Security

Security Monitoring Data Access

Monitoring Data Access

When it comes to monitoring data using traditional monitoring tools, enterprises typically experience a number of challenges.

 

Especially the real-time reaction to new data being created, existing data being modified, and irregular activity relating to sensitive documents requires an extension to simple scanning and slow classification.

 

Monitoring Data Access

We have extended the Focus platform to respond to new data or modified data events from sources such as file servers and CloudTrail that allow classification of new data in significantly less than 1 second (dependent on the file size).

 

This allows new and recently modified data to fall under the protection of your DLP systems (if present) immediately. By monitoring such event activity across multiple streams and sources, and crucially, knowing which files contain sensitive data, we have also expanded our system to perform Complex Event Processing (CEP) and User Behaviour Analytics (UBA) with machine learning models to detect anomalous behaviour with low false positive rates. This gives you confidence that the reported incidents are real and remediation can be performed.

 

We can push alerts to external platforms such as Security Incident Event Management (SIEM) systems such as IBM QRadar or Exabeam, push alerts to syslog, send emails, or execute external scripts. Handling data access as it happens closes the loop for the Focus platform that is the perfect solution for your unstructured data protection needs.

Speak to one of our experts