Technology has always moved remarkably fast. New inventions have made revolutionary impacts in our personal as well as our professional lives. One area that seems to always be a step behind these developments is cybersecurity. Network protection has always seemed to function as an afterthought, whether it was the addition of a packet-filtering firewall or definition-based virus protection, the security mechanisms of the past have always been a laggard in the technology arena.
There are multiple possible reasons for this apparent slowness. The cybersecurity profession is still fairly new, with more available jobs than there are trained personnel to fill them. Related to this is the amount of time that it takes to become proficient in the field. This skills gap has resulted in high rates of burnout among cybersecurity professionals. However, perhaps the most relevant possible cause is that the industry has always been reactive rather than proactive. After all, it is hard to anticipate a cybercrime that hasn't occurred yet. Or is it?
One area where predictive and responsive capabilities exist is in the malware protection industry. Early malware defenses relied on signature-based detection but have now moved towards more proactive models that have the ability to detect new, previously unknown attack methods. This has had enormous impacts on network protection, making the job easier for security professionals. But it is only a single piece of a full network protection profile.
The next generation of cybersecurity professionals is poised to expect more. One area that is seeing a move in the right direction is Data Loss Protection (DLP). DLP has often suffered under the same reactive mechanisms of previous security solutions. Older content analysis techniques would cause too many false positives, which would waste analysts' time and create a poor user experience. Older DLP technologies are also often not cloud ready. Worst of all, older DLP solutions required a lot of fine-tuning to reduce the false positives. This all created a cycle of pain for both the staff who were subject to the DLP policies and the administrators who managed the products.
Fortunately, newer DLP solutions are moving forward, giving the next generation one tool that, according to Gartner, is “combining traditional endpoint data loss prevention with incident response capabilities in order to empower cybersecurity teams to discover and detect not just individual instances of real-time sensitive data exposure within applications, but the end user activity leading up to these incidents.”
A changing role for cybersecurity
It's clear that security has grown to include not only detection but immediate response. In fact, incident response capabilities are part of industry-recognized standards, such as the Payment Card Industry Data Security Standard (PCI DSS), and directives, such as the U.S. National Cybersecurity Strategy. Joining both capabilities of detection and response in a single tool can alleviate many of the problems of professional fatigue, tool sprawl, and cost.
Why is DLP so important for an organization? When we look at many of the current and emerging threats, data exfiltration is a primary driver for many attackers. In the early days of ransomware attacks, it was relatively easy for a business to recover as long as they practiced good backup strategies. The attackers then found a way to steal data, threatening its public disclosure as a bargaining chip to increase the possibility of payment.
All data loss is not malicious. An employee may not realize that a document that they are sending in an email may contain sensitive data. A good DLP product can prevent violations of many privacy regulations that have been enacted. What was once a harmless mistake, resulting in the sender requesting that the recipient disregard the document be deleted, now has legal consequences.
As the cybersecurity industry works towards closing the skills gap and the industry becomes a vital part of business operations, the next generation of professionals will seek better advancements in protective technologies. This will protect organizations, and prevent possible fines, making it one of the best investments any company can make.
Bob Covello is a 20-year technology veteran and InfoSec analyst.