The Reveal Platform
With the deadline looming less than a year away, organizations are beginning to tool up to comply with the European Union General Data Protection Regulation. Failure to do so for all companies interfacing with any private citizen of the EU’s data will have stiff financial consequences. Finding the right solutions to facilitate compliance, and which work with vendor and data agnostic efficiency, are challenging the majority of organizations today. IDC Research observes that in Europe, with less than a year to go to EU GDPR’s mandate, 52% of enterprises are only now reaching ‘Dawning Realization’ of the requirement, while only 32% have achieved the minimal ‘Pragmatic Compliance’. Some experts estimate the state of awareness and compliance in the United States is far worse. Advanced Security Analytics represents an important solution component to effectively facilitate compliance with this requirement. This white paper explores the aspects of user and entity behavior analytics (UEBA), along with identity analytics (IdA), and how they work to address a critical component of the GDPR requirements.
The European Union General Data Protection Regulation (EU GDPR) is set to take effect on May 25, 2018. Its mandate dictates that data protection is a fundamental right, and the GDPR places rigorous policy principles on any organization that touches EU citizens’ personal data. Yet, to date, no technical definitions or requirements as seen with other regulations (e.g., PCI-DSS) have been issued by the EU GDPR regulatory authorities. Because of this, some enterprises are putting off commencement of developing their compliance strategy. Organizations do not need to be located in the EU to fall under this edict and there are certain components of preparation for this requirement that should begin independent of that release of information. These new regulations will impact any multinational company, including those in the U.S., that process personal data of EU citizens. As a result, enterprises will have to consider taking a risk-based approach to address the requirements for a collection of elements contained within these new directives. Among the critical highlights are breach notification within 72 hours and astronomical fines for noncompliance (4% of an enterprise’s worldwide revenue). Companies that manage EU consumer data are the most impacted for its confidentiality, integrity and security, including availability to restore data in a timely manner from a technical or physical incident. Beyond the obvious social, texting, photo sharing and email services, GDPR also includes enterprises handling such services as online banking, financial services, health portals, insurer payments, retail online sales, travel companies, and many more categories of data.
GDPR details a number of ‘rights of EU citizens’ with respect to how their personal data is used, for example:
One key principle is that data can only be collected “for specified, explicit and legitimate purposes”, meaning it won’t be acceptable to collect data first and then figure out how it could be used later. Also, only the minimum amount of data necessary to perform legitimate tasks may be collected. And data cannot be held in a format that allows easy identification of the people involved after it is no longer needed for the original purpose.
The criteria of the GDPR (found in Article 32 of the GDPR document) which designate that controllers and processers of targeted EU citizen data must ensure:
In addition, Article 25 indicates that organizations much be able to demonstrate to compliance auditors that their approach to EU GDPR governance aligns with state-of-the-art (SOTA) technologies and processes. This entails having a prioritized security focus that integrates a risk-based approach. Advanced security analytics, powered by machine legarning and working with UEBA and IdA, provide a comprehensive SOTA and risk-based set of solutions for confidentiality and integrity within the second category of the GDPR principles (in bold above).
An all-too-familiar challenge today within an enterprise’s hybrid environment is: How do machine learning models share analytics between vendor A for SIEM (security information and event management), vendor B for IAM (identity access management), and vendor C for a CASB (cloud access security broker)? Forward-leaning CISOs see big data as a horizontal plane where its volume and variety provide the context for machine learning models to deliver useful analytics not restricted in its utility to a single siloed solution. Closer examination of behavior analytics presents another critical horizontal plane that must be acknowledged: identity. Analyzing access and activity of a user for their accounts and entitlements is ground zero for predictive risk scoring. Activity alone fails to provide enough context and visibility. The gap between activity and access must be closed to fully evaluate customer information risk. In order to comply with GDPR, organizations must understand and evaluate who has access to customer data: is it appropriate for their business function and are they using it properly.
