includes all the policy management, workflows, alert management and threat-hunting capabilities, classification sophistication, reporting, and dashboards that administrators and analysts need for accurate DLP and insider threat detection. Our solution includes data lineage tools such as file timeline for visibility, but also user timeline for context on user intent. User and file timelines show alerts and activities before, during and after an incident giving insight as to whether the user might be careless, compromised or malicious. Our platform enables a scalable, multichannel and API-driven, cloud-native DLP solution that’s quick to deploy.
- Intelligent classification: Enterprise DLP integrates with AI-powered intelligent data classification from Proofpoint, providing at-scale visibility to business-critical data. Actionable insights and recommendations help organizations prioritize protection. With AI-generated dictionaries and automated labeling, your security teams can accelerate DLP and better protect your data against careless, compromised and malicious users.
- Right people and processes: Proofpoint Managed Services and specialized partners help organizations design, implement and manage information protection programs, providing data security experts for staff augmentation.
Key Channels and Solutions for DLP
In the report, Gartner identifies four solutions that include DLP as a capability. We believe Proofpoint has products for each of these solutions and integrates all these solutions on our Information and Cloud Security Platform:
- Email Security Solutions: Proofpoint Email DLP and Encryption are part of our email security solution and protect sending sensitive information. With data detectors honed over the last 15 years, we help organizations identify regulated data and intellectual property in email and enforce company policies using a wide range of services such as email encryption, revocation and quarantine.
- Endpoint Protection Solutions: Proofpoint Endpoint DLP monitors file activity and leverages content scanning to determine whether users are handling sensitive data according to corporate policy. We offer a library of rules that you can leverage to prevent data loss via USB, web browser, cloud synch folder, print, etc. You can also ask the user to justify their action. Proofpoint Endpoint DLP is integrated with our insider risk management solution and enriches DLP events with user behavior telemetry.
- Insider Risk Management Solutions: Proofpoint Insider Threat Management actively monitors user activity such as application usage, user input/output, website access, and file movement across Windows and Mac systems. We track and alert on risky user behaviors and provide sophisticated threat hunting tools and visual evidence to accelerate insider investigations. With a lightweight dual-purpose agent, you benefit from data loss prevention and insider threat management in one solution.
- Security Service Edge: Proofpoint Cloud Security solutions secure access to the web, cloud services and private apps. Our solution combines Proofpoint Cloud App Security Broker (CASB), Web Security, Secure Access, and Browser Isolation to enable people-centric visibility and controls across the enterprise and deliver a broad range of capabilities:
- Granular controls, such as step-up authentication, read-only access via browser isolation and micro-segmented application access
- Rich, cross-vector threat intelligence on user risk
- Advanced threat protection, including protection against compromised cloud accounts, malicious OAuth apps, malicious files and malicious web sites
- Proxy and API-based DLP to prevent unauthorized access to sensitive data in the web and in cloud services and ensure compliance
- Visibility into shadow IT, acceptable-use controls, application governance for SaaS and third-party OAuth apps and cloud security posture management for IaaS services.
You can enforce stricter controls for those risky users, such as highly targeted or vulnerable users, or privileged groups like admins and VIPs.
Download the “Market Guide for Data Loss Prevention” from Gartner today to learn more about market direction and what to look for in a DLP solution. Also, we believe you can explore Proofpoint Enterprise DLP to see how we deliver on Gartner recommendations and key findings.