Shulou(Shulou.com)05/31 Report--

What is the overall solution to data leakage prevention based on UEBA? For this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more small partners who want to solve this problem find a simpler and easier way.

With the deepening of enterprise digital transformation, enterprise data assets are increasing day by day, facing severe data leakage risks. According to Verizon's 2020 Data Leak Investigation Report, 70% of data leaks are caused by theft and abuse by insiders with data access rights.

Internal threats have become the main threats to enterprise security management, and how to prevent internal personnel from leaking data has also become one of the key points of current enterprise security work.

Ming Dynasty Wanda data leakage prevention system

As a representative manufacturer of a new generation of information security technology enterprises in China, Mingda relies on its in-depth understanding of the data security field, and its independently developed data leakage prevention system can identify, monitor and protect enterprise data assets in real time, helping enterprises effectively avoid security risks caused by data leakage.

For the traditional DLP rule-based matching work mode, unable to find unknown risks, poor flexibility, false positives and other problems, Ming Wanda data leakage prevention system uses UEBA (User and entity behavior analysis) technology, establish a model for each user, multi-dimensional statistics of user history baseline, department history baseline and group history baseline, real-time detection of user deviation from baseline behavior; for abnormal behavior such as statistical index abnormality, time series abnormality, pattern abnormality, etc., use CNN, RNN and other deep learning algorithms to detect, multi-dimensional dynamic assessment of the risk value of user data leakage across the network.

△ Traditional DLP based on rule matching to enhanced DLP based on behavior analysis

product features

The working mode based on behavior analysis can realize full closed-loop control over the use of enterprise data assets in advance prediction, blocking during the event and traceability afterwards.

△ Data leakage prevention overall solution

Advance prediction

Using deep learning technology, individuals with similar behaviors are detected and network-wide risk assessment is performed. It can effectively warn unknown data leakage risk in advance, overcoming the limitation that traditional DLP can only deal with internal personnel leakage events based on pattern matching.

Interrupted in the middle

With rich experience accumulation and combined with customer business scenarios, Ming Wanda security strategy experts have formulated a series of anti-leakage strategies to protect enterprise core data assets, and can dynamically adjust corresponding strategies according to changing internal user risk values. Once the user behavior is found to exceed the confidence interval, measures such as blocking can be automatically implemented, which greatly reduces the false alarm rate of data leakage events.

Post-event traceability

Relying on the Internet data leakage monitoring platform deployed in the cloud by Wanda Ming Dynasty, it can sense the data distribution of enterprises in dark net, network disk library, code custody, Group chats forum and other channels in real time, and discover the risk of data asset leakage at the first time. It can automatically link the DLP platform within the enterprise to perform traceability analysis, restore leakage scenarios, identify suspicious users and entities, generate data leakage reports and notify enterprise administrators.

application scenarios

Assuming that an employee waiting to leave an enterprise tries to bypass the data leakage prevention (DLP) system deployed by the enterprise by disassembling the internal data of the enterprise and sending out a small number of times, after deploying the data leakage prevention solution based on behavior analysis (UEBA), the enterprise security system can conduct multidimensional dynamic evaluation according to the employee's historical behavior and recent dynamics. After determining that the employee has malicious data transmission behavior, the security policy can be adjusted in time to implement directional blocking. And rely on the data leakage monitoring platform to implement the whole network monitoring traceability for the data that has been sent out.

In general, in order to ensure the continuity of business, the established data leakage prevention strategy is often very loose, and the slow leakage behavior cannot be discovered. In response to this situation, some traditional DLP products support detecting the total amount of outgoing data of personnel within a certain period of time to determine whether it reaches a predetermined threshold. However, the detection effect depends largely on the rationality of artificial threshold, and only relying on the threshold of outgoing data is not enough to determine its abnormal behavior, there is a certain false alarm rate. More seriously, traditional DLP cannot trace the leaked data to the whole network, let alone judge the diffusion degree of the leaked data. As a leader in the field of data leakage prevention, Mingda always insists on taking the actual demands of customers as the first priority, constantly innovates in leakage prevention technology, process and service around customer business application scenarios, so as to ensure that the delivered products can exert real value and protect the safety of enterprise data assets.

About UEBA-based data leakage prevention overall solution is what the answer to the problem is shared here, I hope the above content can be of some help to everyone, if you still have a lot of doubts not solved, you can pay attention to the industry information channel to learn more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.