The challenge of data leaks and theft has become an increasing threat for organizations, with the advance of online communications and data sharing platforms such as cloud computing and social networks.
DLP tools available today normally work at the file level (for example, by scrutinizing outgoing mail or stopping data transfers through computer drives), stopping users at the “gate” when they are actually sending out the data.
These tools, however, have substantial shortcomings:
Intellinx adds a previously unavailable protection layer that monitors what users are doing on the application, and alerting to behavior that may indicate intent to tamper or leak data.
The Intellinx unique patented technology monitors all communication between users and the application, records and analyzes it – in real-time – for actions that may indicate intent to leak data. This way, Intellinx stops data leakage even before it is attempted – while the user accesses the data before he/she tries to leak it through the “gate”.
Since Intellinx tracks the behavior of all end-users, it can discern unusual behavior by comparing it with that same person’s historical behavior patterns, as well as with peers. Another added layer of protection is our set of pre-installed rules, based on experience with over 150 implementations worldwide.
Following is a simple example: the system builds a detailed profile of behavior patterns for each user. One of the indicators maintained in this profile is the average number of customer accounts accessed by this user during business hours, and the standard deviation for this specific user. Based on this profile, the system can immediately detect a user who accesses an excessive number of accounts. The risk score for the alert may vary, depending on the level of deviation for this specific user behavior pattern and the hours during which the access is performed.
A more comprehensive example may include other indicators detected for the end user, such as access to VIP accounts, etc. Each indicator may increase the risk score for the suspected user.
Intellinx records all user behavior using various applications: including screen viewings, aborted actions and data deletions. So security personnel and investigators have a full forensic audit trail for each user and application, which can be visually replayed by investigators and potentially used in legal proceedings.
|Standard DLP Systems||Intellinx|
|Stop data leaks at the file level.||Stops data leaks at the field level.|
|Stop data leaks when they happen.||Stops data leaks before they happen|
|Alerts are based on actual attempted data leaks||Alerts are based on changes to user behavior, as well as attempted leaks.|
|Stop mainly non-intentional data leaks.||Stops mainly unintentional data leaks.|
|Do not create an audit trail of user actions.||
Creates a forensic audit trail of user actions that can be easily recreated and viewed.