Email data loss prevention

Egress named as a representative vendor in the Gartner Market Guide for Data Loss Prevention (DLP)

The state of the DLP market

Industry analyst Gartner recently published their 2022 report on the state of the DLP market. They consider DLP a mature technology but do talk to the emergence of next generation data security tools for insider risk management and cloud use cases.

The enterprise DLP (EDLP) market is growing at around 6.6%. This growth is down from the 8.7% reported in the 2021 Market Guide, and Gartner suggested this is related to organizations now using capabilities from integrated DLP (IDLP) or cloud service providers.

DLP (re)defined

Gartner talk to three main flavors of DLP – enterprise, cloud and integrated.

EDLP solutions offer centralized policy management and reporting for multiple use cases, across a number of enforcement points, such as email, web, endpoint and cloud.

Cloud DLP addresses the cloud use cases across private and public cloud applications, as well as the native capabilities offered by cloud service providers.

Integrated DLP (IDLP), which is often referred to as channel DLP, typically enforces policy on a specific communications channel, such as email. It is often defined as integrated, because the basic capabilities were historically bundled with the product that was securing that channel. For example, basic rules-based DLP, or content control, is often bundled with secure email gateways.

The challenges of enterprise DLP

Enterprise-wide DLP projects have long been considered a major undertaking. In the 2021 Market Guide, Gartner spoke of cost and architectural concerns resulting in it not necessarily being the first choice for organizations with more than one DLP use case to consider. In addition, they recommended investigating in the use of consulting services to shorten the time to value.

Is EDLP “Traditional” and “Legacy”?

In this year’s Market Guide, Gartner uses the terms “traditional” and “legacy” to reference data-specific content inspection and DLP solutions that were built for on premises workloads. They go on to suggest that these content inspection methods can lead to incident fatigue.

When you take this point in conjunction with the above challenges, you might think that EDLP, in its current form, is not meeting the market needs. Of course, whether an organization adopts an EDLP or IDLP strategy should be based on their business needs and risk appetite.

IDLP solutions can solve for the highest risks

As the cyber security market has evolved, so have the products that provide IDLP, and this is reflected in the Market Guide. In keeping with the focus on cloud, Secure Web Gateways and firewalls have made way for Secure Services Edge, while endpoint and email security remain as solutions to consider appropriate for IDLP.

Email security is the major risk

The Market Guide considers email DLP a priority, as it is the most prevalent communication channel for sending sensitive information, and because of this, most email security vendors include DLP capabilities. However, the guide goes on to suggest that only some vendors can address accidental data loss use cases, such as misaddressed emails or sending incorrect attachments. Egress is one such vendor.

Incorporate insider risk management into DLP policies

Insider risk management tools monitor user behaviors as they go about their day-to-day engagement with technologies and applications. The Market Guide suggests that risk management and DLP are converging to add user context to a DLP policy through use of behavioral analytics and machine learning. This is hardly surprising in a world of alert fatigue, as these are both intelligent technologies that require little administration, unlike traditional, rules-based DLP.

Use human activated risk management across email DLP and inbound email threats

Insider risk tends to refer to the DLP use cases. Consider extending this concept to one of all cyber security use cases that require human intervention. Human activated risk for the email channel is introduced by users being coerced to fall for a phishing attack, human error that leads to data breaches and malicious exfiltration.

Collating user risk data for these accidental and malicious use cases across both inbound and outbound emails, can reap significant rewards. If you have visibility of both a users’ email sending behaviors and the inbound email attacks targeting them, you can collate that data to build a far more granular picture of the risk that user poses to the business.

To accomplish this, you need email security that takes a holistic view across both inbound and outbound emails. It should:

  • Learn each user’s email sending behaviors, detect anomalies and automatically engage the user to confirm the action is as intended, right at the point of risk, when they hit send.
  • Enforce exfiltration policies to prevent the accidental and niche use cases that are typically not covered by the traditional or legacy DLP solutions.
  • Build a picture of the risk associated with these outbound DLP use cases for each user.
  • Detect sophisticated and targeted phishing attacks with a high degree of accuracy and understand the risk associated with them on each user being targeted.
  • Understand the likelihood of each user being attacked and the level of sophistication of the attacks on them.
  • Engage users to warn them about attacks, right at the point of risk, when they are about to fall for a phish, and measure their responses and behaviors over time.
  • Build up a picture of the risk associated with these inbound threats.

Once you have user risk data related to both inbound and outbound email activity, you can collate it to build up a far more granular picture than can be gleaned from just the DLP use cases.

To find out more about how Egress Intelligent Email Security can help you move from point email security solutions to a holistic solution to reduce human activated risk across both inbound and outbound emails click here.