How Union Bank Gets the Most from Its Data Loss Prevention Solution - Exabeam

How Union Bank Gets the Most from Its Data Loss Prevention Solution

Published
February 23, 2018

Author
Orion Cassetto

When you’re a major player in a highly-regulated industry, it becomes even more important to ensure safeguards against data exfiltration to protect your customers and your business.

When you’re a major player in a highly-regulated industry, it becomes even more important to ensure safeguards against data exfiltration to protect your customers and your business. The question becomes, “How do you scale your data loss prevention (DLP) operations when you’re handling a huge volume of daily transactions and thousands of potential security incidents?”

This post helps you understand the limits of commonly used solutions, as well as how to use Exabeam to improve DLP detection and match the scale at which such programs can operate.

The Limits of a Traditional DLP Setup 

MUFG Union Bank is a leading full-service bank with more than 400 branches in California, Washington, and Oregon. It also has commercial operations throughout the U.S. Owned by The Bank of Tokyo–Mitsubishi UFJ, the fifth largest financial group in the world, it has been committed to its customers’ trust and loyalty for over 150 years.

The bank had already implemented a purpose-built DLP solution, but as typical of most such deployments, it relied on a single dimension, rule-based system. Security teams had to strike a balance between rules that captured events too broadly (generating a high number of false positives), or those that were too narrowly defined (resulting in a high number of false negatives or data loss).

The nature of such rules means that security teams often lack contextual awareness of DLP events. Union Bank recognized this and sought to increase its SOC operation efficiency by reducing the number of false positives. This meant finding a solution that would help them assess when legitimate business was being conducted.

DLP and UEBA: Better Together

To achieve clarity and additional contextual awareness, Union Bank added Exabeam to maximize its DLP investment. Exabeam’s user and entity behavior analytics (UEBA) solution automatically identifies behavioral anomalies to flesh out legitimate risks. It also lets teams analyze behavior alongside data from other tools, such as EDR, web proxies, and badge readers, to get a richer understanding of circumstances surrounding any given DLP incident. For additional DLP context, Exabeam also constructs incident timelines for all events it reviews.

Achieving Scale

The combined DLP + UEBA solution dramatically reduces the noise generated by DLP alerts and lets Union Bank bring its security efforts to scale. According to Nick Staff, managing director for enterprise information security, the benefits are tangible—when operating DLP it’s not uncommon for an organization to get 15,000 events a day. Each requires an estimated three minutes for a cursory investigation. This equates to 750 hours, or 94 person-days to review a single day’s worth of events. So unless you have 94 full-time DLP team members, you could never keep up. Instead you’re probably missing real incidents.

The Exabeam DLP analytics approach leverages machine learning, data science, and behavioral analysis to perform the heavy lifting. “Using an analytics approach—such as that employed by Exabeam—is like having a dedicated DLP analyst with unlimited capacity for reviewing events,” says Staff.

Thanks to its Exabeam deployment, Union Bank benefits from greater value from its DLP investment. It also frees up analysts to focus their attention on higher value activities.

Want more details on how to use Exabeam to turbocharge a DLP project?

Watch a video of the full case study here.

Recent DLP Articles

Understanding Cloud DLP: Key Features and Best Practices

Read More

Data Exfiltration Threats and Prevention Techniques You Should Know

Read More

Recent Ransomware Attacks Raise the Stakes for Data Exfiltration

Read More

Security Breaches: What You Need to Know

Read More

Data Loss Prevention Tools

Read More



Recent Information Security Articles

Expand Coverage Against Threats with Exabeam Content Library and TDIR Use Case Packages

Read More

Demystifying the SOC, Part 2: Prevention isn’t Enough, Assume Compromise

Read More

How Attackers Leverage Pentesting Tools in the Wild

Read More

The Differences between SIEM and Open XDR

Read More

Why I Joined Exabeam

Read More

Exabeam Growth and the Opportunity Ahead

Read More