If any organization has a mature data loss prevention in place, there is no need of combating the aftermath of data loss.
Media 7: How does your organization strike a balance between security and employee privacy and autonomy?
Alexey Raevsky: Zecurion promotes risk-based approach. Zecurion Next Generation DLP allows organizations to dynamically assess risks and identify anomalies to minimize false positives. Thus, low-risk users can proceed as usual, while high-risk employees will be under closer supervision.
There are 3 aspects to keep in mind. First – whom are you monitoring, second – what are you monitoring, third – where are you monitoring.
Who: usually you cannot monitor your employees without prior notice or receiving consent. What: depending on the local regulations you should choose the most suitable deployment option, and inform your employees of the company privacy policy. Where: you shouldn’t monitor personal devices used for work. The easiest option is to inform your employees that they should use only devices provided by the company, and use them for business only as personal communication might be monitored by accident together with business-related data.
M7: In the event of a data leak involving sensitive or confidential information, how do you address the situation?
AR: If any organization has a mature data loss prevention in place, there is no need of combating the aftermath of data loss.
Data Loss Prevention is often perceived as checkmark solution to cover compliance with requirements of regulators. This leads to disastrous results. Zecurion Next Generation DLP, on the contrary, researches, investigates and monitors everything prior to data loss. We tend to say that Zecurion Next Generation DLP is more than a data loss prevention.
Our product features include:
• UBA with fast risk- based assessment: To ensure total visibility of employee activity and evaluate it on main parameters like risk, productivity, policies, and emotional state. Each employee profile contains all events associated with the user on a single page. All events are shown in chronological order and are clickable for more information. The Security Officer will supervise high-risk employees, while low-risk ones will operate with more minor limitations.
• Screen Photo Detector: Whenever someone tries to photograph a screen by smartphone, Zecurion DLP immediately detects it via webcam and blocks the computer. The technology uses 2 neural networks to ensure reliable smartphone detection and flags cybersecurity incidents in a blink of an eye (from 0.06 seconds).
• Investigation Workflow Automation: This module simplifies investigations and shortens the incident response cycle. It minimizes the cybersecurity team workload by providing a 360° view of actual tasks with all the statuses, data on the investigation stage, executants, and deadlines. During the investigation, cybersecurity team members can leave comments on the task, discuss progress with other participants (from CISO to analyst), and attach documents and incidents as proof.
M7: How do you ensure that third-party vendors or contractors do not cause data leaks?
AR: The key to this problem is in thorough control of what data do you allow third-party vendors and contractors to access. If they don’t have access to sensitive or overabundant information, the risks are minimized.
Zecurion Next Generation DLP allows mapping of accessible data and puts all confidential information at rest in order. The solution’s Discovery Module collects data from all sources and supports an impressive set of content detect technologies, including templates, regular expressions and digital fingerprints.
Read more: 'Successful tech companies are able to cultivate leaders not only at the top of the business, but at all levels of the business,' says Reed Taussig.
With data being everywhere, it is easy to lose context. Without it, the details needed for forensic investigations will be incomplete and might lead to inaccurate conclusions.
M7: What advice would you give to organizations looking to improve their data leak prevention efforts?
AR: They should start with an order in their data. Data classification is directly related to risk management, compliance, and protection against internal threats. Organizing structured and unstructured data into appropriate categories ensures efficient use and data protection across the company network. With no data classification in place, any data protection program will fail.
M7: How does your organization handle data leak incidents that involve sensitive or confidential data?
AR: Prevention is always better than a cure. Here are the steps to cover most relevant customer’s use cases (based on Zecurion solutions):
1. Perform data identification and classification for files and traffic.
2. Provide forensic and retrospective analysis with investigation and reporting capabilities.
3. Implement more than 10 content detection techniques (dictionaries with keywords, regular expressions and templates), digital fingerprint (documents and source database), Bayesian probabilistic analysis method with dictionaries, support vector machine learning algorithm (images of structured objects), etc.
4. Suggest report customization capabilities. Operator can create new Report Log with deep filter customizations with multi-level AND, OR, NOT Boolean logic.
5. Include unified employee profile section where all incidents\leakages and key statistics regarding this user are stored. UEBA with Staff control module is also available when required.
6. Offer policy orientated deployment approach
Operator can create policy once and then broadcast policy to selected target channels (corp mail, web, messengers, devices, printers, workstation HDD, file shares), etc. Zecurion has the option to turn on physical blockage for selected channels.
M7: What recommendations would you give to businesses seeking to implement or enhance forensic investigation capabilities?
AR: With data being everywhere, it is easy to lose context. Without it, the details needed for forensic investigations will be incomplete and might lead to inaccurate conclusions.
Your DLP has to maintain a comprehensive archive of files and events to provide the big picture of the organization’s security state. Relying only on policies and classification is erroneous as it will provide a vision of a picture at-a-time, not a proper historical overview.
M7: How does the use of mobile devices impact cybersecurity, and what are the best practices for mobile device security?
AR: Mobile device security might be very tricky, especially when employees use their personal mobile devices at work. You cannot monitor these, as it might be perceived as a criminal access without authorization.
At the moment, we do not see significant product potential, and the demand from customers is limited. The widespread use of personal devices during the pandemic and the complexity of legal control of such devices has reduced interest in the product.
Read more: ‘Marketing can be the oxygen to a company’s growth,’ says Shashi Kiran
Mobile device security might be very tricky, especially when employees use their personal mobile devices at work.
M7: Can you discuss the importance of incident response planning, and what steps businesses should take in the event of a cyberattack or data breach?
AR: Every organization has to have an incident response plan agreed to its local legislation. Every region has its own requirements to actions and their timing after a cyberattack or data breach. Consult your corporate lawyer for the qualified legal opinion before creating a proper incident response plan.
M7: How do you measure the success of your company, and what metrics do you use to track progress?
AR: Except for the obvious (sales revenue, net profit and gross margin, sales growth yearly, etc.), we pay special attention to customer loyalty and retention, and customer happiness. During our history we had both: customers, that used DLP as a preventive measure, and customers, that required it for forensic investigation. We are very proud of cases that make us stand out from other DLP vendors.
A recent venture was a forensic investigation for an oil refinery. The plant sold products to their intermediaries, who were later found to be fraudulent firms that existed only on paper. These firms bought products from the plant and resold them to other customers with a large price hike. These activities were uncovered with Zecurion’s DLP solution, which discovered that a group of managers at the oil refinery, including a C-level executive, were involved in the scam. They had forged documents to cover their tracks, which Zecurion identified. It then conducted a financial and legal audit. The audit revealed the fraudsters’ revenue was actually the organization’s loss, amounting to over $25 million. It helped the refinery seek legal action and fire three key members associated with the scam. Zecurion’s people-centric DLP solution helped them throughout the investigation process and to take further steps.
M7: Describe a time when you had to adjust your content strategy due to shifting market conditions or other external factors.
AR: We develop solutions that solve our customer problems. Insider threat protection is a field of our research, our goal and main interest. With our features, we influence market, making us not so dependent on external factors.