Security News > 2021 > April > Swiss Army Knife for Information Security: What Is Comprehensive Protection?

Data-breach risk should be tackled with a toolset for monitoring data in motion and data at rest, analysis of user behavior, and the detection of fraud and weak spots.

Once I even "Caught" a leak with the help of the firewall logs: I noticed an atypically large data upload and found out that the user was uploading confidential information as virtual-machine images.

"I worked in a bank, we had a DLP system. One day it alerted to an attempt to leak data. An ordinary employee sent account statements of VIP-clients to his personal email - information to which he wasn't supposed to have access. We intervened promptly, the employee deleted the email and confidential files from the computer. But the question remained unanswered - how he got the data. It was only some time after that they found out that the settings in the file storage were twisted: instead of a narrow circle, all managers got access to the folder with the data of VIP-clients. If we had a DCAP solution for file auditing, we would know about the failure immediately and the incident could be avoided".

Products provide data in different formats - specialists do not have a common source of information for analysis.

The concept of SearchInform is to ensure control of threats at all levels of the information network: From hardware and software to file systems and databases, and from user actions on a PC to their activity on the internet.

To Sum Up. To prevent the arsenal from becoming too bulky, protective systems need to be "Made friends." The easiest way to achieve this effect is by working with one trusted developer, and getting an all-in-one kit that works like a Swiss Army knife.

News URL

https://threatpost.com/what-is-comprehensive-protection/165461/