Anti Data Exfiltration (ADX) Versus Data Loss Prevention (DLP)

Organizations have spent years developing and implementing different solutions for keeping sensitive data secure. While the Data Loss Prevention (DLP) model has been one of the most popular approaches for addressing these security pain points, Anti Data Exfiltration (ADX), provides a new solution to this problem.

The ability to control the way information flows through networks is a critical part of security infrastructure and there are multiple reasons why this degree of control is so valuable. It represents the most direct way to protect personally identifiable data, secure intellectual properties, and gain visibility into the overall effectiveness of the organization’s security approach.

Traditional DLP technology is struggling to accommodate many of the challenges that organizations face today. Cybercriminals are increasingly focused on stealing valuable data with the intent of extortion, and more and more employees are working remotely, creating the perfect storm for cybercrime. Because of this, securing data and monitoring data exfiltration in real time, has never been more important. In this blog we look at some of the limitations with DLP and compare it to ADX, a new way to keep data secure and prevent cyberattacks.

Traditional DLP approaches combine a variety of data security measures into a unified network edge solution. Individual technologies can vary between vendors, but it’s typical for DLP solutions to implement:

• Signature matching
• Structured Data Fingerprinting
• File Tagging
• Intrusion Detection
• Firewalls

This makes DLP a data-centric approach. It does not distinguish between different users, identify user intent, or understand the context behind data transmission and communication. It simply acts in accordance with a strict set of policies designed to limit the ability for unauthorized users to compromise sensitive data.

1. Since DLP does not discriminate between users, it cannot detect the difference between malicious behavior, social manipulation, and unintentional mistakes.
2. Traditional DLP Solutions are expensive to run and operate. Since these systems require massive resources from a computing perspective they are expensive to implement and require constant management to monitor and apply new policies when new systems are adopted.
3. DLP breaks the security chain. Since DLP requires data introspection it must decrypt every packet and effectively act as a man in the middle attack, effectively breach the trust between the source and destination.

Anti Data Exfiltration, or ADX provides a novel approach in preventing cyberattacks. ADX improves on the approach that DLP originally pioneered. An organization’s data is its most valuable asset, and all cyberattacks work by exfiltrating unauthorized data in some way.

The problem is not one that a series of data-centric policies can resolve. Instead, organizations have begun to take a more holistic approach to preventing the exfiltration of sensitive data.

Simply infiltrating a network or a device does not make a successful cyberattack. The attack is only successful if sensitive data is stolen from the network. Without data exfiltration, there is no data loss, no data breach, and no data ransom or extortion.

ADX works by investigating outgoing data on endpoint devices. This gives it a markedly smaller footprint than DLP, which examines incoming and outgoing traffic at the edge of the network. ADX solutions are lightweight enough to run on mobile devices and do not need to work on the corporate network.

Instead of comparing traffic to a dictionary of attack signatures, ADX solutions use behavioral analytics to identify unusual behaviors on a user-centric basis.

Cybercriminal malware applications do not act the same way legitimate users do. They scan for ports, exchange keys with foreign servers, and move laterally through networks in ways that regular users don’t. Targeting them through their behaviors makes much more sense than simply locking sensitive data behind a barrier.

The one thing that all cybercriminals do is send sensitive data outside the network. ADX limits the ability for users – including privileged users and administrators – to send sensitive data outside the network. This makes it a next-generation solution that builds on the technology behind Data Loss Prevention while making it relevant to today’s security threats.

To learn more about Anti Data Exfiltration, watch this short video.