How Union Bank Gets the Most from Its Data Loss Prevention Solution - Exabeam

How Union Bank Gets the Most from Its Data Loss Prevention Solution

Published
February 23, 2018

Author
Orion Cassetto

When you’re a major player in a highly-regulated industry, it becomes even more important to ensure safeguards against data exfiltration to protect your customers and your business.

When you’re a major player in a highly-regulated industry, it becomes even more important to ensure safeguards against data exfiltration to protect your customers and your business. The question becomes, “How do you scale your data loss prevention (DLP) operations when you’re handling a huge volume of daily transactions and thousands of potential security incidents?”

This post helps you understand the limits of commonly used solutions, as well as how to use Exabeam to improve DLP detection and match the scale at which such programs can operate.

The Limits of a Traditional DLP Setup 

MUFG Union Bank is a leading full-service bank with more than 400 branches in California, Washington, and Oregon. It also has commercial operations throughout the U.S. Owned by The Bank of Tokyo–Mitsubishi UFJ, the fifth largest financial group in the world, it has been committed to its customers’ trust and loyalty for over 150 years.

The bank had already implemented a purpose-built DLP solution, but as typical of most such deployments, it relied on a single dimension, rule-based system. Security teams had to strike a balance between rules that captured events too broadly (generating a high number of false positives), or those that were too narrowly defined (resulting in a high number of false negatives or data loss).

The nature of such rules means that security teams often lack contextual awareness of DLP events. Union Bank recognized this and sought to increase its SOC operation efficiency by reducing the number of false positives. This meant finding a solution that would help them assess when legitimate business was being conducted.

DLP and UEBA: Better Together

To achieve clarity and additional contextual awareness, Union Bank added Exabeam to maximize its DLP investment. Exabeam’s user and entity behavior analytics (UEBA) solution automatically identifies behavioral anomalies to flesh out legitimate risks. It also lets teams analyze behavior alongside data from other tools, such as EDR, web proxies, and badge readers, to get a richer understanding of circumstances surrounding any given DLP incident. For additional DLP context, Exabeam also constructs incident timelines for all events it reviews.

Achieving Scale

The combined DLP + UEBA solution dramatically reduces the noise generated by DLP alerts and lets Union Bank bring its security efforts to scale. According to Nick Staff, managing director for enterprise information security, the benefits are tangible—when operating DLP it’s not uncommon for an organization to get 15,000 events a day. Each requires an estimated three minutes for a cursory investigation. This equates to 750 hours, or 94 person-days to review a single day’s worth of events. So unless you have 94 full-time DLP team members, you could never keep up. Instead you’re probably missing real incidents.

The Exabeam DLP analytics approach leverages machine learning, data science, and behavioral analysis to perform the heavy lifting. “Using an analytics approach—such as that employed by Exabeam—is like having a dedicated DLP analyst with unlimited capacity for reviewing events,” says Staff.

Thanks to its Exabeam deployment, Union Bank benefits from greater value from its DLP investment. It also frees up analysts to focus their attention on higher value activities.

Want more details on how to use Exabeam to turbocharge a DLP project?

Watch a video of the full case study here.

Recent DLP Articles

Understanding Cloud DLP: Key Features and Best Practices

Read More

Data Exfiltration Threats and Prevention Techniques You Should Know

Read More

Recent Ransomware Attacks Raise the Stakes for Data Exfiltration

Read More

Security Breaches: What You Need to Know

Read More

Data Loss Prevention Tools

Read More



Recent Information Security Articles

Ransomware’s Weakness: How to Turn Ransomware’s Achilles’ Heel Into the Defender’s Golden Hour

Read More

Why does the XDR market exist?

Read More

How UEBA Could Have Detected the SolarWinds Breach

Read More

An Exchange Vulnerability in Ransomware

Read More

Introducing Exabeam Alert Triage

Read More

An Outcome-based Approach to Use Cases: Solving for Lateral Movement

Read More