• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Auchan discloses data breach: data of hundreds of thousands of customers exposed

 | 

U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog

 | 

Docker fixes critical Desktop flaw allowing container escapes

 | 

Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware

 | 

Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

 | 

Android.Backdoor.916.origin malware targets Russian business executives

 | 

Electronics manufacturer Data I/O took offline operational systems following a ransomware attack

 | 

IoT under siege: The return of the Mirai-based Gayfemboy Botnet

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 59

 | 

Security Affairs newsletter Round 538 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Kidney dialysis firm DaVita confirms ransomware attack compromised data of 2.7M people

 | 

China-linked Silk Typhoon APT targets North America

 | 

Over 300 entities hit by a variant of Atomic macOS Stealer in recent campaign

 | 

Operation Serengeti 2.0: INTERPOL nabs 1,209 cybercriminals in Africa, seizes $97M

 | 

After SharePoint attacks, Microsoft stops sharing PoC exploit code with China

 | 

Former developer jailed after deploying kill-switch malware at Ohio firm

 | 

Colt Discloses Breach After Warlock Ransomware Group Puts Files Up for Sale

 | 

U.S. CISA adds Apple iOS, iPadOS, and macOS flaw to its Known Exploited Vulnerabilities catalog

 | 

Orange Belgium July data breach impacted 850,000 customers

 | 

Apple addressed the seventh actively exploited zero-day

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Security
  • The DDR Advantage: Real-Time Data Defense

The DDR Advantage: Real-Time Data Defense

Pierluigi Paganini March 27, 2024

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build a real-time data defense.

In cybersecurity, and in life, by the time you find out that something went wrong it is often too late. The advantage of Data Detection and Response (DDR) is that you no longer have to wait until the milk is spilled. With DDR, your organization can have real-time data defense.

Here’s how it works.

What is Data Detection and Response (DDR)? And why do we need it?

Before you think, “Oh no, not another –DR acronym,” and keep scrolling – wait. Data Detection and Response is in a class of its own and shares the common surname in name only.

Status-quo cybersecurity works by securing the “boxes” in which our data resides. Twenty years ago, that used to be on-premises networks surrounded by the “perimeter.” Then, the perimeter died drastically and was replaced with email servers and cloud repositories. Now, it’s data lakes and environments so complex that a box can hardly be seen. Or, in the case of the cloud, it morphs so much that it is barely recognizable.

This is not good for advocates of data protection but great for attackers who thrive in our confusion and in the gaps that exist between the boxes. After all, you can’t secure what you can’t see, and today’s environments obfuscate the true location of data so well that we, as security practitioners, can hardly keep up with it.

Advantages of Data Detection and Response

The IEEE Computer Society lists the top five benefits of DDR as:

  1. Innovative data classification | DDR solutions sort and label data by content and lineage, meaning not only what it is but where it came from. Sometimes, the history tells the story – was this information kept in high-clearance databases only to end up on Chad’s Slack? Something must be off.
  2. Protects data in motion | As they state, “Data is most at risk when in motion, so that’s when DDR scans it.” The real damage is done when data travels (outside of the enterprise, from a person who has access to one who does not, to a mysterious external server in Belize…), isn’t it?
  3. Follows data across all assets | DDR doesn’t start in one box (say OneDrive) and then picks its job back up again when the data has landed in another box (say the corporate email server). Instead, it follows all the steps in between, and it follows the data itself.
  4. Real-time exfiltration protection | By alerting teams at the first sign of trouble (instead of the last) DDR gives SOCs a fighting chance of stopping the threat in real-time.
  5. Data-centric approach | By connecting monitoring, alerts, and additional protections to the actual data, DDR gives organizations more accurate data classification and more gapless coverage.

The second benefit is what we’ll be focusing on today.

DDR Knows What Your Data Did Last Summer

Then, along came a revolutionary idea. What if we don’t protect the boxes but rather the data itself? DDR would, in effect, “tag” data so that a GPS-type homing beacon would keep a gapless record of where it went, who accessed it, what they did with it, and (with the help of some cyber sleuthing) perhaps why.

The most important thing is that DDR enables teams to chart the safe route for certain types of sensitive data (as classified by the team) and deny any “funny business” attempted with said data beyond that. And the proof is in where the data goes, not where it sleeps at night.

As Data Detection and Response provider Cyberhaven explains,

“Data sitting on a file server, or in a Google Drive folder, or in a Snowflake database untouched for months or even years doesn’t have much insider risk until an employee does something with it… When an employee accesses that data on the file server, tries to share the Google Drive folder, or exports data from Snowflake, that’s when the risk to data increases. Data Detection and Response relies on real-time monitoring, detection of risks, and response to better protect data.”

Spotting Data Fouls in Real-Time

Knowing where exactly your data is getting off to is advantageous for several reasons, but perhaps none so important as being able to spot threats to your data in real-time. If SOCs receive an alert that an employee is trying to send confidential merger documents to their personal email, teams will be made aware of the attempt as it is happening, giving them a chance to respond.

Notifying a SOC that a sensitive repository has been breached is important, but it is not as important as letting them know when any data has left that repository. Conversely, an employee may send sensitive financial data to their personal cloud repository without ever having breached a protected system to get it – perhaps they are in finance and have legitimate access to the database.

Being able to spot real-time data fouls is a key advantage that DDR brings to the table, and the fact that these errors are being caught right at the cusp of an obviously illicit activity is itself a vetting system that prevents false positives.

In today’s data-centric world, it is becoming necessary to keep closer and closer tabs on our information. With the risk of insider threats high – Verizon estimates nearly one in five breaches originate from the inside – and the threat of ever more subtle external tactics, it is more important than ever to not look at only boxes and buckets but the data itself – and most importantly, what people are doing with it.  

Speaking of zero trust, Dave Lewis, the global advisory CISO for Duo Security, offered some words of advice that could sum up the rationale of DDR in a soundbite: “Don’t trust something simply because it’s inside your firewall — there’s no reason for that.” Or, inside any of your access-controlled spaces, we might add. Instead, he suggests, “Assume everything’s on fire.” And more often than you want to, you’ll be right.

However, DDR is one of the only tools on the market that can track the fire at its impetus, and that’s wherever data made its first wrong step.

About the Author Katrina Thompson: An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire and many other sites.  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DDR Advantage)


facebook linkedin twitter

DDR Advantage Hacking hacking news information security news IT Information Security Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini August 26, 2025
Auchan discloses data breach: data of hundreds of thousands of customers exposed
Read more
Pierluigi Paganini August 25, 2025
Docker fixes critical Desktop flaw allowing container escapes
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Auchan discloses data breach: data of hundreds of thousands of customers exposed

    Data Breach / August 26, 2025

    U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog

    Uncategorized / August 26, 2025

    Docker fixes critical Desktop flaw allowing container escapes

    Security / August 25, 2025

    Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware

    Malware / August 25, 2025

    Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

    APT / August 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT