How the Incydr PRISM System Prioritizes Data Risk for Maximum Protection
Key Points
- This blog was originally posted on the Code42 website, but with the acquisition of Code42 by Mimecast, we are ensuring it is also available to visitors to the Mimecast website.
A total of 79% of cybersecurity leaders feel their teams have a shortage of skilled workers, while insider-driven data incidents have risen by 28% from 2021 to today.
Current solutions aren’t helping. Traditional data loss prevention (DLP) relies on predefined policies and alert rules, covering only “known” risks. Events outside these rules become blind spots, forcing teams to react to unanticipated breaches.
Modern solutions are more likely to focus on context focusing on single-context data, like file source, but can mis prioritize events by weighing a piece of context too heavily This results in non-critical alerts that overwhelming security teams.
Enter PRISM, Mimecast Incydr’s innovative system designed to prioritize and address both known and unknown risks to data. It removes unnecessary guesswork, allowing for faster investigation and resolution of critical alerts.
Incydr’s unique approach to risk prioritization
Incydr approaches risk to data differently. It detects unknown risks and makes them visible through its Proactive Risk Identification and Severity Model (PRISM). This system uses three-dimensional context to prioritize what’s important, enabling quicker responses to critical activities. Together, Incydr’s alert builder and PRISM system help address both known and unknown risks with confidence.
How PRISM works
PRISM prioritizes and remediates data risk using over 250 risk indicators across three dimensions:
- Data context: Identifies the file’s source and sensitivity
- User context: Related to the user’s behavior and attributes
- Destination context: Covers how the file was moved and to what destination
Events are scored on a scale from 0 to 10 using these indicators. Critical events score 9 or 10. PRISM aims to provide a manageable number of critical alerts with a median average of 1% of all alerts being critical, focusing on what truly matters and reducing the number of events needing deep investigation.
Conclusion
PRISM is key to Incydr’s ability to identify both known and unknown risks. Through its proactive, context-based scoring, PRISM enables swift and effective risk detection and remediation. Ready to enhance your data security strategy? Contact us to learn more and get started with Incydr today!
Abonnez-vous à Cyber Resilience Insights pour plus d'articles comme ceux-ci
Recevez toutes les dernières nouvelles et analyses de l'industrie de la cybersécurité directement dans votre boîte de réception.
Inscription réussie
Merci de vous être inscrit pour recevoir les mises à jour de notre blog.
Nous vous contacterons !