Why is DLP Failing
2013 was a record breaking year for severe data breaches and 2014 appears to be moving in the same direction. When studying these patterns, it’s important to understand that it’s the degree and severity of the incident (i.e. Target), not the rate of occurrence that makes news.
According to the Ponemon Institute, the average cost of a data breach is $188 per record with an average of $5.4 million in the U.S. and Target reports to have paid over one billion dollars in recovery damages.
A DLP solution is the last level of defense that addresses data extrusion security against advanced attacks, malware, Frenemies (employee mistakes) and unauthorized users trying to steal data.
So why is DLP failing?
For those familiar with data and security breaches, there have been several recent notable violations: EBay, Adobe Systems, Target and Neiman Marcus. In other words, hackers, malware, botnets, and employees with malicious intentions can oftentimes beat the DLP systems, overthrowing entire organizations and making market leading DLP models look primitive.
Does compliant equate to secure?
A company can be fully ‘compliant’ and still lack the necessary tools to stop a data breach. Global Payments Inc., an electronic processing company whose estimated breach will cost close to $94 Million USD was fully compliant with PCI and others.
Global Payments Inc. CEO Paul Garcia said, “I can't be terribly specific … We had security measures in place that caught it [data-breach].” He did however acknowledge that while their DLP or ‘loss-prevention’ quickly spotted and counteracted data ex-filtrated from the company, it hadn't prevented the data infraction. Garcia later admitted, “So partly it [DLP] worked and partly didn't work.”
The conclusion is simple:
The current ‘market leading’ DLP technology is outdated and unable to accomplish the fundamental function of real data protection security:
1. Requirements compliant with PCI, HIPAA, GLBA, SOX etc. are not good enough to halt a breach.
2. Hackers are five steps ahead of organization’s current security ecosystem.
3. Security & Compliance Officers are not proactive about security education.
4. The current market leading DLP cannot cover all 65,000+ ports and protocols.
5. The current market leading DLP cannot enforce policies in real-time.
6. The current market leading DLP detection engines have too many errors and false positives halting business processes.
7. The current market leading DLP costs are unaffordable.
8. The current market leading DLP can take years to fully deploy and requires multiple engineers to manage.
The function of DLP system protection is to be a precise tool that monitors and protects sensitive data. Security and compliance officers must understand and require that their DLP system is able to have answers to questions such as, “What data do I want to protect?” and “Can my DLP system classify data correctly in real-time?” or “Can I truly prevent a data breach?” Also:
- Real-time inspection of sensitive data
- 100% Detection Accuracy on fingerprinted data
- Coverage of ALL Ports ALL Protocols ALL Channels
- Plug and Play - easy to use (Unified Policy Making, Workflow, Deployment, etc.)
- Effective Data Classification – Zero False Positives
- Prevent Data Leakage
If your DLP system cannot accomplish these basic requirements, it’s time to CHANGE to or consider a different Data Loss Prevention solution which can.