Companies are under persistent threat of leaks of valuable data such as intellectual property (IP), personally identifiable information (PII), etc., from outside the company network and insiders. Advanced DLP tools prevent a user from sensitive information based on file contents. Such files can be hundreds of different formats, e.g., word, excel, zip, etc. However, such tools are not built to provide contextual information for forensic investigation in case of an unfortunate case of a data leak. Avalanchio provides this insight by gathering information from various data sources.
Data Source
File storage logs
S3 logs
SAN logs
Digital Guardian Agent
Symantec DLP Agent
MacAfee DLP agent
Input Data
Access logs
File copy
CD/DVD burn
Network transfer
Uploads
Send Mail
Removable media usage (USB, SD card)
Solution Deliverables
Common data model for DLP
Live reports and dashboard
Data egress (data exfiltration) to Third party websites Suspicious network target Removable media Suspicious domain Unknown asset
Abnormal data transfers (threshold based)
Suspicious file transfer (e.g. visio, pst, source code)
Transfer to non-DNS domain (whitelists)
Link Analysis
Timeline View