It’s an interesting story. Data Loss Prevention (DLP), the cybersecurity hotshot of the early 2000s has been forced to re-group, and it looks like Data Detection and Response (DRP) is taking its place. Made to re-analyze and re-locate, conventional DLP just doesn’t cut it for the modern era. Unable to cope with forces of magnitude greater than the traffic patterns of the mid-aughts, traditional DLP solutions were shafted for the higher-powered and more comprehensive data protection strategies of Data Detection and Response.
Here’s how it all started.
Why Data Loss Prevention (DLP) Couldn’t Keep Up
Big in the early 2000s, Data Loss Prevention was the category to beat. As data took its place as king, DLP was close behind, promising to keep it safe. And it did.
Until things changed. DLP was useful when networks had perimeters and ransomware emails asked for petty thousands. DLP came in handy when you could actually track the amount of traffic entering and leaving a network without the help of AI. DLP was great when there was no cloud to confuse matters, no hybrid environments, no decentralized workforces, and no laundry-list of compliance checkboxes. DLP was a simpler tool meant for a simpler time.
Cue the next wave of the digital revolution and soon it became apparent that simple, linear tools blocking traffic based on bad protocols alone (HTTP, SMTP) was just not going to cut it. By 2018, Gartner had already removed the DLP Magic Quadrant, and it was clear the industry was well on its way to change.
Modern organizations needed something more, and Detection and Response tools were just the thing to do it.
The Dawning of Data Detection and Response (DDR)
Well, the last part should be familiar. “Detection and Response” capabilities are found in a myriad of behavioral-driven solutions today; Endpoint Detection and Response (EDR), Network Detection and Response (NDR), even the catch-all Extended Detection and Response (XDR).
Data Detection and Response just brings similar AI-driven elements to the game and takes on the spirit of the original solution, Data Loss Prevention (DLP). Or swallows it up, more accurately.
Touted by some as the “next big thing in data security”, DDR essentially puts a metaphoric tracker on your data and follows it wherever it goes; from company codebase to Slack to personal email to – what? That doesn’t seem right. And if it doesn’t, it will let you know. No obfuscating the moves or throwing easily confused or tightly regimented solutions off the trail, whether AI or signature based. Not all data movement has an easily recognizable pattern, so data lineage (the key feature of DDR) plays a huge part in catching what others can’t catch.
DDR in Action
Enterprise data moves like air – it starts in one place and then it vanishes. It is moved or displaced or manipulated for any one of the million business-critical reasons that might arise (and even for some incidentals). That’s because businesses today depend on the free flow of information to stay agile, relevant and operational. This is all part of a necessary evil, but the problem comes when too many changeups render organizations blind as to the location of their data, the threats facing it, or where to start.
Companies need agile data protection in the cloud and across distributed and collaborative workspaces. Nothing else will do, and data has to be tracked everywhere. DDR is the solution to next-generation #dataproblems, and incorporates a few key elements in the process:
- Insider Risk Management (IRM)
- Secure Access Service Edge (SASE)
- Cloud Access Security Brokers (CASB)
- (Here it is): Traditional Data Loss Prevention (DLP)
Combine these legacy and developing elements with artificial intelligence and a new category is formed: Data Detection and Response.
Here’s the value-add:
DDR tracks every piece of data from creation to its final destination, and all the stops in between. If there is anything suspect, it gets reported. No longer is protection confined to a space, but to the data itself. Much like next-generation IAM (featuring passwordless access) bases zero-trust on a person or device not a network, so Data Detection and Response bases security on the actual well-being of the data itself, not the place in which it was stored.
In an age of free information, this is the only way companies can be uninhibited and also safe. Protections need to follow each person and how they manipulate data on an individual basis. This way, users are free to collaborate, and companies know that their sensitive data – wherever it might travel – is still tracked, monitored, and secured. Try to copy-paste a protected piece of information into a personal storage platform and it won’t work. That’s the magic of DDR.
DDR is the New DLP
When considering data protection solutions in 2023, DLP still comes to mind for many solutions architects and industry veterans alike. And why not? Those companies that have held on to their pure-play options have had to adapt and now have better, more comprehensive coverage than before.
And protecting data still hasn’t – and will never – go out of style. If anything, it’s more critical now than ever before. Back in 2017 (when DLP still had its own Quadrant), Gartner estimated that by 2021, “90% of organizations will implement at least one form of integrated DLP, an increase from 50% today”. Data Detection and Response is one big way in which that is happening.
DDR is a bespoke solution that came about in direct response to data challenges post-perimeter. It is growing as a category poised to provide the kind of coverage companies need to sustain a free flow of information while letting contributors collaborate safely, and it’s deftly taken over DLP responsibilities in the process.