[On-demand webinar] CISO Series: Decoding Cybersecurity Language with Adam Shostack

Watch now
March 18, 2020

Why DLP is not for IP

Competitive advantage for most companies is created by having differentiated capabilities or processes that are not easy for their competition to copy.

PROTECTING INTELLECTUAL PROPERTY IN A NEW PARADIGM

Competitive advantage for most companies is created by having differentiated capabilities or processes that are not easy for their competition to copy. As companies rely more on remote employees, contractors and complex supply chains, their “know how” and intellectual property becomes more distributed.  It is increasingly harder to keep a “secret.” Corporate espionage according to Verizon’s 2019 report was only to be outpaced by financially motivated insider threats. Apparently, it is extremely lucrative for a variety of reasons to steal Intellectual Property (IP). While we all use the term frequently in security, it is becoming increasingly important to understand the types of IP, the value it has to the organization and what it takes to protect it.

INTELLECTUAL PROPERTY HAS MANY FACES

The main categories for IP are the following but the value they may represent varies depending on company, industry and the stage the business is at.

  • Trade Secrets
  • Strategic Plans
  • Press Releases
  • Contracts
  • Sales Forecasts
  • Financials

This list can easily expand to include to other documents that have strategic value but often fail to be properly protected or tracked such as:

  • Board minutes
  • Legal documents
  • Partnership agreements
  • Reports from audits and consultants
  • Design diagrams.

WHY NOT DLP?

There are a variety of Data Protection solutions that range in sophistication. The challenges with many of them have unfortunately remained the same over the years despite this technology reaching maturity. DLP was designed for recognizing text patterns and specifically compliance scenarios such as preventing Credit Cards and Security Cards from leaking. Since the content structure of intellectual property varies greatly it becomes difficult to design rules to identify and therefore difficult to block. DLP tools typically lack the ability to relate necessary context to the blocking rules.

1. BLOCKING THE KNOWN VS THE UNKNOWN

DLP relies on establishing rules to block “known” data from being exfiltrated. But the known keeps changing, with new ideas and new collaboration apps and storage options. We are all sharing information while Zooming and easily “dropping” information where others can easily access it. As new intellectual property is modified, it is nearly impossible for DLP policies to keep up. DLP does not have the context to recognize intellectual property and once IP has been successfully exfiltrated there are no log records within DLP. Most DLP implementations lack the capabilities to truly protect intellectual property.

2.  POLICIES TAKE TIME

DLP is a significant initial investment in time by your staff and consultants. It requires continuous tuning to react to the dynamic organizations of today with no perimeter. Many smaller and mid-sized organizations or those that lack sophisticated IT or are drowning in too many tools have found it difficult to maintain DLP solutions.

Building DLP policy around data movement is becoming even more challenging. While DLP works for compliance it has never been designed for intellectual property. IT may be completely unaware of evolving business practices and the ever growing number of cloud apps that employees rely on.

DABA – A NEW APPROACH

In contrast, there is a new data protection approach Data Behavioral Analytics (DaBA) that provides instant visibility by automatically recording and reporting on data movement within the organization without any policies, data classification or file manipulation.

DaBA is a new approach which provides complete contextual visibility into the behavior and movement of all data, across on-premise and cloud environments. It immediately reveals the improper handling of sensitive data by insiders so you can differentiate between malicious or careless insiders. DaBA can monitor both soft and hard IP. It can track all the various iterations in the journey of the data from its source to multiple destinations.

Finally, a tool that provides instant visibility to easily protect intellectual property.

Learn more about DaBA and DLP with our whitepaper: Addressing Gaps in DLP with Data Behavior Analytics 

Download Whitepaper 

See our product in action