Data Classification: Providing the context, when you’re under attack
There are various threat detection and response tools available on the market which organisations use to detect if a breach has occurred, see how it happened, and how they can prevent it from happening again. These include security information and event management (SIEM) tools, user/entity behaviour analytics (UEBA) tools, endpoint detection and response (EDR) tools and incident response (IR) tools. Acting Upon Lost Data When a data breach occurs, there are two elements an organisation will need to look at:
- The Context
The organisation needs to determine the severity of the breach, where it occurred, how big it is, and what action they need to take - What Is The Priority
If there has been more than one breach at a time, the organisation will need to prioritise which is most important to fix first Despite being able to detect, or assist in detecting, a breach in the first instance, SIEM, UEBA, EDR and IR tools are unable to give granularity on the sensitivity of the data that has been lost in the breach. This means it is virtually impossible for an organisation to really understand the context of the breach, or what the priority really should be, by using threat detection and response tools alone.
Download the integration use case for the full article.