The increase in remote work, easy access to data and tools, and high employee turnover has heightened the risk of data loss and insider threats. According to CISOs, nearly two-thirds (63%) of businesses experienced sensitive data loss in the past year, while insider threats have surged by 44% in recent years.
These challenges require security teams to identify and prevent risky behavior to minimize damage. It is essential to recognize that data doesn't lose itself; people are responsible for its loss. Therefore, modern information protection strategies must prioritize individuals.
However, information protection directly impacts end users, making it crucial for security teams to implement controls and monitoring without compromising user experience or performance. Let's explore how this can be achieved:
To effectively monitor both everyday and risky users while preserving user experience and productivity, Proofpoint offers a combined data loss and insider threat solution. This solution utilizes a single lightweight endpoint agent with the following advantages:
The monitoring capabilities differ based on user types:
A real-life example of the value of such monitoring arises with departing employees. Once an employee gives notice, they may start preparing for their next opportunity, potentially intending to take sensitive data with them. In this scenario, the departing employee transitions from being an everyday user to a risky user, leading to increased monitoring, including the capture of screenshots.
A global hospitality company faced a similar use case and turned to Proofpoint's converged Endpoint DLP and Insider Threat Management (ITM) solution. By implementing this solution, the company achieved increased visibility into the activities of both everyday and risky users, ultimately saving costs. The company had previously used Proofpoint ITM on a small number of risky users but desired to expand monitoring capabilities due to growing employee turnover and increased remote work. Budget constraints were a challenge, but the converged solution provided the needed visibility and flexibility without the requirement for two separate agents. Presently, the company monitors 18,000 users with Proofpoint Endpoint DLP and a small subset with ITM, dynamically applying the risky user policy as necessary.
To further enhance visibility and efficiency, Proofpoint Endpoint DLP and ITM are integrated into Proofpoint Sigma, an information protection platform. This platform assists companies in preventing data loss, investigating insider threats, and blocking cloud-related risks. With the unified console provided by Proofpoint Sigma, security teams can view and investigate alerts generated from endpoint, email, cloud, or web activities, eliminating the need to pivot between multiple tools.
By leveraging a single endpoint agent, businesses can protect their data with enhanced visibility and flexibility. Monitoring every day and risky users ensures a comprehensive approach to information protection without compromising user experience or system performance.