Security officers of organizations face a new set of challenges in today’s world – particularly those that result from advanced persistent threats (APTs). APTs are able to thwart traditional perimeter security schemes by working patiently over long periods of time to compromise defenses and to manipulate employees to click on familiar looking but malicious websites and emails. Attackers infiltrate corporate networks and discover areas where sensitive data is located, vulnerable areas where confidential data is easiest to steal, which employees are most likely to handle such data, and how sensitive data routinely moves about the organization. For example, attackers can employ “low and slow” techniques of copying a few sensitive files per day over a long period of time once they discover a level of activity that keeps them below the organization’s monitoring thresholds.
In the past it was sufficient to guard the organization’s IT perimeter with tools such as firewalls, intrusion detection, and data loss prevention (DLP), these techniques are no longer effective by themselves against APTs, other sophisticated attacks and insider threats.
The solution is to add data-centric security to traditional perimeter security. Data-centric security includes techniques that protect data as it travels both within the organizational perimeter and beyond, by limiting access to sensitive data according to policies that cover both users and activities. It also includes techniques for determining where sensitive data exists throughout the enterprise, monitoring such data, and analyzing the ways in which users copy, move, and access it over time. It incorporates identity management systems to correlate specific users with activity on sensitive data. By using such techniques on a continuous basis, security officers can not only prevent unauthorized activity automatically but also detect suspicious behavior patterns that suggest APTs and take action before it’s too late.
Download and read the full white paper.