The Data Loss Prevention that works

Automated Controls are Key to Managing and Securing Personal Data

Our Client who is operating within the financial services market had challenges controlling the use and sharing of personal related data outside the company perimeter. What was needed most was visibility along with automated controls.
When it is hard to hire skilled security professionals many companies dealing with personal data, opt to implement mediocre controls for data usage.

At the end it always comes to the point where “You cannot control what you cannot see”.

The Challenge

The Solution

While reviewing the requirements of the group HQ we managed to identify that the control policies the group entity was requesting were lacking particular vision about personal data storage, identification and automation of controls.

First we managed to convince our customer that personal data controls should not be focused on personal data in general but on personal data that is stored and managed by the company in particular.

We identified those data sources within the company that were most common and contained the personal data in scope. We created a strategy on how to utilize these within DLP’s data indexing and exact matching policies.

We adapted thresholds for data breach detection and configured response rules that precisely recorded or blocked events matching our threshold criteria.

We focused on the implementation of indexing and exact data matching policies rather than regex validation, which by the way we still used for very particular and limited scope use cases.

We implemented automated controls on all channels: email, web, endpoint removable media, printing.

Even direct admin login to email servers was identified as a potential data breach vector and control measures were implemented at full scope.

Automated visibility and control was achieved for thousands of customer’s endpoints.


Implementing a Holistic Monitoring Strategy

Your SIEM properly setup is all you need.

View Story


File Integrity Monitoring That Manages the Noise and Highlight the Important Changes

Tripwire FIM Monitors approximately 450 critical assets in one of the most critical Credit Card Production environments in Bulgaria.

View Story


Symantec Content Analysis System Turned into a Powerful File Security Platform via its API

Symantec CAS is a powerful dual AV, Predictive Analysis and Custom Sandbox Environment that provided a powerful API for external systems integrations along with standard ICAP server functions.

View Story