I would suggest statistical methods (including machine learning): First, outlier detection. Then, approaches like “Association rules” (=not statistics to explain all the variance in a dataset but to find out tiny observations): for instance, they are useful for DNA prediction of diseases (one or two SNPs among millions of them), a forensic task.
When fraudsters know a tool (a template, a program), the solution is no longer valid. Research is the answer (research software rather than “production” software like in accountability). I mean, research as a step beyond production (only useful in the short term).
Search for a product comparison in Data Loss Prevention (DLP)
This is an inside-out --- outside-in --- inside-in question, as an insider can be an outsider as well. There is no short answer other than a blend of a PAM tool with Behavioral Analytics and Endpoint Management, to protect credentials, govern activities, and detect abnormal activities.
I have about 40 questions I would ask before spitting out a single solution. Without knowing more about your environment I would be slow to start throwing possible solutions, as this will take you days to sort out the differing capabilities and features. You can start by looking at the Gartner Quadrants for PAM tools like BeyondTrust, CyberArk, Centrify, Thycotic, MicroFocus and others. If you spear your specific requirements you may miss bigger threats in your circumference, so use a net, and remedy the surrounding threats in this process.
Director InfoSec and Audit at a manufacturing company with 1,001-5,000 employees
Real User
Top 20
2020-12-26T18:22:20Z
Dec 26, 2020
You'd need to break out better what you consider to be the types of insider threats. There is fraud; very different in an application system than insider activity that may be simply malicious or results in data loss. You need to identify a baseline of normal activity for each user across files, network, user behavior and the endpoint; correlate abnormal behaviour and lean false positives; that is your software and/or the CyOps team supporting you must.
Doing that begins to give you some use cases that you can then test to determine if they are important to you and can be supported by your choice(s) of solutions. There may not be one, there may be layers needed, but depending on your choice you may be able to get more in one than with other options. Feel free to contact me off list (LinkedIn) if you'd like a matrix that could be used in a product comparison.
Account-Manager at Consist ITU Environmental Software GmbH
Real User
Top 5
2020-12-30T18:03:49Z
Dec 30, 2020
Hello All,
I hope you had a merry Christmas.
In this case it is as simple as it is. Just take Proofpoint ObserveIT - many companies in the public and financial sector have been using it for years. By the way, it has GDPR conformity, that's especially interesting if you want to go for the EU or California. It's easy to install, easy to administer, and comes with a huge number of use cases. So the need for customizing is reduced to minimum. It prevents, detects, alerts and tracks all inputs with a minimum of storage needed.
Few Steps Phase 1, define the architecture and monitor all high-privileged users with the default setup. Then work with Proofpoint or local support to define gaps and customize use cases (only a few days)
Phase 2 roll out to next group of users and so on.
I apologize for this non-technical answer, but sometimes it really is this simple. You don't need to invent the wheel a second time :)
Would like to wish everyone here a Happy New Year this way. Please stay healthy
Hi Professionals,
I am a Manager of Data Security Services at a large bank.
I am looking for a capability comparison between Broadcom Symantec DLP, Proofpoint DLP, and Microsoft Purview DLP. Any comparison reports provided between these products are appreciated.
Thank you for your help.
Network Security Services at ACE Managed Securty Services
Mar 23, 2023
Data loss prevention (DLP) is an important security technology that can help organizations protect their data from unauthorized access, misuse, and data loss. DLP solutions are designed to detect data breaches and alert companies about the possible security risks associated with data storage. They can be used to block data transfers or restrict access to data stored in cloud-based data stores. In addition, DLP solutions can be used to monitor data usage and detect malicious behavior such as data theft or data leakage. By implementing data loss prevention technology, companies can protect their data from external threats and unauthorized access.
When it comes to Email Cloud Security, Symantec DLP, Proofpoint DLP, and Microsoft Purview DLP are all strong contenders. But which solution is the right one for you? Well, that depends on your specific needs. If you prioritize ease of use and scalability in your Email Cloud Security solutions, then Symantec DLP is the right choice. If, on the other hand, you value data privacy and protection then Proofpoint DLP is a better option. Finally, Microsoft Purview DLP stands out for its comprehensive analytics tools that give users greater insight into their Email Cloud Security performance. So which Email Cloud Security solution do you pick? Choose wisely! It could make all the difference.
Hi peers,
This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.
Articles
Check the top products and solutions below (selected based on peer reviews) or contribute your own article!
Top Security Orchestration Automation and Response (SOAR) Solutions
Top 8 Data Loss Prevention (DL...
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why.
You can read user reviews for the Top 8 Data Loss Prevention (DLP) Tools t...
I would suggest statistical methods (including machine learning): First, outlier detection. Then, approaches like “Association rules” (=not statistics to explain all the variance in a dataset but to find out tiny observations): for instance, they are useful for DNA prediction of diseases (one or two SNPs among millions of them), a forensic task.
When fraudsters know a tool (a template, a program), the solution is no longer valid. Research is the answer (research software rather than “production” software like in accountability). I mean, research as a step beyond production (only useful in the short term).
This is an inside-out --- outside-in --- inside-in question, as an insider can be an outsider as well. There is no short answer other than a blend of a PAM tool with Behavioral Analytics and Endpoint Management, to protect credentials, govern activities, and detect abnormal activities.
I have about 40 questions I would ask before spitting out a single solution. Without knowing more about your environment I would be slow to start throwing possible solutions, as this will take you days to sort out the differing capabilities and features. You can start by looking at the Gartner Quadrants for PAM tools like BeyondTrust, CyberArk, Centrify, Thycotic, MicroFocus and others. If you spear your specific requirements you may miss bigger threats in your circumference, so use a net, and remedy the surrounding threats in this process.
You'd need to break out better what you consider to be the types of insider threats. There is fraud; very different in an application system than insider activity that may be simply malicious or results in data loss. You need to identify a baseline of normal activity for each user across files, network, user behavior and the endpoint; correlate abnormal behaviour and lean false positives; that is your software and/or the CyOps team supporting you must.
Doing that begins to give you some use cases that you can then test to determine if they are important to you and can be supported by your choice(s) of solutions. There may not be one, there may be layers needed, but depending on your choice you may be able to get more in one than with other options. Feel free to contact me off list (LinkedIn) if you'd like a matrix that could be used in a product comparison.
Hello All,
I hope you had a merry Christmas.
In this case it is as simple as it is.
Just take Proofpoint ObserveIT - many companies in the public and financial sector have been using it for years.
By the way, it has GDPR conformity, that's especially interesting if you want to go for the EU or California.
It's easy to install, easy to administer, and comes with a huge number of use cases. So the need for customizing is reduced to minimum. It prevents, detects, alerts and tracks all inputs with a minimum of storage needed.
Few Steps
Phase 1, define the architecture and monitor all high-privileged users with the default setup. Then work with Proofpoint or local support to define gaps and customize use cases (only a few days)
Phase 2 roll out to next group of users and so on.
I apologize for this non-technical answer, but sometimes it really is this simple.
You don't need to invent the wheel a second time :)
Would like to wish everyone here a Happy New Year this way.
Please stay healthy
Best Regards
Norman
In addition to responsesfrom Xavier Suriol and reviewer1324719, also consider ObserveIT from Proofpoint.