Anti-data exfiltration (ADX) and data loss prevention (DLP)
Organizations have spent years developing and implementing different solutions to keep sensitive data secure. While the Data Loss Prevention (DLP) model has been one of the most popular approaches to address these security concerns, Data Anti-Exfiltration (ADX) provides a new solution to this problem.
The ability to control how information flows through networks is a critical part of the security infrastructure, and there are many reasons why this degree of control is so valuable. It represents the most direct way to protect personally identifiable data, secure intellectual property, and gain visibility into the overall effectiveness of the organization’s security approach.
Traditional DLP technology struggles to meet many of the challenges organizations face today. Cybercriminals are increasingly focusing on stealing valuable data for the purpose of extortion, and more and more employees are working remotely, creating the perfect storm for cybercrime. Because of this, securing data and tracking data exfiltration in real time has never been more important. In this blog, we take a look at some of the limitations of DLP and compare it to ADX, a new way to secure data and prevent cyber attacks.
Data loss prevention explained
Traditional DLP approaches combine a variety of data security measures into a unified network edge solution. Individual technologies may vary from vendor to vendor, but DLP solutions are typically implemented:
- Correspondence of signatures
- Structured data fingerprint
- File tagging
- Intrusion detection
This makes DLP a data-centric approach. It does not distinguish between different users, identify the user’s intent, or understand the context behind the transmission and communication of data. It simply acts in accordance with a strict set of policies designed to limit the possibility for unauthorized users to compromise sensitive data.
- Since DLP does not distinguish between users, it cannot detect the difference between malicious behavior, social manipulation, and unintentional errors.
- Traditional DLP solutions are expensive to manage and operate. Since these systems require massive resources from an IT perspective, they are expensive to implement and require constant management to monitor and enforce new policies as new systems are adopted.
- DLP breaks the security chain. Since DLP requires data introspection, it must decipher every packet and act effectively as a man-in-the-middle attack, thereby breaking the trust between source and destination.
ADX, the new generation of cyber defense
Anti Data Exfiltration, or ADX, offers a new approach to preventing cyber attacks. ADX enhances the approach originally started by DLP. An organization’s data is its most valuable asset, and all cyber attacks work by exfiltrating unauthorized data in one way or another.
The problem is not a problem that a series of data-centric policies can solve. Instead, organizations began to take a more holistic approach to preventing the exfiltration of sensitive data.
Simply infiltrating a network or device is not a successful cyber attack. The attack is only successful if sensitive data is stolen from the network. Without data exfiltration, there is no data loss, no data breach, and no ransom or data extortion.
ADX works by studying outgoing data on terminals. This gives it a significantly smaller footprint than DLP, which examines inbound and outbound traffic at the edge of the network. ADX solutions are lightweight enough to run on mobile devices and do not need to run on the corporate network.
Instead of comparing traffic to a dictionary of attack signatures, ADX solutions use behavioral analysis to identify unusual behavior on a user-centric basis.
Malicious cybercriminal apps do not act the same as legitimate users. They search for ports, exchange keys with foreign servers, and move sideways through networks in ways that normal users don’t. Targeting them through their behaviors makes a lot more sense than just locking sensitive data behind a barrier.
The only thing all cybercriminals do is send sensitive data out of the network. ADX limits the ability for users, including privileged users and administrators, to send sensitive data outside the network. This makes it a next-generation solution that builds on the technology behind data loss prevention while making it relevant to today’s security threats.
To learn more about Anti Data Exfiltration, watch this short video.