In today’s world, CIOs and CISOs are facing a tough reality when it comes to the security staff shortage situation. With the deflating economy, nationalism, cybercrime, and nation-led adversaries, the demand for security personnel has increased, making it challenging for organizations to find and retain skilled security staff.
Customers are also looking for solutions to offload tasks from their security staff, and this is where DSF Data Risk Analytics (DRA) comes in. With DSF Data Risk, the majority of cases related to bad practices and insider threats can be handled and resolved by other, non-security teams in the organization. DSF Data Risk Analytics, when integrated with ServiceNow, can automatically triage data risk incidents to different members or groups like data experts, access experts, direct managers, and database owners who can receive and resolve incidents directly and immediately without expensive human intervention freeing security specialists to work on high stake data risk issues.
Here is an example:
Incident description: Interactive (non-application) user ‘itpapplication2’ accessed DB via ‘JohnC’ and performed bulk select on Oracle database Prod1Repo23’
DRA Incident tags usage examples:
- Tag name: destinationHostname: ‘Prod1’
- Use case: Implemented for DB Experts or DB owner workflow
- Used as a destination to retrieve DB owner in case of Host-based DB and assign the ticket either to the DB owner or the DB experts team.
- Tag name: sourceUsername ‘itpapplication2’
- Use case: Implemented for Access teams, User managers, Teams, or area manager’s workflows
- Tag name: dbUserName ‘JohnC’
- Implemented for Access teams, User’s manager, Teams, or area manager’s workflows
- Tag name: database ‘Repo23’
- Implemented for DB owner workflow – Used as a destination in case of DB Instance within a host
- Tag name: databaseType ‘Oracle’
- Implemented for DB type specialists’ workflows
- Tag name: sourceApplication ‘toad’
- Implemented for Application developers’ or application owners’ workflows
This provides security specialists with the ability to focus on external threats and high-impact data risk incidents. Here’s how it works: When activated, DRA (Data Risk Analytics) monitors users and data sources in the cloud and on-premise. When an anomaly is detected, it is automatically sent as a new incident to ServiceNow. ServiceNow activates a workflow defined by the customer to escalate the ticket directly to the handler and resolver, ensuring all relevant parties are involved by adding them to the incident.
Through direct incident escalation, data risk incidents are assigned directly to risky users’ managers and database owners, enabling more parties in the organization to participate in protecting the organization against data breach threats. To summarize, by embedding data risk analytics in the organization workflow and explaining data risk in simple English, the load is taken off the security staff who are usually overloaded with work.
In conclusion, DSF Data Risk offers a solution to the security staff shortage situation faced by CIOs and CISOs. With DSF Data Risk Analytics integrated with ServiceNow, organizations can automate the triaging of data risk incidents, allowing security specialists to focus on high-impact data risk incidents and external threats. This not only provides a cost-effective solution for organizations but also helps to ensure that their data remains secure.
The post With Imperva’s DRA and ServiceNow, you can avoid burning out your cyber security employees appeared first on Blog.