How to Investigate a DLP Alert

How to Investigate a DLP Alert [Video Series]

Published
July 16, 2019

Author

Reading time
2 mins

Data loss prevention (DLP) is a set of tools and processes used to protect the integrity of business information. It classifies data then attempts to prevent end users from moving sensitive or high-value information out of the corporate network. The term DLP is most commonly used in reference to the tools that allow a network administrator to monitor data accessed and shared by end users.

DLP solutions monitor interaction with data and secure organizations against known threat patterns. However, malicious insiders and sophisticated attackers can act in ways that do not match any known pattern or cannot be captured by static DLP security rules. A modern SIEM tool built with behavioral analytics technology like Exabeam Advanced Analytics is able to easily detect data exfiltration attempts for known or unknown attacks. This is accomplished by creating baselines for normal user and entity behavior, then identifying high risk and anomalous activity that deviates from normal behavior as a result of the attack techniques adversaries employ.

In this video, we simulate a DLP alert investigation in a legacy SIEM tool using logs collected in Exabeam Data Lake and then compare it with a modern SIEM’s approach by using Exabeam Advanced Analytics to perform the same investigation. Key advantages of DLP investigation with Exabeam Advanced Analytics include:

  • Improved analyst productivity using prioritized DLP alerts which zero in on alerts that also exhibit a high degree of anomalous user or machine activity
  • Reduced time required to investigate DLP alerts using Exabeam Smart Timelines which automatically stitch together both normal and abnormal behavior into machine built incident timelines

Watch the video below for a step-by-step walkthrough of a DLP incident investigation using a modern SIEM.

Similar Posts

What is DLP? Data Loss Prevention for Critical Business Information

Data Loss Prevention Policy Template

Data Loss Prevention Solutions: Making Your Choice




Recent Posts

What’s New in Exabeam Product Development – September 2022

Exabeam News Wrap-up – Week of September 19, 2022

Exabeam News Wrap-up – Week of September 12, 2022

See a world-class SIEM solution in action

Most reported breaches involved lost or stolen credentials. How can you keep pace?

Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.

Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.

Get a demo today!