February is now upon us but 2019 is still young and presents an opportunity for departments from the SOC to the boardroom to review existing tools and processes to determine any gaps – or to identify resources that may need to be retired to make room for something new. In so doing, security teams will likely find existing processes and workflows that can be automated to help free up resources, in particular analyst hours, for use in other programs.
One key area that is typically ideal for such automation is DLP incident remediation, wherein native DLP capabilities can be integrated with automated user and entity behavior analytics (UEBA) to appreciate significant benefits.
The case study of how Bay Dynamics helped a leading global media and telecommunications customer successfully improve DLP efficiency with analytics provides valuable insights for other practitioners to learn from.
The involved team had found over time that it needed a means of extending the value of DLP data to address incidents more efficiently and was seeking a way to create automated remediation workflows – without bringing on additional resources or expertise.
The team already had a strong DLP offering in place, now all it needed was the right UEBA technology to provide detailed contextual awareness that could accelerate and prioritize management of emerging incidents and insider threats.
This customer found what they were looking for with Bay Dynamics Risk Fabric which allowed:
- Direct integration with DLP to allow for user-based analysis, reporting, and escalation of policy violations that indicated high levels of risk to sensitive assets and data
- Rapid analysis of large volumes of DLP alerts, across existing classes of users, data and systems, to pinpoint identification of problematic issues and refine related policies
- Triggering of automated remediation workflows including end user security training for employees that repeatedly violate low-level DLP policy thresholds
- Customizable dashboards designed for communication of relevant metrics and results with numerous stakeholders, from security analysts to line of business executives
With the combined DLP and Risk Fabric solutions deployed, ultimately the team saw an immediate increase in the volume of incidents analyzed, along with a sharp decrease in those issues requiring manual investigation.
By employing advanced analytics at the front of its data security systems, leveraging user behavior detection and machine learning to more effectively separate actual threats from inefficient policies and unintentional violations, internal stakeholders were able to focus remediation efforts on truly critical risks.
And equally important, all of this was accomplished while reducing the overall number of analysts focused on full-time DLP alert investigation, liberating those workers for use on other strategic projects.
You can read more details on just how this global company optimized DLP using Risk Fabric in this case study.