Failure to address this challenge demonstrates EU GDPR SOTA incompatibility, since being unable to address multiple silos holistically with a single security solution reflects a seriously outdated security strategy.
The typical security solution silo approach for big data and analytics is dysfunctional because the silos are standalone, and no correlation with other silos of data is possible. The most effective solutions involve maintaining a horizontal plane perspective of identity and big data that crosses all silos of data. Early adopters of this approach have discovered the advantages of migrating to big data lakes in order to store data for long-term value at the lowest cost. To maximize that benefit, solutions should run analytics on top of customer-selected big data lakes to avoid reading and storing the data more than once. Vendors A, B and C provide data inputs while receiving analytic responses with risk scores working on a horizontal plane. Customer adoption for a solution silo should not restrict the machine learning analytics available, nor should data be held hostage within closed solutions.
In the past few years, more than 90% of all data in existence has been generated. We’ve entered a dynamic new era, where environments struggle with rapidly expanding digital exhaust. Behavior can determine identity, access risks, unknown threats, and integrity through machine learning models, but only if security leaders maintain a horizontal and holistic perspective.
In doing so, organizations are able to integrate security context from the cloud, enterprise applications and infrastructure. With that perspective in mind, CISOs facing the EU’s GDPR challenge must seek advanced security analytic platforms that can accommodate all these requirements. These platforms must be able to optimally mesh UEBA and IdA, with vendor agnostic efficiencies, across the entire multi-siloed hybrid environment, to deliver holistic visibility and risk-based analytics. In doing so, they deliver a state of the art and optimal focus on the core pillars of information security’s CIA triad (confidentiality, integrity and accessibility), and more recently added ‘safety’.
“Gurucul really stood out because the analytics engine was the most powerful. I don’t think there’s a day that goes by where we don’t have a new interesting use case. we didn’t think of before. We’re down to the level of ingesting physical security logs from our parking ramp to determine who is here. Could they really have done what they did? They weren’t even at the building. These types of use cases, there’s really no end to it.”
– William Scandrett, CISO, Allina Health
While no single platform solution is able to provide for 100% of all the GDPR requirements, a selection of security solution providers have components in their solution sets that address a selection of or individual requirements associated with the forthcoming regulation. Identifying which ones work for a particular customer is critical to achieve for planning compliance with the looming mandate. Failure to do so, of course, will have costly consequences for any organizations falling on the failure side of the legislation.
Advanced security analytics, consisting of an integration of user and entity behavior analytic along with identity analytics for both on-premises environements and cloud, addresses one half (highlighted in bold below) of the security functionality requirements needed to be in full compliance. These areas consist of:
UEBA and IdA work with the six categories above (in bold). The operative security solution approach by which they support the GDPR challenge consists of:
UEBA’s threat analytics deliver systematic analysis to deter, detect, and prevent insider threats, compromised accounts and data exfiltration, with multiple machine learning models for specific use cases. Identity is a threat plane that modern threats compromise, hijack and misuse for data breaches. Machine learning clustering and outlier analysis with dynamic peer groups uniquely uncover and risk score these holistically, minimizing false positives and enabling prompt, targeted remedial or automated risk responses.
IdA’s access analytics involves detecting access risks, access outliers, excess access, shared high privileged access (HPA) accounts, as well as orphan and dormant accounts. In addition, it reduces the attack surface area for identities with machine-learning-based intelligent roles, replacing roles defined by manual processes and legacy rules. Identity analytics also reduces identity management manual processes, improves and often automates provisioning, and also cleanses identity as an access plane for compliance and audits. The key to IdA deployments is bidirectional API integration with identity access management solutions to access data for machine learning and provide risk-scored identity analytics.
These solutions’ analytic operative capabilties and use cases within each GDPR category are discussed in greater detail below.
Segregation of duties (SoD) is an essential control over sensitive transactions. Role-based authorization and access often causes unknown conflicts in securing these transactions. Identity analytics automatically reviews existing roles and entitlements across systems and identifies inter- and intra-application segregation of duty risks. When these risks are identified, the identity analytics solution via API integration can temporarily disable the access and send a notification to the business owner. The business owner can choose to accept the risk and allow the access, or deny the access.
In both situations, identity analytics solutions should support configurations to send updates to the business owner and to the identity management/access request system to ensure the central audit log is maintained.
Benefits
A majority of privileged access (PA) often resides outside traditional access inventory and management systems working at a coarse grain account level with legacy and manual tracking methods. Acknowledging that privileged access may come from entitlements for users outside an established privileged access group, the issue of effective management and security assurance is a critical concern. Managing privileged access effectively originates with privileged access discovery at the entitlement level as it defines privileged access, not the account level. This begins with understanding who has PA with high privileged entitlements that may have escalated after provisioning or exist within applications and unstructured data. Most organizations understand that system administrator or shared accounts are traditionally managed and controlled by IAM or PAM solutions. However, beyond that scope are regular accounts with privileged access entitlements and privileged functions without a group association or legacy tracking method. Privileged access discovery involves a comprehensive identification of privileged entitlements analyzing access and activity across an entire organization’s solution silos to assure a complete accounting of these privileged entitlements and accounts is achieved.
Benefits
This use case identifies high privileged access (HPA) abuse by leveraging the combination of accounts, access and activity data. Typically, accounts and access data is ingested from IAM, PAM and/or directory services platforms to identify HPA accounts and discover any non-HPA accounts granted high privileged entitlements. Additionally, the activity data is ingested from enterprise level audit or log sources (e.g., SIEM or log aggregators) or obtained directly from the target data sources. Once HPA accounts are identified, UEBA can detect suspicious behavior and misuse such as: using HPA to assign special or elevated privileges to the user’s own account followed by an activity, transactions outside the window of password value checkout and check-in timeframe. This also includes access to resources and transactions outside normal behavior profiles, abnormal access to classified or sensitive documents, multiple concurrent sessions from the same account, different IPs, devices, locations, etc. Configuration change management and secure system configuration are also areas of potential risk and high privileged access abuse.
Benefits
Cloud security analytics addresses privileged access abuse via API integration with IaaS, PaaS and IDaaS solutions. This provides visibility to high privileged access (HPA) accounts. This also includes instances where privileged access entitlements are assigned to non-HPA accounts, creating a high-risk situation. SaaS cloud applications and other activity data sources, including CASB proxy gateways for shadow IT detection, enable machine learning models to find anomalous outliers for predictive risk scoring to drive alerts, actions and case tickets. Shared HPA cloud accounts are also included in this analysis. Once HPA cloud accounts are identified, cloud analytics models can detect suspicious behavior or misuse. This would include: using HPA to assign special or elevated privileges to the user’s own account followed by an activity; transactions outside the window of password value; checkout and check-in timeframe; access to resources or transactions outside normal behavior profiles; abnormal access to classified or sensitive documents; multiple concurrent sessions from the same account with different IPs, devices, locations, etc.
Benefits
Identity analytics delivers a range of critical access control use cases that support the requirements of the EU GDPR. With them access control capabilities are fortified. They are:
IdA identifies high-risk systems access by consuming access entitlements (rights) data from application and platforms. This use case identifies access that is considered high-risk including: privileged access, access improperly segregating duties, dissimilar access compared to peers and infrequent access to systems. The average user has more than 100 entitlements, making certification a time-consuming process for managers. Organizations realize managers are too often approving all certification requests without actually validating each one. Certifications are typically a quarterly or yearly process leaving organizations at risk with employees having extended access to which they should not be entitled. Using identity analytics integrated with identity and access management (IAM) systems, organizations can detect access outliers, leveraging peer groups of users, to trigger certifications for outlier access.
