DASB Replaces DLP

The Customer
A privately-held financial services company (“FSC”) with financial and personal data protection requirements driven by compliance with Financial Industry Regulatory Authority (FINRA) and U.S. Securities and Exchange Commission (SEC).

The Challenge
FSC has been mandated to protect sensitive financial and personal information for mandatory compliance requirements. In particular, FSC wants to protect and track sensitive data as soon as it is accessed from their SQL databases and transformed into flat files stored on their file servers.

FSC already had Symantec DLP, but the tool’s approach of scanning file shares to identify sensitive data did not meet FSC’s needs. Scanning file shares is a painfully slow task, and error-prone as it does not protect data on creation but instead relies on blocking data using static classification tags. DLP also comes with a litany of other problems that did not meet FSC’s requirements. DLP was not able to provide visibility into all usage of the data. DLP requires a manual classification program which is error-prone and places a significant burden on all company staff. DLP is a further drain on the security team who needs to continuously tune rule sets to reduce false positives and false negatives. And DLP licenses are notoriously expensive, not to mention the laborious operational overhead. The result was a needlessly expensive and complex tool that did not meet the requirements.

The Solution
Upon purchasing SecureCircle, FSC met its initial set of FINRA and SEC data protection requirements within the first week of implementation. Although FSC intended to renew its Symantec DLP license, they were able to not renew, since data protection and audit requirements were fully met by SecureCircle.

FSC replaced Symantec DLP with SecureCircle and is protecting their data by default, enforcing a Zero-Trust framework. Employees work with protected data with no need to manually classify data, and no changes to approved applications and workflows. In fact, SecureCircle has enabled reduced workflow complexity in some areas, which has increased productivity.

Data is automatically protected and tracked as it moves out of the database. Files exported from the database are protected by SecureCircle’s MagicFolder TM feature, which automatically and transparently protects data with defined access policies.

When employees modify reports or create new files (derivatives) similar to already protected data, the new files are automatically protected by MagicDerivative TM , which compares digital DNA (dDNA) within the data for binary similarities. Derivative files, regardless of applications that created them, that contain similar dDNA as protected data automatically inherit the protection and access policies of the original data.


● FSC began protecting data during the first week of implementation

● Automated continuous discovery and classification of data

● Completely transparent user experience

● Data is always protected: at rest, in-transit, and in-use. Files are never decrypted.

● Derivatives of flat files, regardless of file type or the applications that created them, are automatically protected as employees modify or create new reports.

● Protect by default, removing the drain on company staff for ongoing manual discovery and classification, and the burden on the security team of doing constant DLP rule management.

● Detailed reporting beyond compliance requirements to monitor workflows and provide visibility to data, including who is sharing data, and from what locations. Other solutions require admins to identify where the data is first.

● Automate workflows such as automatically protecting all data leaving the database or SaaS applications

The Outcome
FSC’s data protection and compliance requirements were fully met by SecureCircle. All data, including financial and personal information at FSC, is protected at all times, even in-use. Protection is enabled as soon as a flat file is created from the source database, which can be stored and consumed on file servers or employee endpoints. Protected data is tracked, and every action is auditable.

SecureCircle is implemented without impacting the existing workflows or user experience. In fact, SecureCircle has enabled reduced workflow complexity in some areas, resulting in increased productivity.

Finally, FSC realized considerable cost savings by switching from Symantec DLP to SecureCircle, in terms of license cost, fast implementation time, and by removing the burden on its staff and on its security team. On many levels, the FCS CISO agrees “SecureCircle allowed us to increase protection and decrease cost.”

Download PDF Version