Protecting the Data You Don’t Know About

Many customers have come to me and said “I understand the importance of data loss prevention (DLP) for my organization; but where do I start?”   Not only does data in enterprises double every 18 months, organizations don’t always know where all their data resides, who use it and how it is being used.   With most approaches to DLP this would be challenging.

With traditional approaches to DLP, you’d start with a set of initial policies.  The policies are then deployed in a production environment and then you wait …. and wait.  Most of the time, the policies are not optimized and so you’ll end up with too many potential security violations (false positives) or too little (false negatives).  So, you will need to go back and tweak the policies and then wait again.  In speaking with people implementing traditional DLP, I’ve learned that this process can take months! During that time, your organization continues to face the risk of data loss and has to invest precious resources in order to create an optimized policy.

Another problem with this traditional approach is that data that doesn’t match an existing policy is let go. It’s water under the bridge, and goes straight out the firewall into the wild. You’ll have no visibility into what has left the organization, and that has an impact on future policy development.

McAfee took a different approach to data loss prevention. In addition to the set of policies that we use to evaluate and log violations, we also log all outgoing data. We do this using unique Capture technology that is available with McAfee Data Loss Prevention. We hash the data, index it, and perform analytics on it.

So you may ask “how are you using the data you have captured?”  We use it to help in many ways.

1. Test policies before they go live

Use the real data you have captured in the last few months and test your new DLP policies on the data.  It allows you stop guessing and build effective polices with confidence without having to wait for weeks to verify efficacy.

2. Perform quick, complete investigations

This is better explained with an example.   Let’s say that an employee left your company, and unbeknownst to you, took sensitive corporate information with him to his next employer. A month later, you noticed the competitor was making announcements about a technology that sounded like yours.  Before this employee left, you didn’t know that you needed to be watching what he was doing, so no specific policy was in place.  But with McAfee’s Capture technology, you can go back in time, almost like a digital video recorder, and figure out what that employee did before he left, and identify whether or not, he in fact, took information that wasn’t rightfully his.

3.  Stay ahead of your data risks

The captured data helps you see the patterns of real-world data being used in your organization. It gives you visibility to look at events that lead up to a breach to identify current broken business processes. As you understand how your organization uses data you will be more able to predict risks and be proactive in avoiding them. This vastly increases the efficiency and effectiveness of your data protection.

You cannot protect what you don’t know.  Unique McAfee Capture technology, available in McAfee Data Loss Prevention, gives you a faster and more efficient and cost effective way to leverage your data for your DLP solution.

These blogs aren’t the only way to stay current on DLP.  Follow us on Twitter (@McAfeeDLP) and subscribe to the McAfeeDLP YouTube channel.

Leave a Comment

two × 2 =