Benefits
Outlier access capabilities can be extended to automatically send risk-based certifications to the business when outlier access is identified. Identity analytics uses multiple parameters to drive risk-based certification, including a user’s overall risk score, entitlement and account level risk score, and outlier scores from a context-rich configurable UI. Configurations may include several context points such as: access risk rating, peer group metrics, outlier risk scores and status recommendations. Mature identity analytics solutions can send built-in certifications, or use APIs to integrate with other enterprise solutions to send certifications to end users or account owners for review.
Benefits
Identity analytics identifies dormant and orphan accounts. These accounts can be sent to system owners or administrators for review. Action can be taken, based on their response, to assign the account to an end user, or remove the account from the system.
Benefits
Dynamic access provisioning can be used to determine access-control permissions and restrictions based on a user’s risk score. Risk scores are defined by machine learning algorithms from identity analytics. They take into account several points of context including: user behavior, resource sensitivity, the job or role of the user, access of the user versus their peers, and the configuration of the device used to access resources. Dynamic access provisioning should also automatically update user permissions independently without additional administrator intervention when the user’s job or role changes. Example 1: Identity analytics determines user permissions when a user accesses a resource from their office computer versus when they use BYOD over a virtual private network. Access may be reduced if the device is considered high risk (unknown, not patched, unusual location, etc.). Example 2: A user switches jobs, identity analytics identifies the job change and new peer groups are identified. Dynamic access provisioning automatically updates user permissions without administrator intervention for low-risk situations.
Benefits
Identity analytics can be used to review existing roles, or mine and define new roles. Unlike traditional role mining, identity analytics uses machine learning algorithms that take into account access and activity. This ensures unused and unneeded access is removed from roles during the definition process. Roles can be easily exported for consumption by provisioning systems.
Benefits
Three advanced security analytics uses cases apply to data loss prevention for GDPR. They are:
UEBA identifies data exfiltration and protects intellectual property by ingesting data sources such as DLP and data classification to learn important data locations, access and application activity. Risk scoring DLP alerts are a primary benefit of UEBA machine learning to reduce alert fatigue and prioritize ‘find-fix’ resources. Analysis by UEBA includes on-premises and cloud applications for a 360-degree view of data access and activity. This approach helps customers prioritize DLP alert investigations, as well as identify and monitor even the low severity DLP alerts associated with departing users or high-risk users. UEBA solutions traditionally provide out of the box (OOTB) machine learning models which can identify known patterns such as: sensitive documents downloaded and copied to USB; large amounts of source code checked out from source code repositories and file uploads to cloud storage; emails to personal accounts; access to competitor and/or job websites, etc. Solution customers have also extended UEBA alerts beyond SOC analysts to project managers, given their depth of context and relevance regarding employees, data and projects. Self-audits can also provide deterrence for data access and unsanctioned activity.
Benefits
UEBA addresses the alert fatigue issue of SIEM (security information and event management) and DLP (data loss prevention) solutions by aggregating the risk scores at the user and entity level, rather than generating a huge number of alerts at the transaction or event level. This allows SOC analysts to focus on the high-risk identities and the associated anomalies detected by UEBA. The result is a significant reduction in the number of alerts.
This use case employs bidirectional integration via APIs enabling SIEM and DLP data ingestion into UEBA as it provides risk scores back to these systems to allocate ‘find-fix’ resources. SIEM, AD and DLP solutions provide critical data sources for additional context related to identity profile information and the corresponding access grants (accounts, entitlements), also including the activity and alerts data ingested from on-premises and cloud applications in hybrid environments. While SIEM and DLP solutions work with known variables and identifiers via open queries, rules, patterns and signatures, UEBA detects the unknown via robust machine learning behavior models. Leveraging clustering and outlier algorithms, the models identify anomalies for predictive risk scoring. UEBA examines the data from an identity-based perspective analyzing user or entity behavior against itself and peer groups using baseline norms. As companies migrate to the cloud for applications and data, the role of UEBA becomes more essential for security events and data protection.
