CDSA

Cyberhaven: Why Dynamic Data Tracing is More Effective Than DLP

Media and entertainment companies are increasingly turning away from legacy data loss prevention (DLP) technologies to protect their sensitive data and intellectual property, and there are several reasons why Cyberhaven’s solution that uses Dynamic Data Tracing offers M&E organizations a superior option,  according to Jared Thorkelson, director of business development for Cyberhaven.

He joined the company last year “because I really believe the technology is going to change the way people protect their data,” he said during the Dec. 1 webinar “Beyond DLP: Protecting Sensitive Data with Context and Perfect Recall.”

During the presentation, Thorkelson covered why some have given up on DLP, shared ideas around how organizations can improve their approaches with context and perfect recall, and compared DLP to, of all things, Christopher Nolan’s classic film Memento.

“It’s probably no surprise if I say DLP has sparked a spirited debate in the industry” since it was introduced about 17 years ago,” he told viewers. You might think the technology, by now, “would be mature and effective, but it’s not really the case,” he said, adding: “The technology today is pretty much the same [as] it was a decade ago, with very little innovation to drive improvement and effectiveness.”

Cyberhaven, however, is “changing the data protection landscape, kind of in the same way that endpoint detection and response tools like CrowdStrike… changed the antivirus market,” he said.

The Memento Connection

“I can’t count how many times I’ve heard about how weird 2020 has been – just a really strange year, a very challenging year in many aspects,” Thorkelson said.

Comparing DLP technologies to key concepts from the film Memento, he noted: “We wanted to lighten the mood a little bit – not that is a light movie necessarily.” The main character of the film, Lenny, has a condition in which he can’t form new memories and experiences short-term memory loss about every 15 minutes.

“We think Lenny’s condition is a lot like the condition of traditional DLP tools when it comes to memory and recall,” according to Thorkelson. Short-term memory loss is a major issue for legacy DLP technologies and that prevents them from being effective, but Cyberhaven’s solution addresses such concerns, he said.

The Problems With DLP

This is a “new era of data protection” in which the cloud is playing a key role, many people are working from home and new applications use end-to-end encryption, Thorkelson pointed out.

But “traditional DLP technologies were not created for this environment,” he said, noting “they were not created for cloud use [and] they were also not created for work from home.” Legacy DLP technologies were instead created for on-premise use.

So, companies have started looking for a different solution because “it’s really becoming more and more difficult to inspect and detect sensitive data – especially doing it the way traditional tools are doing it,” Thorkelson said.

A growing number of companies are giving up on DLP for reasons that include its policy-first approach (you have  tell it what to look for and where to look for it), its content focus to identify sensitive information, its limited visibility, complex architectures and the fact that it just ineffective, he explained.

Traditional DLP is “broken” even though the solutions offered by such technologies are “doing exactly what they were intended to do – they’re working as expected” because they were never intended to be able to deal with the cloud, encryption, work-from home scenarios and “malicious actors,” he said. Legacy DLP is instead used mainly for dealing with accidental data loss, he noted.

There is “too much user friction” with DLP, including inaccuracies and too many false positives; “too many coverage gaps” (egress only, the logging of policy violations, it’s easy to bypass and provides high false negatives); and it’s “too much effort” (with a high false positive rate, complex deployments and requires never-ending policy tuning), he added. As a result, many customers say they’d rather turn DLP off.

A Better Solution

Key DLP considerations for companies when deciding what solution to use include: Will it detect your unique sensitive data types? Will it be accurate and effective? Will content be accessible for inspection? Will you be able to manage the technology?

Dynamic Data Tracing is a fundamentally different approach that traces data use and activity across the enterprise. “It tells you the whole story about all the data activity, all the data use, all the data movement across the enterprise, in and out of the cloud,” including egress and pre-egress activity, Thorkelson explained.

The advantages that using data lineage for data protection provide include: It accurately classifies data based on context and perfect recall; automatically tracks all data, data copies and derivatives across the organization; protects all classified data in known and unknown locations with escalating enforcement actions; and improves security by educating users on data handling with in-context alerts, he said.

Memory matters because it is useful to record and reveal the entire journey of high-value data, it enables an organization to transparently trace data everywhere it goes, and it can be used to investigate and demonstrate user intent, he noted.

The key benefits of Dynamic Data Tracing, he said, are that it:

  1. Provides context and perfect recall that result in greater accuracy.
  2. Offers comprehensive coverage and visibility into all data use, activity and movement.
  3. Supports growing cloud use and working from home.
  4. Is encryption agnostic and inspects before encryption.
  5. Provides a simple, Software-as-a-Service (SaaS)-based solution that is easy to deploy and manage.

During the Q&A that followed the nearly one-hour presentation, Thorkelson noted that Cyberhaven values privacy and the company does not monitor the user’s activity. Its solution monitors how data is used but does not monitor the user of the data, he said.