Data Loss Prevention
Growing security threats and breaches are caused by legacy data loss prevention (DLP). Legacy DLP is a liability since it contributes to an increase in endpoint threats and malicious insider attacks that occasionally occur accidently. Additionally, because to the limits of old DLP, many files, cloud workloads, software-as-a-service (SaaS) apps, and code repositories used by business tech stacks rely on endpoints to authenticate them.
Cybercriminals are constantly looking for new attack vectors to exploit as virtual workforces grow. The greatest strength that businesses need today is an interesting flaw of legacy DLP: treating every computer and human identity as a new security boundary.
Employees are working across a wider range of networks from more locations than ever before thanks to hybrid and remote workforces. Legacy DLP does safeguard data, but it falls short in securing the endpoints that are becoming more complex and the threat vectors that are growing the fastest. According to CrowdStrike, businesses are investing billions of dollars in DLP. By 2026, it is anticipated that spending will exceed $6 billion. Unfortunately, a lot of businesses do not experience the ROI they had hoped for from DLP systems.
Why DLP isn’t evolving to meet the needs of businesses
“Data loss prevention has suffered from a lack of innovation, and legacy tools have failed to live up to the promise of preventing breaches. At the same time, the endpoint has become the focal point for how data is accessed, used, shared, and stored,” George Kurtz, cofounder, and CEO of CrowdStrike.
He commented during his recent Fal.Con keynote that customers often complain about DLP and ask, “Can you help us, we got to get off this thing? We’re over a barrel by our current vendor because they keep charging us more money even though they haven’t done anything with it.”
Enterprises are disappointed with DLP and cloud access security broker (CASB) solutions that do not fully satisfy their security requirements, including zero trust, according to a report by Forrester and Code42. DLP and CASB were frequently first purchased to regulate user access to data and satisfy compliance obligations.
Unfortunately, DLP systems have a bad record for being overly challenging to set up and maintain while also failing to provide additional protection throughout the tech stack. They are also known for setting off erroneous alarms. Finding professionals with experience in legacy DLP is difficult due to the persistent labour scarcity that is affecting the cybersecurity industry.
The limitations of legacy DLP begin at the endpoint.
“Despite the growing risk to data via the endpoint, there has been very little innovation in the data protection market over the years. Practically, every customer conversation I have on data protection revolves around the failures of data loss prevention (DLP) technology and how it’s become a black hole with little return when it comes to security budgets,” Michael Sentonas, CrowdStrike CTO.
Customers of the cybersecurity firm CrowdStrike spoke with VentureBeat during the Fal.Con 2022 conference about their DLP experiences and future goals. Nearly every client emphasised how difficult it is to work with DLP’s shortcomings, which start with its dependency on a complicated collection of pre-configured rules and behavioural factors.
The biggest flaw with historical DLPs, according to some CrowdStrike customers, is that they were built to safeguard data before user identities. It is impossible to detect insider threats like as misuse of privileged access credentials, efforts at social engineering, and deliberate and inadvertent system sabotage by creating a system that is just concerned with safeguarding data.
Legacy DLPs are used by malicious administrators and privileged users to get around and occasionally disable pre-configured rules and logic. Accordingly, the main cause of breaches is frequently innocent administrators who make mistakes when installing intricate vintage DLP systems. The likelihood of an error increases as CISOs and their teams work to defend more intricate cloud installations with DLP. In fact, according to Gartner, end user errors or misconfigurations will account for more than 99% of cloud security breaches through 2025.
DLP improvement with no trust
Zero-trust network access (ZTNA), which enables least privileged access to the data, device, and identity levels, must be included into the platform’s core for DLP to continue to advance. Leading suppliers in this field include Symantec by Broadcom, Microsoft, NetSkope, Spirion, Palo Alto Networks, SecureCircle, Cloudflare DLP, and others.
“Almost all of the traditional data loss prevention products on the market ultimately force traffic to go through a central location, which impacts network performance,” Matthew Prince, Cloudflare cofounder and CEO.
For proper data loss protection, forcing traffic through a central point is a given. It still does not provide protection against intentional and unintentional breaches, though. Endpoint management must implement ZTNA along with least-privileged access for data, devices, and identities in order to solve DLP’s drawbacks.
The protection of data going to and coming from the endpoint is another design objective. Falcon endpoint agents and the SecureCircle platform are now combined as a result of CrowdStrike’s acquisition of SecureCircle, ensuring the protection of data, identities, and devices. Organizations will be able to enforce SaaS-based ZTNA and secure data on, from, and to any endpoint by combining the two.
In order to give zero-trust security to every endpoint and take advantage of the installed base of Falcon endpoints around the world, CrowdStrike claims has bought SecureCircle. By authenticating every application, device, network, and user before granting access to encrypted data, SecureCircle helps endpoints. CrowdStrike Falcon ZTA removes the dangers DLP solutions are known for, such as insider attacks and administrator errors inadvertently exposing infrastructure, by ensuring that device health and security posture fulfil requirements prior to data access.
When an endpoint has been compromised or is not safe, access to secure data can be revoked thanks to CrowdStrike’s interface with SecureCircle. ZTA was created by the corporation to be able to deny access to any seeking entity, including devices, files, systems, and identities, without the need for administrator participation.
Data classification is essential for achieving zero trust.
“Another core tenant of zero trust is the ability to automate & orchestrate, but with appropriate context (i.e., signals) for a more accurate response”, “This means the key elements of data security (such as data classification and policy enforcement at all locations) must be developed and enforced dynamically. The legacy approach of manually tagging data and constantly updating policy rules does not work fast enough or accurately enough for modern attacks.” Kapil Raina, vice president of zero-trust marketing at CrowdStrike.
To keep endpoints secure, policy rules for legacy DLP must frequently be changed, which requires a lot of manual work.
Enterprises will continue to be compelled to replace legacy DLP systems as a result of the implementation of zero-trust frameworks. Any organisation is liable for their restrictions.
Look for existing DLP systems that offer content inspection, data lineage for improved classification and visibility, and incident response on a zero-trust enabled platform when comparing them to other options.
A well-defined data classification technology is at the core of a zero-trust approach to DLP, helping to prioritise the most sensitive data and increasing the effectiveness of creating a thorough ZTNA architecture. Later on in the timeline of a zero-trust framework, a strong classification strategy will also assist with microsegmentation.
For More IT Articles Click Here