What Is Data Security Intelligence?
Data Security Intelligence (DSI) provides highly automated technology solution for the collection and correlation of information about sensitive data, continuous risk monitoring risk , analytics to identify high risk areas, threat detection, and delivery of highly actionable insights to prioritize remediation actions. DSI goes beyond traditional analytics by incorporating advanced methods such as machine learning and statistics, to turn uncovered patterns into strategic recommendations for reducing, or eliminating, sensitive data risk. The result is lower false positives and negatives than those based ONLY on policy or rules-based approaches.
- Visibility into sensitive data risks
- Sensitive data classification, discovery, and proliferation analysis
- Continuous risk monitoring based on multiple risk factors
- Detection of high risk conditions
- Identification of anomalous user activities around sensitive data
- Actionable insights to prioritize remediation efforts
Visibility Into Sensitive Data Risks
Visibility into sensitive data risks across the enterprise enables organizations to answer questions about:
- What sensitive data exists in my organization?
- What is its level of sensitivity?
- What are the regulations impacting my sensitive data assets?
- Where is all my sensitive data located?
- Where is it proliferating?
- Who has access to it?
- Who are accessing it?
- Is it protected?
- What is the cost accidental exposure of those sensitive data?
- How can I minimize my sensitive data risks?
Classification, Discovery, and Proliferation Analysis
Automated classification and discovery of sensitive data across hundreds and thousands of data stores across the enterprise helps organizations to assess their risk of sensitive data exposure when there is a breach and provide an audit for compliance reporting. Proliferation analysis determines how much the threat surface has increased due to more and more copies of sensitive data being created. Another copy of sensitive data is created whenever it flows within an enterprise or across partners and exchanges. Another copy of sensitive data may also be created when it is accessed in reports, in excel spreadsheets, or exported to documents.
Continuous Risk Monitoring Based on Multiple Factors
DSI provides a standardized way to measure risks for each data store, group, department, and across the organization. This is done by calculating risks based on a customizable, weighted set of factors that is consistently tracked over time and across the enterprise. Some of the factors that can be incorporated are:
- # of sensitive data domains
- Level of sensitivity
- Level of protection
- Volume of sensitive data
- # of users who have access
- Level of activity
- Level of proliferation
- Cost / Value of data
In this way, organizations can track improvements over time as the InfoSec team deploy data security controls to reduce or contain risks.
Detection of High Risk Conditions
Organizations may not be aware when data security policy has been violated due to a user activity or a data management task. DSI enables the definition of policies to detect high risk conditions, such as sensitive data leaving a highly regulated country, or when sensitive data is accessed by an individual outside its country of residency to deliver alerts to security staff who can investigate or deploy remediation methods.
Identification of Anomalous Activities
With collection of user activity logs against sensitive data, DSI also delivers analytics to more easily identify anomalous user activities. For example, a sudden high volume or number of download activities from a user who has been inactive in the past, against a data store containing sensitive customer information will show a spike in a trend line for that user. A highly active user may also show unusual activities against data stores that s/he does not usually access. With information about user groups and departments, DSI also identifies users who have too much privileges for specific data types.
Actionable Insights to Prioritize Remediation
The wealth of information that DSI gathers around sensitive data provides insights and identification of patterns that would not otherwise be uncovered and helps IT organizations to define better strategies to protect their sensitive data assets. With DSI, you can track the top areas (users, groups, departments, data stores) that have the highest risks and should have the highest priority for investigation or remediation actions.
For more information about Data Security Intelligence solution, go to Informatica Secure@Source and attend our webinar on Feb16th, 2016 on the The Foundation for Data Visibility, Risk, and Financial Impact.