Mitigating Data Loss
The average organizational cost of a single data breach is close to $7 million.* In today’s world of cyber attacks, identity theft, and espionage, breaches have become all too commonplace for corporate, as well as government, entities. Organizations can no longer ignore the importance of protecting their valuable, sensitive data.
Those that fail to be proactive face not only expensive direct cleanup costs, but also loss of customer confidence, which has long-lasting consequences. The sooner an organization knows about a potential breach, the faster it can take steps to mitigate any damage and prevent further compromise.
Lancope’s StealthWatch System – the leading flow-based security, network and application performance monitoring solution – provides continuous enterprise-wide visibility into host behavior down to the user identity level and meets the following best practice requirements for mitigating data loss:
Instant notification when a data breach occurs
The moment an abnormal amount of data begins to leave the network, StealthWatch issues a Suspect Data Loss alarm identifying which host uploaded the data, the amount of data, and the destination.
Not dependent upon packet-level data
HTTP/HTTPS traffic constitutes the largest amount of traffic crossing a network and is the greatest source of data loss. Traditional tools detect data loss by looking for sequences of digits leaving the network – employee identifications, credit card numbers, Social Security numbers, etc. This kind of information is difficult to detect, especially if encrypted, even with packet-level visibility. However, StealthWatch leverages flow telemetry from routers and switches to detect data loss, eliminating the need to look at actual data. Therefore, no probes are needed.
Indifferent to encryption and cost-effective
StealthWatch works with any protocol and data format, even encrypted, right out of the box. Data loss is immediately apparent without the added expense and ongoing maintenance of deploying multiple probes throughout the network. A single person can easily monitor an entire organization.
Drill-down functionality for investigation and forensics
Having full view of a network is not enough. Data loss solutions must also allow an organization to quickly and easily pinpoint trouble spots and navigate to detailed information about the precise users, applications, and conversations involved in the breach. Providing a wealth of context, StealthWatch enables enterprises to quickly identify the source of a breach, including user name, the amount of data transferred, the services that were used, how long the breach lasted, and if it was a recurring event.
Visibility across the entire network, physical and virtual
Traditional data loss tools offer only a single-point solution, giving limited visibility into the network and performing only a single function. In contrast, StealthWatch provides a bird’s eye view of the entire network – both physical and virtual – where it sees all traffic entering, leaving, and traversing the network. In addition to data loss information, StealthWatch displays real-time network and security information about all segments of the network, such as overloaded interfaces and worm propagations.
Behavior-based rather than signature-based
Tools that rely on signatures cannot identify behavior that has never been seen before. Using its patented flow-based approach to analyzing network behavior, StealthWatch monitors all active hosts on the network, and establishes a baseline of what constitutes a normal level of Internet traffic for each host. When a host suddenly exceeds that baseline, the system instantly generates an alarm.
An effective data loss solution must enable the organization to respond as soon as a breach is detected. By allowing immediate mitigation action, from triggering deeper analysis to blocking a specific transaction, StealthWatch offers administrators increased control over their networks. All mitigation actions can be set and adjusted as needed.
Finally, a data loss solution must allow organizations to establish exceptions to the general rules regarding data breaches. For example, it may be perfectly normal for a particular host to send five megabytes of data to a host in China, whereas any amount beyond that should be cause for concern. Alternatively, it may be acceptable for a host to send gigabytes of traffic to a business partner in a single day. StealthWatch’s tolerance settings give organizations the flexibility to establish rules that allow these kinds of exceptions, which are crucial in helping organizations adhere to corporate policies while following compliance regulations.