The trouble with legacy DLP tools… and how to solve it

Share with your network!

(Updated 7/21/2022)

Legacy DLP tools, configured manually with rules that lack granularity, generate a lot of noise and burden Security Operations Center (SOC) teams. According to a Critical Start survey, 68% reported that 25-75% of the alerts they investigate are false positives. This is worrying in this age of mounting mandatory privacy legislation, and 23% projected data growth. 

Legacy DLP tools fall short of the mark, especially when detecting and investigating incidents. They lack context on user intent, e.g., what happened before and after the incident. Context on whether the user is malicious, compromised, or just careless makes a difference in how you respond to an incident.

Huge reduction in false positives 

Legacy DLP solutions assume a world in which data is structured and regulated. They depend on simplistic algorithms and dictionaries, which must be maintained over time to identify sensitive data. They are great for detecting data with a standardized format, such as social security or credit card numbers. But sensitive data is not always so predictable. Think of a legal document, like a contract, source code for a software product, or even the contents of employee emails. This content does not always have a uniform structure, making it hard for simplistic tools to identify it.

Based on our experience at customer sites and modern DLP use cases, Proofpoint reduces false-positive DLP alerts and can lower customer operational costs by about 80%. Pointedly, we can eradicate up to 90% of false positives and guarantee at least 50% eradication. How do we achieve this?  

Steps to protection 

Generally, a cybersecurity team doesn't know which marketing documents contain sensitive information. They will have to involve the marketing team to find out. At the pace at which data is created today, they would have to ask constantly. Multiply this across other areas of the organization and it becomes a mammoth task, adding layers of stress to an already demanding and vital role and impacting productivity.  

We've addressed these problems and eradicated false positives with our AI-powered information classification and protection solution and a simple three-step process delivered by our professional services. Firstly, we assess what needs to be protected. All data is not created equal and while there are huge quantities of files today, not all of them need to be protected. Documents such as board meeting minutes, sales insights and customer information are sensitive. 

By using an automated data labeling tool, identified documents are automatically labelled. Proofpoint's AI engine then creates automated data protection policies, which can scale securely and reliably, to safeguard sensitive documents. The ability to scale is important given the rate at which data storage is growing.  

Problems melt away when you optimize your DLP tools

The AI-generated custom DLP dictionaries are tailored to identify specific critical document types and sets. You can push these dictionaries to any DLP module on the Proofpoint Information and Cloud Security platform. These modules span email, cloud, endpoint and web. This kind of integration minimizes false positives. And it reduces your security analysts' workload. The layered approach enables your DLP controls to protect files in motion immediately. In addition, the platform provides context on content, threats and user behavior in a user timeline view to help security analysts accelerate DLP investigations. 

When DLP tools are augmented with advanced AI-powered data classification specifically created for data loss prevention, you will find management difficulties simply melt away, replaced with effortless, reliable, smoothly functioning document protection. Isn't this what data loss prevention should be about?