How to Investigate a DLP Alert

How to Investigate a DLP Alert [Video Series]

Published
July 16, 2019

Author
Pramod Borkar

Conducting a successful DLP incident investigation depends on if you are using a legacy SIEM or a modern SIEM. Our video shows you how a modern SIEM can help you protect the integrity of your data.

Data loss prevention (DLP) is a set of tools and processes used to protect the integrity of business information. It classifies data then attempts to prevent end users from moving sensitive or high-value information out of the corporate network. The term DLP is most commonly used in reference to the tools that allow a network administrator to monitor data accessed and shared by end users.

DLP solutions monitor interaction with data and secure organizations against known threat patterns. However, malicious insiders and sophisticated attackers can act in ways that do not match any known pattern or cannot be captured by static DLP security rules. A modern SIEM tool built with behavioral analytics technology like Exabeam Advanced Analytics is able to easily detect data exfiltration attempts for known or unknown attacks. This is accomplished by creating baselines for normal user and entity behavior, then identifying high risk and anomalous activity that deviates from normal behavior as a result of the attack techniques adversaries employ.

In this video, we simulate a DLP alert investigation in a legacy SIEM tool using logs collected in Exabeam Data Lake and then compare it with a modern SIEM’s approach by using Exabeam Advanced Analytics to perform the same investigation. Key advantages of DLP investigation with Exabeam Advanced Analytics include:

  • Improved analyst productivity using prioritized DLP alerts which zero in on alerts that also exhibit a high degree of anomalous user or machine activity
  • Reduced time required to investigate DLP alerts using Exabeam Smart Timelines which automatically stitch together both normal and abnormal behavior into machine built incident timelines

Watch the video below for a step-by-step walkthrough of a DLP incident investigation using a modern SIEM.

Recent DLP Articles

Understanding Cloud DLP: Key Features and Best Practices

Read More

Data Exfiltration Threats and Prevention Techniques You Should Know

Read More

Recent Ransomware Attacks Raise the Stakes for Data Exfiltration

Read More

Security Breaches: What You Need to Know

Read More

Data Loss Prevention Tools

Read More



Recent Information Security Articles

Ransomware’s Weakness: How to Turn Ransomware’s Achilles’ Heel Into the Defender’s Golden Hour

Read More

Why does the XDR market exist?

Read More

How UEBA Could Have Detected the SolarWinds Breach

Read More

An Exchange Vulnerability in Ransomware

Read More

Introducing Exabeam Alert Triage

Read More

An Outcome-based Approach to Use Cases: Solving for Lateral Movement

Read More