For decades DLP tools have had only one criterion for making decisions: content analysis. Judgments are based on whether content matches patterns of sensitive data or has been tagged as sensitive beforehand. However, sensitive data comes in many forms and is often changing, making content matching difficult and unreliable. Content can also be obscured due to encryption or other obfuscation, making content analysis impossible.
DDR can also analyze content, but that is only one of many contexts. In contrast, the Cyberhaven DDR platform collects and analyzes every data-related event. This could be a user uploading a document, copy/pasting data from one file to another, renaming a file, writing a file to a thumb drive, sending data over a chat session, and dozens of other events. This is metadata is captured for all data all the time, even data that hasn’t been previously defined as being sensitive. It is also important to note that this approach can be applied to any type of data, even unstructured or non-text data like images and videos. The goal is to ensure that all subsequent analysis and policy enforcement are based on the most complete view of the data lifecycle.