If you've been to the expo floor of any cybersecurity industry conferences, you might have seen the seemingly unending rows of booth after Booth.
All of them will claim to help with cybersecurity, but in order to choose the products that would be effective in stopping data breaches, it is important to understand the basic categories and classes of data security products.
Part three goes over the data security market.
It explains why intrusion, prevention, intrusion, detection and anti virus are not enough.
It goes over the classic categories of information protection products, such as information rights management did a loss prevention, digital rights management and a new category of product called Data Breach Prevention. You don't see new product categories every day, so it should be interesting.
Intrusion prevention products have classically blocked threats and contained their damage,
while intrusion detection products have classically found threats and responded to them.
Anti virus is specifically for looking for malware and stopping malware.
A data centric approach is needed to stop data breaches.
These products that stopped inner peaches should focus on data regardless of the avenue of attack.
For example, zero days malicious insiders, malware or stolen laptops
in this example, I PS and idea smite stop
zero days and anti virus might stop malware. But what's the point of all these products if the human
malicious insider or even human errors can still cause data to be breached?
A classic example is Edward Snowden at the National Security Agency and NSA probably had a lot of high end technology to detect malware and stop zero day exploits. But what about Edward Snowden? It was a very low tech attack. He just took the data, copied it and walked out with it.
If S a was using a data centric approach, they would have been able to stop. Edward Snowden
Information Rights Management Algorithmic Lee protected data through custom application specific plug ins.
This means that the Iran vendor can only protect what they know about leaving security gaps in the products that they do not know about and therefore cannot protect.
The holistic information security solution should have compatibility with unknown software and unknown file formats because not all the file formats in the world are known to or I'm going to be known to in Iran vendor.
An example is ah, hospitals custom medical imaging application, which could read scans from Let's Say, M R I machines. And let's say the vendor has also gone out of business.
Chances are that the imaging application was not known to the Iran product when the imaging vendor was in business.
Now that the imaging vendor has gone out of business, there is a near certainty that the Iran product will not protect the imaging application.
A generic approach that does not need to know about what is protecting would have closed the security gap.
Data loss Prevention uses signatures to scan for sensitive data and often requires human analysts to waste their valuable time looking at repetitive alerts, which may contain false positives and false negatives.
In the cyber security space. Human analysts are in short supply due to the cyber security skills gap, making human analyst time extremely valuable.
Human analysts should be doing more important and intelligent things than looking at repetitive alerts, which can be easily automated by the security product.
I duly, there would not even be any alerts to look at
deal pecan, protect structured data but not unstructured data. So the security gap would be that any unstructured data leaving the organization could possibly contain sensitive data. Even within structured file formats, Steganography would be able to bypass scanning examples were given before
in this course about
steganography and in text, for example. Also, custom file formats and custom applications cannot be protected.
That's the same problem as with Iran that we discussed.
Finally, the phrase sensitive is not even clearly defined. And Enterprises Deal Peak Team can have many meetings about the definition of sensitive for their organization, but still not come to any agreement.
Digital rights management is similar to information rights management, except that it focuses mostly on media files such as audio, video and video games. Sometimes it requires special hardware and is usually not general purpose for all file formats.
Data breach prevention is a new product category that is a mix of I R M Deal P and D R M because it takes the strengths of all of these categories, but not the weaknesses of all three categories.
It is better than I R M and D R M because it is independent of the application and file format that it's protecting, which means that it can protect applications that were not even designed to be protected by the D. B P application. DBP is better than DLP because there are no heuristics signatures or alerts
which avoid wasting valuable human analyst time,
In addition, DDP is resilient to steganography because there are no heuristics.
This is a Venn diagram overview comparing in contrast, ing the characteristics of D. V P, D. R EM Iram and Deal P.
As you can see, DBP takes the strengths of all the other product categories, but not the weaknesses.