Cyber Hygiene
Security Risks From Employees Working From Home
Audits Don't Solve Security Problems
Is 'Discover, Classify, Protect' Wrong In Cybersecurity Today?
Breadth Vs. Depth: Cybersecurity Industry Has Been Focusing On The Wrong Thing
Third Party Vendors
The Rise Of DASB, Sunset Your DLP
AWS Source Code Leak
End Source Code Theft
Why Isn’t DLP Preventing Data Breaches?
SecureCircle Data Access Security Broker (DASB) Selected By Quanta Storage To Eliminate Insider Threats
Organizations Should Bulk Up Cybersecurity In Case Of Iranian Cyber Attack
The Evolution of Data Protection
Ransomware stealing data before encrypting
Insider Threats Infographic
Who collected 4 billion records on 1.2 billion users?
Cisco Systems - Target of Malicious Insiders
New Yorks SHIELD Act
Insider Threat at Lion Air (Update)
How to Prevent the Lion Air Databreach
CIO IT Taiwan | SecureCircle 控管檔案讀取 權不怕合作生變造成洩密
How to Prevent the Mastercard Data Breach
Capital One Hacker Breached 30 Companies Through a Single Cloud Provider
Government Organizations Are Not Ready for Cyberattacks
How to Prevent the Boeing Data Leak
End Insider Threats Without Impacting Users Or Business Workflow
Singapore Overhauling Data Protection Practices
SecureCircle available on Taiwan Government CloudMarketplace
SecureCircle placed on UK Government Framework Catalogue
The New Federal Data Strategy
SecureCircle announces United Kingdom and EMEA Distributor, Care21
Quest Diagnostics and LabCorp in Trouble
Insider Threat in the Air Force
Disruptor Daily | What trends are shaping cybersecurity in 2019?
Disruptor Daily | What is the future of cybersecurity? Experts share their insights
How to Combat the Business Email Compromise Scam
How to Prevent Government Data Breaches
Availability Bias in Cybersecurity
How to Minimize Your Exposure to Employee Mistakes
A Look Inside Toyotas Second Data Breach
Four Keys to Data-Centric Data Protection
Asymmetric Information Causes Data Breaches
SecureCircle Introduces Send Secure for Agentless Protected Data Sharing
The Financial Consequences of a Data Breach
Insider Threats Can Happen to Anyone
Federal Data Privacy Laws Are Coming
Forget Collection 1: Here comes Collections 2-5
Forbes | 10 Industries On The Cusp Of Technological Disruption
Collection 1: Not a Big Deal?
It All Adds Up: Better Cybersecurity is a Necessity in 2019
Why New Year Resolutions Fail
9 Costly Security Mistakes
Security InfoWatch | The Last Mile Security at the Edge
2019 Security Predictions(Infographic)
Security Today | Rethinking Access Control
We love what we do - 2018 Review (Infographic)
Holiday Hacks Are Not Going Away
Solving Multi-Cloud Security
A better solution than web bugs for internal visibility
Why File Encryption is not enough - A Customer Conversation
Security, Visibility, and Control
SecureCircle Introduces Enhanced Cybersecurity Offering for Cloud-First Enterprises
Healthcare Needs a Change
What is old is new: Cold Boot Attacks
Inside Information - Data that should NEVER leave the organization
CTimes | SecureCircle and Netbridge Distribution Partnership (Chinese)
SecureCircle Announces Asia Pacific Distributor, NetBridge Technologies
Insider Threats
CSO | The hidden security problem we all need to know about
Opt-Out is more than blocking SPAM
What is Opt-Out Data Centric Protection? And why is it so important
Digital Hygiene in a GDPR World
Security Info Watch | Enterprises Beware: Cybersecurity Challenges in the Cloud
GDPR Readiness (Infographic)
The Lost Laptop
Strategic Finance | Security in a World of Zero Trust
Reading Between the Lines - The Real Impact of Insider Threat (Infographic)
Protecting Internal Data
Press & News Embargos
CSO | GDPR: Where are we now?
SecureCircle @ CIAB FEBRABAN, Sao Paulo Brazil - The Recap
California Consumer Privacy (The next generation of GDPR)
I am safe. My data is encrypted. Right?
University of Texas MD Anderson Cancer Center ordered to pay $4.3 million in HIPAA violations
Is my Air Gapped Computer Safe?
The Broken 80/20 Rule
SecureCircle and Fiandeira Tecnologia Showcase Unstructured Data Solution at CIAB FEBRABAN
SecureCircle will be exhibiting at CIAB Sao Paulo Brazil June 2018
Throw Tech Away - The Rise of a New Generation of Data Security
GDPR Compliance Tips: The Top Experts Speak
Are you ready for a password-less world?
CSO | The Impact of Human Behavior on Security
Account compromised? What about your file content?
Age old discussion: Convenience versus Security
SDxCentral | Four Security Myths You Need to Shake
Security Today | Digital Security in a Zero Trust World
MegaMinds AIthority Interview with Jeff Capone
2018 Govies Awards
Data Protection needs to be agnostic like Switzerland

The Rise Of DASB, Sunset Your DLP

Written by 
SecureCircle
 | 
February 17, 2020
March 31, 2020

5 Reasons Why Organizations Are Switching

1. Manage by exception

DASB manages by exception

DASB persistently and transparently protects data, with no impact to end-user experience, applications, and business workflows. DASB flips the traditional data protection model from one of opting into the least amount of data to protect, to an expansive, opt-out model. This opt-out model enables organizations to protect any and all data and manage exceptions around collaboration. 

