Director of Cybersecurity Data and App Protection in Healthcare and Biotech2 years ago
In terms of key features and capabilities, integration with the platforms that your employees are using is top of the list. You want tight integration with the endpoints and any mail systems or document systems that your employees are using on a day-to-day basis to create and distribute content. You also need key integrations with your incident response team and cyber monitoring team, so they can adjust the results data and be able to take action.
The next level down is more of a subjective review, where the platform will try to make assumptions about the content to determine whether it’s confidential. Accurate classification is really important. Data loss prevention platforms are going to have different algorithms to accomplish classification and every tool will require significant engineering by the organization to make sure that they're accurate. Adding your own custom policies to tune it to your environments and support all the different document types and artifacts that you're concerned about will be extremely critical for success.
We've also seen a lot of value from the platform's ability to help with investigations. Let's say something does happen, as an organization you'll want to be able to go back and look at the emails: What was sent? Who was who was sending it and to whom? What kind of content was sent out? You need to know those things to do a proper investigation, so the platform needs to have that ability to show you what happened in those moments. Metrics are another key feature. We get a lot of value from looking at our metrics because they can drive conversations with business leaders to help achieve our goals.
In terms of key features and capabilities, integration with the platforms that your employees are using is top of the list. You want tight integration with the endpoints and any mail systems or document systems that your employees are using on a day-to-day basis to create and distribute content. You also need key integrations with your incident response team and cyber monitoring team, so they can adjust the results data and be able to take action.
The next level down is more of a subjective review, where the platform will try to make assumptions about the content to determine whether it’s confidential. Accurate classification is really important. Data loss prevention platforms are going to have different algorithms to accomplish classification and every tool will require significant engineering by the organization to make sure that they're accurate. Adding your own custom policies to tune it to your environments and support all the different document types and artifacts that you're concerned about will be extremely critical for success.
We've also seen a lot of value from the platform's ability to help with investigations. Let's say something does happen, as an organization you'll want to be able to go back and look at the emails: What was sent? Who was who was sending it and to whom? What kind of content was sent out? You need to know those things to do a proper investigation, so the platform needs to have that ability to show you what happened in those moments. Metrics are another key feature. We get a lot of value from looking at our metrics because they can drive conversations with business leaders to help achieve our goals.