Benefits
UEBA addresses cyber fraud use cases for treasury, accounting, payments and areas concerning funds transactions. Here the UEBA solution would provide a flexible data model open to attributes from commercial or homegrown treasury and accounting systems to be considered for behavioral analytics from machine learning models. UEBA solutions have been deployed for merchant solutions to monitor for cyber fraud and account compromise. A real-world scenario: in April 2016, SWIFT acknowledged attackers had obtained valid credentials for operators to create and approve SWIFT messages. Over 11,000 financial organizations that use SWIFT daily to transfer billions of dollars were jeopardized by this cyber fraud. SWIFT and supporting vendors issued patches and made recommendations to detect fraudulent use. However, the substantial volume of data is too overwhelming and the signals are too fine grained for analysis by humans. Ingesting data on access and activity from treasury, accounting and payments areas within organizations, UEBA allows organizations to integrate their cyber fraud models and risk frameworks, providing significant benefit of leveraging existing investments and security models in alignment with business context. The use of self-audits may also support this use case.
Benefits
Advanced UEBA insider threat detection and deterrence leverages research drawing from extensive insider threat databases of real-world incidents to develop, test and refine machine learning (ML) behavior models. Identifying high-risk profiles with abnormal behaviors in conjunction with data risk monitoring, machine learning and statistical analysis, reveals anomalies in data that humans could not otherwise recognize or detect. As a force multiplier, ML far surpasses human capabilities and software engineering for managing large volumes and varieties of data. True machine learning also has the ability to find high-order interactions and patterns in data for complex problems such as insider threats, compromised accounts and data exfiltration. It does this by leveraging useful and predictive cues that are too noisy and highly dimensional for human experts and traditional software to detect. A 360-degree dashboard provides visibility of an identity’s accounts, access and activity for on-premises and cloud hybrid environments. A self-audit feature may support this use case adding deterrence and increasing security awareness for users.
Both access and activity are risk scored for anomalous events with results visible to employee managers and SOC analysts.
Benefits
One of the Top 10 OWASP (Open Web Application Security Project) vulnerabilities is related to the ‘Broken Authentication and Session Management’ scenario. Here, attackers exploit vulnerabilities through attacks such as Pass-the-Hash (PtH), Pass-the-Token (PtT), Brute Force and Remote Execution to gain access to user credentials (passwords or hash). Such attacks can be detected using the underlying machine learning algorithms tuned to inspect various parameters like timestamp, location, IP, device, transaction patterns, high-risk event codes and network packets, to identify any deviation from the normal behavior of a particular account and the corresponding transactions. This facilitates the detection of any potential account compromise or hijacking scenarios based on the anomalous behavior patterns such as: abnormal access to high-risk or sensitive objects; abnormal number of activities; requests in a short time frame; activity from terminated user accounts, or dormant accounts; PtH attacks and session replay attacks. Anomalies identified via clustering machine learning models and outlier analysis inconsistent with a user or peers’ normal behaviors are given risk scores based on predictive analytics, to drive alerts, actions and case tickets. Self-audits (reviewed below) may also support this use case.
Benefits
A self-audit feature deputizes users into a collaborative relationship with security analysts to provide context and relevance not available to SOC teams. This multiplier of ‘eyes on glass’ applies to employees, business partners and suppliers, agents in hub-spoke organizations, and in some cases, customers. All of these parties are likely to have one or more accounts with access entitlements to critical applications and data. A frequently issued (usually weekly) self-audit report provides visibility for access, devices, locations and risk-scored anomalous behavior providing both detection and deterrence for end users. A case in point: a self-audit was implemented by a company where an employee was out of office on a Wednesday due to a sick child. This employee never logged into her accounts on that day. A self-audit report sent to this individual on the following Friday showed account activity on Wednesday when the employee knew they had not logged in. Further investigation by security analysts discovered the account had been compromised for over three-and-a-half years, where the employee had high privileged access (HPA) to critical applications and data.
