Remediation guidance will help customers accelerate data risk reduction and tackle threats such as insider and toxic/dark data hazards. Credit: Gorodenkoff / Shutterstock Data security platform BigID has announced the release of a new automated, context-based data risk remediation recommendations capability to enable security teams to make informed decisions that reduce risks and elevate data security posture management (DSPM). The capability leverages an in-app recommendation engine that provides actionable insights for addressing critical data risks across environments at scale, indicating optimal remediation actions, according to BigID. The new remediation guidance will help customers accelerate data risk reduction and mitigate disruption, among other benefits, the firm said in a press release. A range of factors including dispersed networks, diverse attack vectors, and resource constraints often hamper organizations’ ability to effectively respond to and remediate cyberthreats. Conversely, having a team in place with the right protocols and tools to respond to cyber risks has been shown to significantly reduce the costs and time required to identify/contain security incidents. Risk remediation advice is based on data context, past actions BigID’s new feature decides the best way to fix a problem by looking at the context of the data and what was carried out on similar types of sensitive data in the past, the company said in a blog post. “This simplifies the data risk remediation process significantly, enhancing your security team’s ability to bridge the gap between insights and action,” it added. This serves as a “lifeline” for making quick, informed decisions regarding data threats, according to BigID. “Context-based remediation recommendation is a game-changer in the world of data security. It equips security teams with intelligent recommendations to swiftly and decisively respond to their biggest data risks,” commented Tyler Young, CISO, BigID. Investments in AI, automation, and user-friendliness are designed to make data remediation workflows better, smarter, and more flexible, BigID said. According to the company, the recommendations will allow customers to: Accelerate SecOps by closing the gap between insight and action by automatically receiving recommended data risk remediation guidance. Enhance remediation decision-making across entire data environments with guidance based on data context such as sensitivity, location, accessibility, and past actions. Mitigate disruption by pinpointing the right steps to reduce data risks promptly, minimizing guesswork and human error to prevent disruption and maintain operations. Remediation guidance covers insider threats, toxic/dark data risks Examples of BigID’s data remediation recommendations at work include reducing insider threats and mitigating toxic/dark data risks, a company spokesperson tells CSO. They cite an insider risk scenario: There’s a highly sensitive document labeled super confidential that is open to everyone in the company – as well as some external parties such as contractors and third-party vendors. “BigID can set up policies to surface potential overexposed data sets, sources, and files (open or externally accessible), as well as over-privileged users. Based on access permissions and the context of the data, BigID’s data remediation capability will automatically trigger workflows to revoke access rights and fix permissions natively to reduce insider risk as well as external access,” the spokesperson says. As for toxic data combinations, organizations often store multiple types of sensitive, personal information co-located within the same data source or table, increasing the magnitude of damages they receive if that organization ever gets breached, according to the BigID’s spokesperson. “BigID’s new data remediation recommendation capability can identify toxic data combination sets and then automatically trigger remediation workflows with data security partners to carry out the specific action, whether that’s to move, mask, or encrypt,” they add. In the scenario of dark or shadow data that typically goes unused but can be highly sensitive in nature, elevating security risk by existing in the environment without proper safeguards around it, BigID identifies non-business critical sensitive data that should be removed from the organization. “Based on the context of the data, BigID’s new data remediation will recommend and then kick off an end-to-end data deletion workflow for minimization.” Related content feature How to ensure cybersecurity strategies align with the company’s risk tolerance One of the tenets of risk tolerance is considering the fallout of something going wrong. The risk may originate as a technical one, but for CISOs the challenge is deciphering the organization’s tolerance for the impact. By Rosalyn Page 03 Sep 2024 10 mins CSO and CISO Risk Management analysis Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen Für CISOs und ihre Teams bedeutet die Einhaltung von Cybersicherheitsvorschriften eine enorme Herausforderung. Lesen Sie, was dabei helfen kann. By Andreas Müller 23 Aug 2024 6 mins Business Continuity Risk Management how-to 3 key strategies for mitigating non-human identity risks For every 1,000 human users, most networks have around 10,000 NHIs, and that can be a huge task to manage. Here are 3 fundamental areas to focus on when securing NHIs. By Chris Hughes 22 Aug 2024 6 mins Data and Information Security Identity and Access Management Risk Management analysis Placebo- versus Nocebo-Effekt: Die Psychologie hinter der Security Awareness Erfahren Sie, wie die beiden Effekte "Placebo" und "Nocebo" sich aus psychologischer Sicht auf die Cyberabwehrfähigkeit eines Unternehmens auswirken. By Erfan Koza 16 Aug 2024 8 mins Risk Management PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe