Data Loss Prevention (DLP) is a broad topic. Many products claim they're DLP solutions, including DLP, Information Rights Management (IRM), and encryption. All focus on different aspects of security. The DLP goal is to prevent data breaches and protect data, including intellectual property and personal information in all forms, including Personally identifiable information (PII), credit card information known as Payment Card Industry (PCI), Protected Health Information (PHI), and much more. Regulations like General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) exist because data breaches made news headlines daily, and governments decided corporations need oversite.
DLP went mainstream in 2007 when Symantec bought Vontu. At the time, Vontu was the Gartner Magic Quadrant leader in Content Monitoring and Filtering and Data Loss Prevention. The core DLP feature was blocking sensitive data from being copied.
"The ultimate goal of data-loss prevention is to change employee behavior," director of product marketing at Vontu said in an interview regarding the release of Vontu DLP 8 in 2007.
Regardless of the features, data types, and brands involved in the DLP market, the idea employees need to change their behavior in the name of security has been present. Because altering employee behavior is so difficult, a workflow evolved within the DLP world: Discover, Classify, Protect. The result is to identify only the subset of data that is important and needs protection.
There are two main flaws with this approach. First, changing employee behavior is a herculean task. Second, this workflow relies on employees making data classification decisions. For DLP, IRM, and file encryption, users have to decide what is essential to protect. Users, however, aren't good at making these decisions. Most users will classify the data so that it is easy for them to do their work, such as sending reports externally to customers or partners. Even if employees are diligent in making decisions, data that is not important today may be sensitive tomorrow. Employees OPT-IN to security in the legacy DLP model, deciding what should be secured.
For SecureCircle, we take a fundamentally different approach to data protection than legacy DLP. We protect data by default. Employees must OPT-OUT of security in the SecureCircle model.
Unlike the goal of legacy solutions to change users' behavior, SecureCircle believes security should be transparent to users and business workflows. Authorized users work with protected data in the same method as before. Unauthorized users are the only users to see error messages when trying to access data without proper permission.
Legacy technologies focus on protecting the device or the file. Legacy DLP tries to prevent the file from leaving the device, blocking the ability to copy a file to a USB drive, blocking Save-As, or removing attachments from email.
SecureCircle protects data, not files or devices. A data-centric approach to data security focuses on the information that needs protection instead of the network, device, or application.
SecureCircle's data-centric protection allows files to move anywhere, including removable media and cloud storage. The data is persistently protected at rest, in transit, and in use. Unauthorized users can't access protected documents.
SecureCircle doesn't rely on fragile data classification. Instead, SecureCircle's MagicDerivative(TM) autonomously protects data based on content. MagicFolder(TM) and MagicProcess(TM) autonomously protect data based on context.
MagicDerivative autonomously monitors protected data and protects similar data with the same permissions as the initially protected content. If an authorized user accesses a protected spreadsheet and copies data from the spreadsheet to a new presentation file, the presentation is autonomously protected with the same permissions as the original spreadsheet since the data has moved to the presentation. Save-As automatically creates a protected file since the contents of the new file are similar to the contents of a protected file. Even when a user manually recreates the content of a document, the new document will be autonomously protected.
MagicFolder and MagicProcess automatically protect data based on context. Enterprise Resource Planning (ERP) finance reports generated and placed into the Finance folder on a file server are automatically protected. The Finance folder is a MagicFolder, and all files placed into that folder automatically are protected. The files and data remain protected when users download the files from the file server to their computer.
MagicProcess enables applications to protect all output autonomously and allows complete protection for finance, HR, design, CAD, media, source code, and any other application that creates data that should never leave an organization.
SecureCircle's unique features and overall approach to data loss prevention allow organizations to protect data without impacting end-users or changing business workflow. Organizations can support a wide range of use cases such as accidental and malicious insiders, intellectual property and source code protection, lost or stolen devices, data visibility for regulated data, third party collaboration, and more.
SecureCircle is proactive data loss prevention, at scale, that is transparent, and data-centric.
The average cost to an organization with a data breach was $8.19M in the US last year. Up from $3.54M in 2006. As the impacts of data breaches increases, it makes sense organizations are spending more money to prevent costly breaches. Worldwide Data Loss Prevention (DLP) market revenue growth will be from $1.24B in 2019 to $2.28B in 2023. Investing in DLP solutions to prevent data breaches makes sense.
A 10,000 employee organization may pay up to $500,000 a year for their DLP license, configuration, and support. To make DLP work, organizations must follow the discover, classify, and protect paradigm.
In this example, the same 10,000 employee company purchases licenses, support, and professional services: $150,000 for a discovery tool and a $200,000 for a classification tool. Let's also assume the company spends $150,000 for a user behavior analytics (UBA) tool. In total, the company pays $1,000,000 per year.
