When you evaluate data security products it is imperative to have the end goal in sight. If you look forward 365 days from now, what is the best way to predict how your team will use the product so that you can communicate the value that it will provide?
One approach is to examine operational bottlenecks. For example, if your organization points database audit logs directly to your SIEM, your team likely suffers from excessive alerts that lack database security context. This slows investigation and hamstrings decision making processes.
Another approach is to review financial impact – raw database logs often result in excessive storage costs, telemetry costs and SIEM license costs. Recording 12 months of these expenses and comparing them to estimated savings is a concise way to communicate the value of the new approach.
If you are a cybersecurity manager that is tasked with building the list of data security challenges for your organization, a recent report titled Forrester Research Total Economic Impact for Imperva Data Protection can be used to accelerate your work. The Forrester report includes multiple challenges and benefits, gathered directly from organizations that have deployed data security in their organization.
Let’s discuss two of the benefits.
Improved compliance and security outcomes
It may go without saying, but if the definition of data security is the process of protecting corporate data and preventing data information loss, a data security solution must facilitate detection, visibility, and remediation. Coverage must be complete – across all DBMS and all deployment models – because anything less leaves gaps and increases risk.
Data volume and complexity continuously grow. Data security requires a specific knowledge set to add useful context for security incident responders. It’s not enough to list the what and when of an access event, it’s also the who, where and the why. Without context around why, security teams will either pass over the event or be forced to add context manually. This is operationally inefficient and, again, introduces risk.
Threat context around events such as database audit tampering, privilege escalation, and suspicious database command execution should be part of your organization’s threat lifecycle management because it enables your incident response teams to efficiently understand urgency and risk.
Given that recent Imperva research shows that 46% of on-premise databases were found to have vulnerabilities, improved security outcomes are more important than ever.[For more information on the importance of “why”, see the 2021 Imperva report Lessons Learned from Analyzing 100 Data Breaches, where we dig into the biggest data breaches over the last decade.]
Improved employee experience and increased visibility
People and processes, not technology, ensure the underlying success of a security program.
While some may feel that technology reduces cybersecurity staffing requirements, others find that technology is necessary for protection, detection, automation, etc., but people are required to make business impacting security decisions. Good data security solutions enable staff repurposing, allowing people to focus on important work that falls outside a machine learning algorithm’s knowledge set. (Coincidentally, this work is usually more interesting, which also improves employee engagement and retention.)
Reporting is an example of staff refocusing. Data security report development is common for compliance audits but is time-consuming and repetitive. Data security solutions that streamline and automate reporting workflows have a positive impact on the health of the security program.
Visibility improvements go hand in hand with an improved employee experience. According to Verizon’s 2021 Data Breach Investigations Report (DBIR), 61% of breaches involve credential data. Data security products that increase visibility into suspicious database activity simplify what is otherwise time consuming and difficult. Traditional endpoint, cloud and network security tools don’t offer this depth.
What is your next step?
Use the Forrester report to help build the success criteria for your own data security product evaluation. The report provides multiple examples of real-world challenges and the benefits that data security products bring to the table, all backed by real world attribution.
Good data security tools reduce risk and increase staff effectiveness through alert noise reduction, database-specific event enrichment, bi-directional interfacing with SIEMs, pre-built and customizable playbooks, interactive reporting, and more. Don’t hesitate to request a demo of our data security platform to see first hand how it can extend the capabilities of your security teams!
To learn more about Imperva’s approach to data protection or if you have questions about the report, please contact your Imperva Account Representative.
The post Build successful data security evaluation criteria with help from your peers appeared first on Blog.
*** This is a Security Bloggers Network syndicated blog from Blog authored by Jason Pappalexis. Read the original post at: https://www.imperva.com/blog/build-successful-data-security-evaluation-criteria-with-help-from-your-peers/