Can anyone recommend best practices for deploying/configuring a data loss prevention platform? How do you make sure you're minimizing false positives/negatives, getting accurate detection, etc?

Security & GRCData Protection & EncryptionGovernance, Risk & Compliance+1 more
2.4k views4 Comments
Director, Strategic Security Initiatives in Software, 10,001+ employees
I would recommend this : https://start.paloaltonetworks.com/modern-enterprise-dlp-facilitating-gdpr?utm_source=google-jg-amer-sase&utm_medium=paid_search&utm_term=data%20loss%20prevention%20best%20practices&utm_campaign=google-sase-casb-amer-multi-lead_gen-en-eg&utm_content=gs-20039126345-154114646568-656502004727&sfdcid=7014u000001ZAovAAG&gclid=CjwKCAjw8symBhAqEiwAaTA__C85Q42RrbIh8Ps8JPIgKheCHIkBB4aDOSZeYnlBBPXAUImTL2y8JRoCZZ8QAvD_BwE
Director of IT in Education, 5,001 - 10,000 employees
I like Microsoft Purview Data Loss Prevention, it works well with Microsoft systems, Networks, emails, etc.
https://www.gartner.com/reviews/market/data-loss-prevention/vendor/microsoft/product/microsoft-purview-data-loss-prevention
CIO in Finance (non-banking), 1,001 - 5,000 employees
A lot of people will give you a set of tools and processes to ensure DLP effectiveness. A different perspective is to ensure you have you data classification done right and in a way that can be maintained. The more fine grained you can get the less false positives. There are tools that vendors claim that have “AI” for detection but without classification any AI won’t be effective or efficient. There is no AI that I know of that can substantially make a dent in classification of data beyond identification of PII etc. In other words there are precursors to DLP beyond configuration that need to happen to make your detection effective.
Director of IT in Manufacturing, 5,001 - 10,000 employees
I recommend to you can use data loss prevention from F5, its cheaper & good security

Content you might like

Has your organization been hit by ransomware in the last 6 months?

Governance, Risk & ComplianceSecurity & GRCRisk Management+4 more

Yes28%

No, but we expect to be hit in the future.48%

No, and we don't expect to be hit by ransomware in the future.24%


241 PARTICIPANTS
2.2k views1 Upvote2 Comments

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data. 

Security & GRCRegulatory Compliance
624 views1 Comment

Which of the following areas are you planning to make the biggest changes to within your governance and risk program in 2022?

Governance, Risk & ComplianceSecurity & GRCRisk Management

Continuous Monitoring51%

Staff Well Being57%

ESG & Sustainability45%

Service Provider Location Risk14%

Other (share below)2%


537 PARTICIPANTS
2.4k views1 Upvote4 Comments

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
143 19 Replies
Read More Comments
47k views133 Upvotes324 Comments

What are the experiences with encryption key management using Ciphertrust of Thales for securing Microsoft Azure or pother Microsoft cloud platforms?

CloudData Protection & Encryption
559 views