When you’re a major player in a highly-regulated industry, it becomes even more important to ensure safeguards against data exfiltration to protect your customers and your business. The question becomes, “How do you scale your data loss prevention (DLP) operations when you’re handling a huge volume of daily transactions and thousands of potential security incidents?”
This post helps you understand the limits of commonly used solutions, as well as how to use Exabeam to improve DLP detection and match the scale at which such programs can operate.
The Limits of a Traditional DLP Setup
MUFG Union Bank is a leading full-service bank with more than 400 branches in California, Washington, and Oregon. It also has commercial operations throughout the U.S. Owned by The Bank of Tokyo–Mitsubishi UFJ, the fifth largest financial group in the world, it has been committed to its customers’ trust and loyalty for over 150 years.
The bank had already implemented a purpose-built DLP solution, but as typical of most such deployments, it relied on a single dimension, rule-based system. Security teams had to strike a balance between rules that captured events too broadly (generating a high number of false positives), or those that were too narrowly defined (resulting in a high number of false negatives or data loss).
The nature of such rules means that security teams often lack contextual awareness of DLP events. Union Bank recognized this and sought to increase its SOC operation efficiency by reducing the number of false positives. This meant finding a solution that would help them assess when legitimate business was being conducted.
DLP and UEBA: Better Together
To achieve clarity and additional contextual awareness, Union Bank added Exabeam to maximize its DLP investment. Exabeam’s user and entity behavior analytics (UEBA) solution automatically identifies behavioral anomalies to flesh out legitimate risks. It also lets teams analyze behavior alongside data from other tools, such as EDR, web proxies, and badge readers, to get a richer understanding of circumstances surrounding any given DLP incident. For additional DLP context, Exabeam also constructs incident timelines for all events it reviews.
The combined DLP + UEBA solution dramatically reduces the noise generated by DLP alerts and lets Union Bank bring its security efforts to scale. According to Nick Staff, managing director for enterprise information security, the benefits are tangible—when operating DLP it’s not uncommon for an organization to get 15,000 events a day. Each requires an estimated three minutes for a cursory investigation. This equates to 750 hours, or 94 person-days to review a single day’s worth of events. So unless you have 94 full-time DLP team members, you could never keep up. Instead you’re probably missing real incidents.
The Exabeam DLP analytics approach leverages machine learning, data science, and behavioral analysis to perform the heavy lifting. “Using an analytics approach—such as that employed by Exabeam—is like having a dedicated DLP analyst with unlimited capacity for reviewing events,” says Staff.
Thanks to its Exabeam deployment, Union Bank benefits from greater value from its DLP investment. It also frees up analysts to focus their attention on higher value activities.
Want more details on how to use Exabeam to turbocharge a DLP project?
Watch a video of the full case study here.