One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8499447 |
| Date de publication | 2024-05-14 10:00:00 (vue: 2024-05-14 10:07:40) |
| Titre | Comment DDR peut renforcer votre posture de sécurité How DDR Can Bolster Your Security Posture |
| Texte | The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Today’s threat landscape is as dangerous as it has ever been. Global unrest, emerging technologies, and economic downturn all contribute to persistently high cybercrime rates and a dire need for organizations of all types to improve their security posture. There are standard ways of achieving a solid security posture that most of us will already be aware of: awareness training, regular patch management, and robust authentication methods are some examples. But in the face of increasingly frequent and sophisticated attacks, many traditional security methods are fast becoming inadequate. But this fact is no reason to panic. Tools and technologies are available that stand as a bulwark against an onslaught of both internal and external threats. The most important of these is Data Detection and Response (DDR). Please keep reading to learn more about DDR, how it can bolster your security posture, and what threats it can mitigate. What is Data Detection and Response? Data Detection and Response (DDR) is a cybersecurity solution that identifies and responds to security incidents within an organization’s IT environment. These solutions monitor data and user activity around the clock to identify and mitigate potential threats that have already penetrated the network. How Can Data Detection and Response Bolster Your Security Posture? Preventing data exfiltration is DDR’s most important function and can go a long way to bolstering your security posture. By classifying data based on its content and lineage, DDR solutions build a picture of an organization’s enterprise environment, identify the data most at risk, and establish what constitutes normal behavior. The solution can identify and act on any anomalous behavior by doing so. For example, an employee attempting to download sensitive financial information to their personal account would be deemed anomalous behavior, and the solution would either notify the security team or act to prevent the exfiltration, depending on how sophisticated the solution is. But it’s worth looking a little deeper at what we mean by classifying data: Lineage - Data lineage refers to the historical record of data as it moves through various stages of its lifecycle, including its origins, transformations, and destinations. It tracks data flow from its source systems to its consumption points, providing insights into how data is created, manipulated, and used within an organization. Content - Data classification by content involves categorizing data based on its inherent characteristics, attributes, and meaning within a specific business context or domain. It considers data type, sensitivity, importance, and relevance to business processes or analytical requirements. This distinction is important because some DDR solutions only classify data by content, which can result in false positives. To expand upon the previous example, a DDR solution classifying data by content alone would only know that an employee was trying to download a spreadsheet full of numbers, not that the spreadsheet contained financial data; this means that even if the spreadsheet contained personal, non-sensitive data, the solution would flag this to security team |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | abnormal abnormally about abstain access account achieving act activities activity additional adopt advanced against algorithms all allowing allows alone already also analytical analytics analyzing anomalies anomalous any applications apt apts are around article associated attachments attack attacks attempting attempts attributes authentication author available aware awareness based because becoming been before behavior behavioral behaviors best binaries block blocking bolster bolstering both breaches build bulwark business but campaigns can cases categorizing characteristics classification classify classifying clock coach command communication complete compromise confidential considers constitutes consumption contained content context contract contribute control corporate correlating created cybercrime cybersecurity dangerous data data: data; day ddr ddr’s deceptive deemed deeper depending destinations detect detecting detection determine dire disclosure disparate distinction dlp does doing domain download downloads downturn economic either email emails emerging employee employees encryption endorse endpoint enforcing engineering enterprise environment escalation essential establish even events ever example examples execution exfiltrate exfiltration exhibit expand exploitation exploits external extra face fact false fast file financial flag flags flow flows frequent from full function further get getting global has have help high historical how however identifies identify identifying importance important improve inadequate incident incidents including including: increasingly indicative indicators infections information inherent insider insight insights intent internal invaluable investigation investigations involves it’s its keep know known landscape lateral leading learn learning levelblue leverage lifecycle like lineage little locked login long look looking loss machine malicious malware management manipulated many mean meaning means methods misuse mitigate modification monitor monitoring more most move movement moves need needs network non normal not notify numbers of: often only onslaught organization organization’s organizations origins panic patch patterns penetrated persistent persistently personal phishing picture platforms please points policies positions positives post posture potential prevent preventing prevention previous previously privilege processes prompt protection provide provided provides providing purchasing range ransomware rates reading real reason record recordings refers regular related relevance replay requirements resource respond responds response responsibility result revealing risk risky robust rush screen security see sensitive sensitivity servers shop signs social solely solid solution solution; solutions some sophisticated source sources specific speed spreadsheet stages stand standard stealthy storage such suits sure suspicious systems team teams teams: techniques technologies them these threat threats through thwart time today’s tools track tracks traditional traffic training transformations transmission trying type types unauthorized understand unknown unrest unusual uploads upon urls use used user users various views volume vulnerabilities way ways web websites what when which wide will within workflows worth would your zero |
| Tags | Ransomware Malware Tool Vulnerability Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.