One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8362263 |
| Date de publication | 2023-07-27 10:00:00 (vue: 2023-07-27 15:06:47) |
| Titre | Ce que vos pairs veulent savoir avant d'acheter un outil DLP What your peers want to know before buying a DLP tool |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Preventing data loss is a concern for almost every organization, regardless of size, especially organizations with sensitive data. Organizations, now more than ever before, rely on voluminous amounts of data to conduct business. When data leakage or a breach occurs, the organization is forced to deal with the negative consequences, such as the high cost associated with data breach fines and remediation and reputational harm to their company and brand. Data loss prevention (DLP) solutions help mitigate the risk of data loss. Losses can occur as a result of insider-related incidents (e.g., employee theft of proprietary information), or due to physical damage to computers, or as a result of human error (e.g., unintentional file deletion or sharing sensitive data in an email). In addition to the various ways an organization might experience data loss, mitigating the risk of loss requires the right people, processes, and technology. Meeting the technology requirement can be a challenge when it comes to selecting the right DLP solution. During the vendor exploration and evaluation phases, there may be questions about whether it makes sense to invest in a solution that protects the network, endpoints, or the cloud or whether it’s better to select a solution that protects the enterprise and takes into account the hybrid nature of many organizations. Data classification and labeling The decision to invest in a DLP solution should be informed by sufficient research and planning with key stakeholders. This blog will discuss three additional things you should consider before making such an investment. Let’s begin with the types of data an organization collects, stores, and analyzes to conduct business. To have a successful data loss prevention program, it’s important to identify all types of data (e.g., financial data, health data, or personally identifiable information) and to classify the data according to its value and the risk to the organization if it is leaked or exfiltrated. Data classification is the process of categorizing data to easily retrieve and store it for business use. It also protects it from loss and theft and enables regulatory compliance activities. Today, systems are more dispersed, and organizations have hybrid and remote workforce models, so it is critical to protect data regardless of where it resides or with whom it is shared. This kind of protection requires properly classified and labeled data. Automated data classification is foundational to preventing data loss. It is the best way for organizations to fully understand what types of data they have, as well as the characteristics of the data and what privacy and security requirements are necessary to protect the data. Properly classifying data also enables the organization to set policies for each data type. Techniques to identify sensitive data DLP solutions detect instances of either intentional or unintentional exfiltration of data. DLP policies describe what happens when a user uses sensitive data in a way the policy does not allow. For example, when a user attempts to print a document containing sensitive data to a home printer, the DLP policy might display a message stating that printing the docu |
| Envoyé | Oui |
| Condensat | able about according account accurately actions activities activity addition additional adopt after alerts all allow almost also always among amounts analysis analytics analyzes another any are article associated at&t attempts author automated based because before begin behavior best better between block blocking blog brand breach business but buying can capabilities capability categorizing challenge challenging characteristics classification classified classify classifying clear cloud collects combining comes company compliance computers concern conclusion conduct consequences consider containing content context contextual contrast controls cost critical damage data deal decision define deletion describe detect developed discuss dispersed display dissatisfied distinctions dlp document does due during each easily effective either email employee enables endorse endpoints enterprise entirely entity environments error especially evaluation ever every example exfiltrated exfiltration experience exploration extra false feature features file financial fines focus forced foundational from fully gap gartner given goals happens harm have health heavily help high home how human hybrid identifiable identify important incident incidents include includes information informed initiatives insider inspection instances intentional invest investing investment it’s its key kind know knowledge labeled labeling leakage leaked let’s lineage logical longer loss losses makes making many market may meeting message messages methods might migrated minimizes mitigate mitigating models modern more nature necessary negative network next normal not note now nuances occur occurs offers only options organization organization’s organizations out peers people perform performs permissible personally phases physical planning policies policy pop positions positives post practices premises prevent preventing prevention print printer printing privacy procedures process processes program properly proprietary protect protection protects provided provides purchasing quarantining question questions recommends regardless regulatory related relies rely remediation remote reputational requirement requirements requires research resides response responsibility result retrieve rich right risk security select selecting sending sense sensitive set shared sharing should size solely solution solutions sometimes specific stakeholders standards stating store stores successful such sufficient systems takes techniques technology than theft these things three today tool tools traditional trends type types ueba understand unintentional use useful user uses using value variables various vendor very views violates violations visibility voluminous want warnings way ways well what when where whether whom will workforce your |
| Tags | Data Breach Cloud Tool |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.