Whether intentional or unintentional, end users continue to pose significant risk of unauthorized external transfer of sensitive data. This is one reason for ongoing focus on data loss prevention (DLP).
Despite the DLP market's maturity, there remain some fundamental gaps in necessary capabilities, including the ability to identify and classify data that misses canned detection filters.
Detecting data exfiltration requires analytics to monitor other indicators, such as data movement, activity, and popularity. It must also incorporate factors about user profiles so that they can be linked to data (documents) to better identify and set risk thresholds.
The challenge is that with the explosion in data quantity and persity, identifying behaviors that are indicative of data exfiltration is problematic within standard SIEM tools.
Elysium’s Cognitive SIEM overcomes that challenge by leveraging existing open source big data technology to collect sensor data in real-time and then applying supervised and unsupervised machine learning models to identify just those patterns and events that represent true threats.
By processing huge amounts of data and reducing false positives by up to 90% compared to standard SIEMs, our Cognitive SIEM greatly reduces both risk and security analyst workloads without requiring significant changes to existing processes and workflows.
- Supervised and unsupervised machine learning models to identify patterns and events that represent true threats.
- Detection of data exfiltration through DNS and other vectors that most DLP systems miss
- A drastic reduction in false/positives