An exciting first week of the NCAA tournament yielded a pretty compelling set of regional finals as down went Duke [my personal favorite as a UNC fan]. Now, let’s hope that both the real world and cyber-security Final Four showdowns are just as impressive!

In the cybersecurity #Threat16 virtual tourney, the match-ups also lived up to the March Madness hype…

The first cyber-security showdown of the week was a clash of the titans as Unseen Data Loss and Insider Threat squared off, representing two of the biggest issues facing any security organization in today’s environment. Obviously these issues are also closely related as the most problematic issue related to the Insider Threat issue is most often some form of resulting data leakage.

However, at the end of the day, it was all about protecting the ball (or data) and having good court vision (or knowing/not knowing when the data is gone). Insider Threat is a big deal, but at the end of the day data exfiltration itself remains the game breaker.  It is for that reason we saw Unseen Data Loss take the W, much like Michigan State reigned victorious against Zion, oh I mean Duke.

Multi-stage Threat and Targeted Attack are also closely related but no matter how a targeted an attack is, it is always going to involve multiple stages.  So how do you choose a “winner” here? It’s a fine line and a hard-fought battle of cyber-security perception. The main issue of differentiation is still down to visibility and the potential for mitigation.

No single security platform is likely to stop a killer multi-stage attack, so, target or no target, the broader category of threat takes the win in this match-up, just like the broader skill-set of Virginia helped them reign victorious against Purdue.

Probably the most important match-up so far in #Threat16 was Symantec Information Centric Analytics (ICA) v. Standalone DLP.  For those not already in-the-know, ICA, powered by Bay Dynamics, is delivered to Symantec customers via a dedicated OEM partnership between our two companies.

Some might argue that this is the UNC v. Duke rivalry of cyber-security.  That being said, given the complexity and ever-changing nature of data usage, along with related policies, standalone DLP remains challenged. It typically generates a lot of alerts, challenging users to hunt down real problems efficiently.

Importantly, ICA integrates with DLP and numerous adjacent platforms to help prioritize and respond to emerging threats (just like UNC being a stronger, more experienced team helped them beat Duke two-out-of-three times they played this year, which is worth noting whenever humanly possible). So, in this case ICA takes the “V”.

The last match-up of the Threat16 Elite Eight was Platform Integration versus Distributed Dashboards.  While dashboards remain a central element of  gaining efficiency in threat prevention, Platform Integration is the bigger effort that makes everything smarter.

Efficiency and smartness... two qualities many might say Auburn possesses this year in making a huge run  in March Madness thus far as fifth-ranked team.

Continue to follow us on Twitter at, on LinkedIn at to follow the elite eight teams as they complete their run on the road to the #Threat16 Final Four.