Benefits
UEBA addresses anomalous behavior with watch lists to quickly profile and maintain an eye on unknowns and apply escalating predictive risk scores. Machine learning behavior models are designed to deliver feedback on false positives and negatives and then update self-learning and self-training models to adapt to time-based norms and conditions unique to each customer deployment. For example, a database administrator may create a script that runs several commands with security implications at 2 a.m. each evening.
This user is an innovator, working to improve the enterprise’s productivity. However, machine learning models will see these commands during non-business hours as an anomaly and risk score accordingly. Feedback from the models can note the situation is benign. Nonetheless, the database administrator should be put on a watch list. Watch lists also come pre-defined within UEBA for common high-risk groups like new hires, departing users, terminated users, and high-risk users. These groups should be easily accessed in dashboard drop-down menus to analyze risk scores, anomalies, accounts, access, activity and timelines. UEBA also supports explicitly adding or removing identities within watch lists.
Benefits
Security information and event management solutions (SIEMs), by themselves, are ineffective at behavior analytics, plus they lack support for a wide timespan of data, advanced correlations, and support for a variety of critical data for context including unstructured data. Also, threat hunting for unknown threats, such as insiders, compromised accounts and data exfiltration, leads to fatigue from futility with SIEM queries, filters and pivots. There is simply too much data as it doubles every year and this leads to adopting big data for the long-term storage of data for value at a lower cost. This represents a significant added challenge to fulfilling GDPR mandate requirements. Leveraging the context of big data with behavior analytics for risk scoring to prioritize incidents for security analysts is only half of the solution. The use of bidirectional API integrations between solutions to provide risk scores on demand and collect feedback or data provides a closed-loop deployment for automated risk response. This enables step-up multifactor authentication based on risk scores or reduced workloads with dynamic access provisioning as examples.
Automated risk response closed-loop use cases that support the GDPR mandate include:
User & Entity Behavior Analytics
Identity Analytics
The automated risk response closed-loop use cases above are covered in greater detail within different categories of the related GDPR use cases found earlier in this white paper.
While the 16 use cases above address a number of critical needs within the GDPR mandate, the issue of custom use case needs, unique to an organization, cannot be ignored. Having the ability to develop these use cases that have a step-by-step graphical interface that requires no coding and a minimal knowledge of data science is an added advantage which also speaks to the GDPR SOTA requirement. The capabilities of custom use case development should include: an advanced analytics framework, decoupled big data, flexible data connections, analytics response code and model optimization per environment. In addition, having a team of data scientists from the advanced security analytics vendor strengthens an organization’s confidence for of compliance SOTA alignment.
As the deadline approaches, those who have not already begun their transition plan are now starting to do so. A number of the general areas where this planning needs to address include:
| GDPR Preparation Category | Action |
| People: Organizational Resources | Designate executive sponsor and technical lead. Determine requirements (internal or outsource) for GDPR Data Protection Officer. |
| Process: Data audit, inventory and classification | Identify relevant EU personal data along with data flows and any systems that interface with the data, whether internal, third party or backup. |
| Process: Risk and gap analysis | Assess risk based on data variety, volume and processing systems. Identify gaps in processes or technology capabilities that ensure data processing integrity. |
| Process: Access and activity logging for anomalous behavior | Implement and maintain monitoring of all access and activity of GDPR related systems, with special visibility on data access and activity across all silos and domains with a risk-based approach to ensure holistic global security. |
| Technology: Controls alignment with GDPR | Identify existing control sets within the organizational environment that align with compliance requirements. Identify security technology gaps, especially with the SOTA requirement, and plan for technology adjustments and adoptions in a measured, phased approach. Technology consulting partners may be required. |
With the drastically reduced reporting time requirement (from 90 days to 3) for breached personal data, having a SOTA mature machine learning security analytics solution in place strengthens organizations assurance that they have the best and most responsive risk-based tools available for quick reporting and remedial action. Additional benefits of advanced security analytics include:
SOTA- Empowered security capabilities and quality – The mature capabilities of UEBA-IdA solution, augmented by targeted closed-loop automated risk response use cases, provide robust and optimal advanced security analytics across a range of on-premises, cloud and hybrid environments, scoring the gray areas of unknowns and minimizing false positives. The result is improving the focus of ‘find-fix’ resources, and optimizing the time of security analysts, efficiency in the SOC, making operations and people more productive.
