July 31, 2015 By Mark Wah 3 min read

The Data Breach Triangle

Too often, companies will invest in preventing the exploit through detection tools, identity and access management (IAM), vulnerability managers and so forth. But there’s not enough focus on core data security: encryption, data activity monitoring and data loss prevention, among other protection solutions. To have a balanced approach, you have to invest in all areas.

About Data Activity Monitoring and Data Loss Prevention

Let’s take a look at two complementary technologies: data activity monitoring (DAM) and data loss prevention (DLP).

DAM solutions should continuously monitor all data access operations in real time to detect unauthorized actions based on detailed contextual information — the who, what, where, when, and how of each data access. These solutions must be able to react immediately to prevent unauthorized access or suspicious activity by privileged insiders and potential hackers, plus automate data security governance controls in heterogeneous enterprises. With the right architecture, DAM can improve security and support compliance requirements through a set of core capabilities while also minimizing total cost of ownership.

Back in 2009 when DLP was the buzzword in the security industry, DAM and DLP shared the limelight. At the RSA Conference, main-stage talks were focused on DLP. Everyone thought it was the silver bullet for data security. But as time marched on, people realized it was a security pitfall – and that DLP alone was not sufficient enough. DAM and DLP needed to work together.

DAM and DLP certainly share some similarities: For example, both solutions focus on the data and its associated context, behavior and activity, in addition to content awareness. Both are well-suited in meeting compliance requirements like PCI, HIPAA and SOX.And both help with the involvement of line-of-business (LOB) owners.

But the offerings also have their differences. DLP is focused mostly on perimeter activities: the outbound network, endpoints, etc., while DAM focuses on the source of the organization’s crown jewels, usually in databases and data warehouses. DAM solutions have better visibility into the movement of sensitive data from the source to the next hop — applications, privileged users, spreadsheets, etc. DAM also includes the very granular context and behavior surrounding the data. Essentially, DLP concentrates on data at rest on database solutions, while DAM monitors data at rest, access and usage through SQL transactions, privileged users, etc., and even applies DLP concepts by blocking, masking or quarantining risky traffic.

A Porous Security Perimeter and Data Security

The modern-day perimeter has become extremely difficult to secure due to IT mega trends around cloud, mobile and big data, and first generation DLP capabilities simply have not kept up with some of the challenges. Businesses need a solution that includes current techniques and is able to integrate with DAM. It’s important to choose the DAM technology that can keep up with recent mega trends, work in real time and enable you to deploy with the least amount of overhead.

Learning about the most common data protection pitfalls can help organizations recognize their security weaknesses and improve their defenses. Watch the on-demand webinar “It’s 2 a.m.: Do You Know Who’s Accessing Your Sensitive Data?” to learn more about securing your critical assets and preventing data breaches with core data security.

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today