DLP manages by rule

DLP requires rules to be written for every scenario.  Whether the scenarios are trying to identify every possible exfiltration pathway or map to acceptable business use, these rules need to be continuously tuned to decrease alerts, false positives and false negatives.  

2. Identify data by DNA

DASB expands its protection through dDNA matching 

DASB’s patented similarity detection engine understands the DNA of the data (dDNA) and looks for a match to dDNA that is already protected. If there is a match, Magic Derivative applies protection to this data automatically, with the same access controls as the originally protected data. This means that even if you have not discovered or classified all your sensitive data, or if your colleagues create or import new sensitive data down the road, DASB will automatically recognize this “unknown” data as sensitive and protect it.

DLP’s data identification is like using a fingerprint

DLP might encounter this telephone number (819661820893) and identify it as a credit card number, a false positive. An outgoing email attachment with this telephone number might be blocked causing a slowdown in the business where none is warranted. This interference with normal business operations is one of many major downsides of DLP. The more aggressively the security team adds and updates rules, the more often false positives occur. Employees are measured on their productivity. When security tools slow them down they complain and try anything they can to circumvent the blocker, DLP. DLP also fails to detect sensitive information that has been slightly altered, allowing it to pass freely as a false negative. For credit cards, a classic exfiltration bypass method is to spell out the credit card number ("eight one nine six..."), change the credit card number to an unreadable font like Wingdings, or re-write it as Roman numerals. It is easy to think up ways to get past DLP's pattern matching.

3. Protect First

DASB protects any and all data

DASB protects any data transparently. This allows for organizations to protect data first and then work on discovery and classification. DASB’s methodology for discovery and classification enables organizations to identify and administer the appropriate access controls to unknown data. This includes all the information your employees are creating every day and all the unknown data stored in location (on-prem, cloud, on endpoints, etc.) across your enterprise. 

DLP requires tedious discovery and classification

DLP’s obtrusive nature requires discovery and classification as a necessary crutch to achieve even the most basic protection scenarios. Manual classification can depend on every employee in the company filling out a small form every time they are about to send an email or save a file, a major drain on employee time. Worse, your colleagues are not security professionals, and their incentive is to get their work done, so the accuracy of their classification is in doubt. Insiders are known to be the largest threat vector, so giving employees the power to classify whether data is sensitive or not is a critical flaw. 

Discovery is known to be highly ineffective as discovery tools are not equipped for the volume of data and the varied locations (public or private cloud, on-prem) in which this data is stored . Automated discovery is also highly error-prone, leading to the wrong policies applied to the wrong data.

4. Expansive Protection

DASB data protection is expansive

DASB takes an expansive approach to data protection. We recognize that most, if not all, enterprise data contains sensitive or valuable information and this data should not be allowed to leak. DASB continuously discovers, classifies and protects previously unknown data. DASB achieves zero-trust, persistent protection that is completely transparent to end users. DASB protects any and all data without impact to the end-user experience. 

DLP data protection is reductive

Contrary to DASB, DLP's approach to data protection is reductive. DLP depends on discovering and classifying data, with the goal of opting into only the smallest subset of data to protect. By default, DLP allows a file to flow freely unless it has been specifically identified as sensitive and a rule exists that can dictate how users can interact with that file.  This is an ongoing, tremendously time consuming, never-ending effort for security teams. It is nearly impossible to devise every possible rule to block exfiltration pathways, while aligning with the business and acceptable business use cases. Managing by rules is also a huge burden on employees, as more and more restrictions are imposed on their daily workflows. Given the amount of effort required of the security team to devise rules that detect sensitive data, and the overhead incurred by employees classifying their own data, using only prescribed applications and file types with workflow pop-ups, errors and overhead along the way, the DLP approach ends up being to opt-in to the least amount of data to protect as possible.

5. Time to Value in Hours

DASB is implemented in hours

With DASB, deploy the agent, target a location, and you are transparently protecting data. DASB is implemented enterprise-wide, or in a phased approach, selecting the most important use cases first (source code, CRM, trade secrets, finance, PCI/PHI, etc.) and protecting all data related to those use cases.  DASB imposes no limits on applications, versions, file types, file sizes, repositories, developer tools, workflows, or anything else in the environment, no matter how complex or enterprise specific. 

DLP takes months, if not years to implement

DLP requires a comprehensive discovery and classification program, with buy-in and assistance from the business before even starting to write rules. As the discovery and classification program is continuous and manually conducted, rules need to be written, false positives and false negatives need to be constantly tuned. Once the discovery and classification programs are underway and tuning progress has been made, we are now able to move to monitor or test mode to see how the DLP program will impact end-user experience. Once the business and security sign off on acceptable impact to the business, and staff have been trained on the manual classification and data usage policies, DLP might be ready to start protecting data. 

DLP is the old paradigm. DASB is the New New. Based on the Zero Trust philosophy, DASB allows all data to be protected transparently, without impacting workflows or applications. 

Download our whitepaper, The Rise of DASB, to learn how to protect your organization's data against breaches and insider threats.

Prevent Data Breaches

Let’s discuss your unique cybersecurity challenges and needs.

Contact Us

If you want to notified when we post the newest content about mitigating insider threats, data breaches, protecting source code, and DASB, please subscribe to our SecureCircle newsletter.

Share: