The Problem with DLP
Dtex Systems, the developer of SystemSkan recently did a review with several clients to look at the reasons why Data Loss Prevention (DLP) fails.
“Despite spending billions on DLP technology, enterprises still leak data every day. We repeatedly hear the same stories from companies struggling to get value out of DLP,” says John Mc Loughlin, Managing Director of J2 Software, the African distributor of SystemSkan.
He adds that Dtex Systems’ discussions with customers, as well as further investigation about DLP, highlighted the following common points:
DLP IS HEAVY - Huge agents bog down computers, choke networks, and require massive servers to deploy. Many companies have reported ripping out DLP after small installations fail.
DLP LACKS VISIBILITY - What files were on a lost laptop? What data did a user take when they resigned? Or even something simple like how many people try to use USB devices? DLP fails to answer even these most basic questions.
DLP RULES ARE COMPLEX - Most organisations can’t afford the large team it takes to configure and maintain the complex rules in a typical DLP deployment. Instead, companies fall back to a few basic, intrusive rules (e.g., “block all USB devices” and “no usage of Facebook”).
DLP IS UNFAIR - DLP penalises everyone because of a few bad actors. DLP makes good employees less efficient and - if anything - encourages them to explore riskier ways of working.
DLP MISSES A LOT - In nearly every risk assessment performed, it was found that DLP systems are not performing as they should. DLP tells you what it catches, but has no way to identify and learn from data loss that it misses.
DLP OFTEN JUST DOESN’T WORK. Despite all the time and effort, it’s still relatively easy for employees to take data out of an organisation. The proliferation of “bring your own device” (BYOD) policies and cloud services have made organisations more porous, not more secure.
The biggest threat still comes from the trusted insider. Your users cause your biggest losses - whether they are malicious or through ignorance. New stories show that the failure of DLP calls for a new approach to protecting against the insider threat,” Mc Loughlin adds. “Global companies are finding success catching insiders using the unique visibility provided by Dtex Systems. By focusing on lightweight, enterprise-wide visibility, Dtex SystemSkan provides answers and focus where DLP provides rules and complexity.
According to Mc Loughlin, J2 Software has found that adopting the Dtex approach is better because:
Dtex is Light – Dtex SystemSkan has 0.1% network impact and users see no difference when it’s installed.
Dtex provides full visibility – From the moment it is installed, you get real time visibility into the files and data users’ touchpoints, the applications they run and sites they visit – both on and off the corporate network.
Dtex models human behaviour – Dtex monitors changes in behaviour that indicate a user is preparing to steal data. Prediction, not prevention through behavioural analytics.
Trust but Verify – Dtex allows you to move away from “lock and block” to “trust but verify”. Don’t punish the whole company for a few bad apples.
See what your logs miss – If you rely on log files to stop the insider threat, you’re missing critical data needed for successful analytics and investigations.
Dtex Works – the lightweight, highly scalable system provides true user visibility across all companies, whether you are an SME or one of the largest global organisations.
For more information visit www.j2.co.za or email