Why are those solutions so expensive? DLP is a competitive space. Competition should keep prices in balance. What you find for many of the legacy DLP, classification, discovery, and UBA tools is that they make most of their revenue from services.
Professional services are needed to configure, monitor, re-configure, and generally make the solutions work. The tools are so cumbersome that companies need to hire professional services to set up and maintain the solution.
The current Symantec DLP admin guide is over 2500 pages. DLP also manages everything by rule. Admins need to set up hundreds or thousands of rules to allow or deny various workflows.
Varonis is a popular UBA solution with over a $2B market cap and makes over 50% of its revenue through services.
SecureCircle's technology and approach are entirely different from legacy DLP. Other articles describe the technical merits of SecureCircle versus DLP. From a numbers point of view, SecureCircle doesn't require discovery, classification, or UBA tools to function. Immediately eliminating $1,000,000 spend a year for our example 10,000 employee company.
SecureCircle manages policies by exception, so the initial configuration and daily management are minimal. Admins manage changing user permissions in the company's Active Directory, so no additional tools to learn.
CISOs and IT departments have growing demands and limited budgets. Free up money and resources by selecting the proper DLP solution.
Ponemon Institute 'Cost of a data breach' 2019
Software license costs are estimates and vary by volume, features, vendor, etc.
The New York law firm of Grubman Shire Meiselas and Sacks that serves some of the many well-known celebrities such as Lady Gaga, Madonna, Mariah Carey, and U2 appears to have fallen into a REvil ransomware attack. The REvil hackers are threatening to publish the stolen documents from the Grubman clients in nine staggered releases unless they fulfill the demand of $42 million in ransom.
The attack links to a domain the law firm used with an unpatched Pulse Secure VPN server. Vulnerability data confirmed that the law firm had a vulnerable server for almost two months. Unfortunately for them, during that time, many threat actors were actively scanning for unpatched VPN servers.
The vulnerability scan for open internet ports for vulnerable VPN servers cannot confirm that REvil hackers used it to plant ransomware and encrypt files. The REvil hackers are known for targeting unpatched VPN servers, which may have led them to Grubman. REvil is also known to use these servers to gain access to networks and steal their credentials, plant malware, and attack.
Ransomware has two main approaches. One is to encrypt all the data in place at the victim’s site and demand ransom for the decrypt key. The second is to transfer all the data to an alternative location and demand ransom for not releasing the data to the public.
SecureCircle Data Access Security Broker (DASB) customers who have faced similar attacks or malicious insiders only need to worry about the first ransomware approach. The case of releasing sensitive information to the public is not possible with SecureCircle. The hackers will have stolen protected data encrypted with AES-256. Even with a 100 petaFLOPS supercomputer, the hackers would need 3.67x1052 years to break a single key. With SecureCircle, each file uses a unique key.
The first type of attack which encrypts data in place is still possible with SecureCircle. The hacker would encrypt an already encrypted file. Recover from an encrypt-in-place attack by implementing a proper backup solution that isolates the backup data and keeps multiple revisions of files.
With SecureCircle, minimize ransomware attacks to annoyances similar to SPAM email. Annoying and not productive, but nothing making CNN and TMZ headlines.
Audits, by nature, are rear-view facing. In many cases, that may be fine (i.e., income tax audit and process audits), but in the world of cybersecurity and data security, reliance on an external audit poses a significant business risk.
Data security and data governance, risk and compliance (GRC) goals have never aligned until GDPR. Data GRC focuses on demonstrating (reporting) the controls over who, what and when in-scope data was accessed and not primarily about securing it. Organizations need to demonstrate compliance and focus on passing an audit -- not preventing data breaches. Before GDPR, monetary fines for breaches were minor; it was more important to find ways to pass the audit so they could continue operating the business than reduce the risk of a data breach.
GDPR has shifted this paradigm by imposing substantial monetary fines in the case of a breach. As a result, organizations now focus on minimizing data loss risks rather than passing an audit. After all, there is no GDPR compliance audit like with International Organization for Standardization (ISO). The only mention of an audit within the GDPR regulation is for data processing. Compliance is self-imposed by the threat of a stiff fine that compels organizations to start thinking about compliance and security with a unified goal: to protect data.
Previous compliance standards and regulations such as ISO, Payment Card Industry (PCI), Sarbanes-Oxley (SOX), and Service Organization Control (SOC 2), to list a few, have focused on the audit.
For these regulations, organizations put in place the minimum processes and controls necessary to pass the audit. The controls may have little to no impact on data protection and privacy. The organization is solely attempting to gain compliance via a passing audit. The certificate acts as a get-out-of-jail card. If anything goes wrong, the organization says, "But we passed our audit. It's not our fault."