CloudAccess’ REACT process provides a unique context-aware approach that differentiates between legitimate and suspicious activity and access.
Although a traditional deployment correlates events to detect anomalous activity, it is typically pointed outward. It continuously monitors for intrusions and in some cases, creates actionable alerts. It is limited by the fixed agents to which it’s pointed to collect data (like system logs). It is a single component looking at a single selection of data. REACT is more unified in its approach to acquire and synthesize DLP intelligence. It uses SECM as an engine to analyze data from multiple security silos and create a contextual intelligence that can predict behaviors and remediate threats before they escalate into breaches or other serious hazards.
Our solution analyzes all incoming DLP alerts and quantifies the risk for each alert while drastically reducing the number of false positives. In order to accurately quantify the risk, Using behavior profiling techniques, REACT identifies abnormal patterns in DLP alerts and assigns them a risk rating, requiring further investigation. This technique considers more than 120 behavioral parameters spanning time windows, frequencies, network sources, and alert metadata. By comparing DLP alerts generated for a user with multiple peers for the user, the solution dramatically reduces the rate of false positives and accurately quantifies the risk for the alerts that pose the most threat to your data. Organizations can use the identity and business context in conjunction with the DLP alert data to generate their own set of policies for continuous monitoring and risk quantification.