If the software notices more worrisome activity, such as a USB drive being filled with files or firewall tampering, the user might receive a prompt in the form of a pop-up, asking them if they’re sure they want to continue with this action.
“Anyone could get into this boat — even good users could start tampering with firewalls,” Oliveira says. “Maybe they’re just trying to clear out their laptop because it is running slowly, and so the one time they do it, they’re considered a medium risk.”
Signs they’re uploading large amounts of data to a network share would raise the person higher on the potential exfiltration threat list, with their activity monitored over a 20-day period.
Once they have reached that critical risk threshold, the user is blocked everywhere on the network, IT security leaders are informed, and managers are notified, Oliveira says.
“That’s the benefit of this continuous evaluation of risk and risky behavior — we can help companies recognize a potential data loss incident before it happens,” he says. “We believe that is the way to best address those insider threats.”
Even at that point, Oliveira adds, the threat level can be reduced if the behavior turns out to be explainable. “It could be a teachable moment, and we're all fine; 30 days pass, the score goes back down to zero because they didn't do anything anomalous,” he says.
GET THE WHITE PAPER: Learn how SASE can improve healthcare security.
Choosing a DLP Solution for Healthcare
An agentless DLP solution may be the best option for some healthcare organizations with the increasingly decentralized nature of the workforce, the rise of cloud-based applications and the use of mobile devices for telehealth, says Oliveira.
Forcepoint’s agentless DLP solution is part of Forcepoint ONE, the company’s Security Service Edge solution and SD-WAN offering. It provides single-vendor secure access service edge and includes an integrated DLP capability that is agentless. Oliveira says this option is ideal for healthcare organizations that have a large cloud footprint and runs devices that are not Windows- or Mac-based.
“We are bringing this to our customers who don’t have the ability to have an endpoint for whatever reason so they can’t use an endpoint DLP,” he says. "If they are already looking to protect data in the cloud and using Chromebooks, tablets, phones or Linux-based devices, this provides a solution for endpoints where agents are not typically available."
It’s more important than ever for healthcare organizations to have a strong DLP solution Oliveira adds.
“The central idea is that a strong data security solution covers all of the channels for exfiltration, whether it’s with the endpoint, like people’s laptops, or emails or private cloud applications, which are very common for healthcare — and that’s just within the network,” he says. “These are the main points of data exfiltration.”
Brought to you by: