• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Security
  • The DDR Advantage: Real-Time Data Defense

The DDR Advantage: Real-Time Data Defense

Pierluigi Paganini March 27, 2024

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build a real-time data defense.

In cybersecurity, and in life, by the time you find out that something went wrong it is often too late. The advantage of Data Detection and Response (DDR) is that you no longer have to wait until the milk is spilled. With DDR, your organization can have real-time data defense.

Here’s how it works.

What is Data Detection and Response (DDR)? And why do we need it?

Before you think, “Oh no, not another –DR acronym,” and keep scrolling – wait. Data Detection and Response is in a class of its own and shares the common surname in name only.

Status-quo cybersecurity works by securing the “boxes” in which our data resides. Twenty years ago, that used to be on-premises networks surrounded by the “perimeter.” Then, the perimeter died drastically and was replaced with email servers and cloud repositories. Now, it’s data lakes and environments so complex that a box can hardly be seen. Or, in the case of the cloud, it morphs so much that it is barely recognizable.

This is not good for advocates of data protection but great for attackers who thrive in our confusion and in the gaps that exist between the boxes. After all, you can’t secure what you can’t see, and today’s environments obfuscate the true location of data so well that we, as security practitioners, can hardly keep up with it.

Advantages of Data Detection and Response

The IEEE Computer Society lists the top five benefits of DDR as:

  1. Innovative data classification | DDR solutions sort and label data by content and lineage, meaning not only what it is but where it came from. Sometimes, the history tells the story – was this information kept in high-clearance databases only to end up on Chad’s Slack? Something must be off.
  2. Protects data in motion | As they state, “Data is most at risk when in motion, so that’s when DDR scans it.” The real damage is done when data travels (outside of the enterprise, from a person who has access to one who does not, to a mysterious external server in Belize…), isn’t it?
  3. Follows data across all assets | DDR doesn’t start in one box (say OneDrive) and then picks its job back up again when the data has landed in another box (say the corporate email server). Instead, it follows all the steps in between, and it follows the data itself.
  4. Real-time exfiltration protection | By alerting teams at the first sign of trouble (instead of the last) DDR gives SOCs a fighting chance of stopping the threat in real-time.
  5. Data-centric approach | By connecting monitoring, alerts, and additional protections to the actual data, DDR gives organizations more accurate data classification and more gapless coverage.

The second benefit is what we’ll be focusing on today.

DDR Knows What Your Data Did Last Summer

Then, along came a revolutionary idea. What if we don’t protect the boxes but rather the data itself? DDR would, in effect, “tag” data so that a GPS-type homing beacon would keep a gapless record of where it went, who accessed it, what they did with it, and (with the help of some cyber sleuthing) perhaps why.

The most important thing is that DDR enables teams to chart the safe route for certain types of sensitive data (as classified by the team) and deny any “funny business” attempted with said data beyond that. And the proof is in where the data goes, not where it sleeps at night.

As Data Detection and Response provider Cyberhaven explains,

“Data sitting on a file server, or in a Google Drive folder, or in a Snowflake database untouched for months or even years doesn’t have much insider risk until an employee does something with it… When an employee accesses that data on the file server, tries to share the Google Drive folder, or exports data from Snowflake, that’s when the risk to data increases. Data Detection and Response relies on real-time monitoring, detection of risks, and response to better protect data.”

Spotting Data Fouls in Real-Time

Knowing where exactly your data is getting off to is advantageous for several reasons, but perhaps none so important as being able to spot threats to your data in real-time. If SOCs receive an alert that an employee is trying to send confidential merger documents to their personal email, teams will be made aware of the attempt as it is happening, giving them a chance to respond.

Notifying a SOC that a sensitive repository has been breached is important, but it is not as important as letting them know when any data has left that repository. Conversely, an employee may send sensitive financial data to their personal cloud repository without ever having breached a protected system to get it – perhaps they are in finance and have legitimate access to the database.

Being able to spot real-time data fouls is a key advantage that DDR brings to the table, and the fact that these errors are being caught right at the cusp of an obviously illicit activity is itself a vetting system that prevents false positives.

In today’s data-centric world, it is becoming necessary to keep closer and closer tabs on our information. With the risk of insider threats high – Verizon estimates nearly one in five breaches originate from the inside – and the threat of ever more subtle external tactics, it is more important than ever to not look at only boxes and buckets but the data itself – and most importantly, what people are doing with it.  

Speaking of zero trust, Dave Lewis, the global advisory CISO for Duo Security, offered some words of advice that could sum up the rationale of DDR in a soundbite: “Don’t trust something simply because it’s inside your firewall — there’s no reason for that.” Or, inside any of your access-controlled spaces, we might add. Instead, he suggests, “Assume everything’s on fire.” And more often than you want to, you’ll be right.

However, DDR is one of the only tools on the market that can track the fire at its impetus, and that’s wherever data made its first wrong step.

About the Author Katrina Thompson: An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire and many other sites.  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DDR Advantage)


facebook linkedin twitter

DDR Advantage Hacking hacking news information security news IT Information Security Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini July 10, 2025
Qantas data breach impacted 5.7 million individuals
Read more
Pierluigi Paganini July 10, 2025
DoNot APT is expanding scope targeting European foreign ministries
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    DoNot APT is expanding scope targeting European foreign ministries

    APT / July 10, 2025

    Nippon Steel Solutions suffered a data breach following a zero-day attack

    Data Breach / July 09, 2025

    Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

    Malware / July 09, 2025

    Hackers weaponize Shellter red teaming tool to spread infostealers

    Malware / July 09, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT