The new functionality allows organizations to set policies to define sensitive data, know exactly where this data is on specific endpoints, and take remedial action if its security is endangered.
Security vendor Absolute has beefed up its Absolute Data & Device Security (DDS) suite with the addition of Endpoint Data Discovery (EDD), a new feature that provides audit functionality for data on endpoints, to permit better awareness of the location of sensitive data and enhance the ability to protect it. It lets an organization respond based on the actions of the user, the behavior of the device, and the data that is at risk.
“EDD is a new capability introduced as part of the suite which allows organizations to shine a light on dark data at endpoints,” said Ali Solehdin, Senior Product Manager at Absolute. “Out of the box, it lets organizations easily create policies to identify the type of data that’s important to them as an organization, so they bubble up to the top. They can then track it, and take remedial action if it is threatened.”
EDD uses Absolute’s Persistence technology to maintain a two-way connection with each device, even when the devices are off the network. This persistent connection makes IT aware of where a device is, so that data can be deleted if it is in a location it shouldn’t be in, or if it is outside the control of someone who is authorized to have access to it.
“This is an entirely new capability for us,” Solehdin said. “When we spoke with customers, we found that one of their pain points was that they had a difficult time doing inventory on data on their endpoints. Employees take them home, or on the road, so we often wouldn’t know where the device is. The first step is knowing where data is. We are able to address this issue by leveraging our knowledge of the endpoint. We can now identify the sensitive information there, determine where it is with geolocation, and tie it in with remediation capabilities. You can do a data delete even when you don’t have control of the device.”
A key use case for EDD is for compliance purposes. It provides detailed reporting for regulatory compliance, which can indicate that no sensitive data was stored on a compromised device when a security incident took place, and thus show that no data was breached.
“We fully expect, based on customer feedback, that this will be particularly important for regulated industries, but it also has relevance beyond that,” Solehdin said. “Any organization with confidential documents can create custom endpoint data discovery rules to define terms that are relevant to them and their own organization.”
Solehdin stated that another key use case is around insider threats.
“We know that 50 per cent of users steal data when they leave an organization – that’s a malicious threat,” he said. “We also know that 62 per cent of breaches are due to errors – negligent insider threats. Being able to identity who these insiders are becomes an important use case, especially in non- regulated organizations.”
Endpoint Data Discovery is available now with the release of Absolute DDS 6.