ControlPoint 7.0: A Step Forward with Preventing SharePoint Data Breaches
Data Breach Landscape
Amidst a landscape of seemingly endless reports of data breaches affecting companies of all sizes across all industries, I’ve come to the conclusion that there are only two types of companies in the world: those who have been breached, and those who don’t know they have been breached. In fact, one of the most alarming observations about data breaches over the past few years has been that many organizations only realized that their data had been exposed months after the fact. Another phenomenon according to many reports it that the vast majority of serious breaches and cyber incidents are occurring as a result compromised credentials, as in the case of the JPMorgan breach in 2014. Under this assumption — that a breach has already occurred as a result of unauthorized insider or external access — CIOs and IT managers must take steps to proactively secure their sensitive data inside their firewall. The costs of inaction are enormous: in May, the Ponemon Institute released an exhaustive study indicating that the average consolidated cost of a data breach has risen to $3.8 million, a 23% increase since 2013.
Against this backdrop, today we are very excited to announce the release of ControlPoint 7.0, our machine learning powered SharePoint solution that helps organizations address serious security and governance challenges of users and content within SharePoint. This latest release includes a new feature called Sentinel. Sentinel analyzes user behavior inside SharePoint for suspicious activity and can automatically alert administrators and take action when suspicious patterns are found.
Monitoring SharePoint Activity
One way to think about Sentinel is to think about the classic credit card suspicious activity alerts you might receive when using a credit card in a strange location. I was in Copenhagen last week and made the mistake of using my American Express card without notifying the card company that I would be traveling. So my transaction was declined and I received an email alert almost instantly informing me that someone had tried to use my card in Denmark. We are providing the same type of functionality inside ControlPoint, but for user activity within SharePoint. Sentinel examines patterns of user behavior — like which users are accessing certain sites or content within SharePoint — and uses a machine learning approach to alert administrators when suspicious — or “anomalous” — activity is occurring. Like the credit card example, an alert can pop up if someone is accessing SharePoint from an unknown location, or, in the case of Edward Snowden, downloading thousands of files for potentially malicious purposes.
Protection Against Compromised Credentials
Since compromised credentials can account for the vast majority of breaches occurring at the application level, the Sentinel feature watches your users to see if they are behaving like themselves. It learns normal levels and patterns of behavior, and from there, can notify your administrators when users start acting unusually. There could also be, of course, a variety of reasons why a user might be acting oddly — or accessing a higher than expected level of content. But as an Administrator or as IT Manager, you need visibility into events like this, so you are the person asking those questions of the user, and not angry customers or regulators after your company is the next front page cautionary cyber security tale.
With this release, Metalogix takes a step forward in helping organizations take a holistic approach to SharePoint security. ControlPoint 7.0 fills a wide gap in the existing SharePoint security model by fusing permissions management and suspicious activity monitoring. Coupled with Sensitive Content Manager, ControlPoint goes a step further in providing deep content insight and intelligence into where sensitive content (like PII, PHI, and PCI) resides in SharePoint. As enterprise collaboration platforms are increasingly used to store more sensitive and business critical data, organizations need to mitigate risks stemming from unauthorized access and sensitive content spillage inside their SharePoint ecosystems.
Jai Dargan is a Senior Director of Product Management at Metalogix, where he directs the strategy Metalogix’s security and compliance solutions. In this capacity, Jai guides the direction of Metalogix products aimed at securing content collaboration, including ControlPoint, Sensitive Content Manager, and Insider Threat Index. Prior to Metalogix, Jai was a co-founder at Pim Labs, LLC, a startup company (acquired by Metalogix) that built solutions for securing social networks and sensitive content. He holds a Masters Degree from Georgetown University and an undergraduate degree from New York University.