Comprehensive shadow IT management – IT groups within organizations no longer need to face the significant risk of unknown, unmanaged and ungoverned data being accessed through shadow IT solutions by employees in these unsanctioned cloud services that can put the entire organization in jeopardy with their use. Comprehensive risk-scored access and holistic activity monitoring across all silos ensures control of shadow IT activity.
Roles-based access controls and data masking – Mature capabilities to define new roles with access controls for data and actions. Also data masking through workflow for incident management ties into roles-based access controls. This enables a tiered hierarchy for access and visibility to meet EU privacy and GDPR regulations.
Optimized, discovery, monitoring and visibility in 4 core GDPR compliance areas – Addressing administrator controls and separation of duties, access control, data loss prevention and user activity monitoring, this solution provides the baseline ability to view the full context of a user’s access and activities, both legitimate and anomalous. The SOTA and mature solution also includes analytics for hybrid environments, providing a combined 360-degree view for identity, and risk-scored behavior anomalies, driven by machine learning, as part of a newly recognized state-of-the-art UEBA standard, along with its empowered ability in interface with IdA and cloud
security analytics (CSA) for increased efficiencies.
Improved productivity and cost savings – Extending beyond the benefits of GDPR compliance, the solution adds value to the organization’s bottom line. By having holistic visibility across all an organization’s environments, users and devices, SOC teams’ efficiencies are maximized, delivering cost savings. In addition, as enterprises migrate to cloud applications, the ability to expand platforms without adoption of additional solutions helps to minimize costs.
Accelerated discovery and reporting capabilities via Self-audit – With the self-audit feature, the rich context of users is leveraged in a collaborative relationship with SOC teams and managers to quickly identify anomalous behavior with a low false positive rate via high-risk-scored ad hoc reports or via a regular reporting schedule. Because of the scheduled reporting being regularly reviewed by employees plus ad hoc delivery determined by risk score, this strengthens an organization’s procedural ability to report effectively within the GDPR’s 72 hour requirement. Self-audits also provide GDPR security awareness and deterrence. They also apply to many use cases, including insider threat
With the lighting speed that the EU GDPR is approaching, organizations must assure that the security strategy they have selected is reliable and proven. With the steep fines of 4% of an organization’s worldwide revenue at stake for failure to comply, the incentive is strong to get the right solution in place. However, a majority of business leaders are only becoming aware of this requirement in Europe, and estimates are that in North America awareness is even lower. Yet non-compliance is not an option. The only outcome of non-compliance and a breach are steep
fines and an expensive lawsuit that they are fated to lose if they try to contest the fines. With that in mind, it behooves the security leaders to assure that their organization has an EU GDPR plan and that the solution they have chosen is vendor and data agnostic. This assures that the most compatible security solution is in place. In addition, because of the speed of compliance (now 3 days as opposed to the earlier requirement of 90 days) speed is of the essence. With that in mind, solutions that are SOTA, driven by mature machine learning and with suitable automated response closed loop use case capabilities, are in the best position to provide a comprehensive risk-based and holistic solution for organization with large environments, especially those that are global in nature. It makes sense to choose a mature advanced security analytics partner to cover the applicable fundamental GDPR security controls listed in this white paper.
