What is exact data match and why is It useful?

Exact Data Match (EDM) is a technology used in DLP systems to enhance the protection of sensitive data. It works by creating fingerprints or hashes of structured sensitive data, which are then used to precisely detect the presence of this data across an organization's digital environment. The precision of EDM minimizes false positives created by regex based content inspection — a common challenge in traditional DLP . With EDM, an organization can be sure that a file contains exactly the sensitive data that needs protecting, making it an essential tool for organizations handling highly sensitive or regulated information.

The limitations of legacy EDM approaches

While traditional EDM has offered significant advantages, its legacy implementations come with notable drawbacks:

Performance impact on endpoints

One architecture for legacy systems utilizing EDM often required that fingerprinted files be uploaded to each endpoint to detect matches, leading to degraded system performance and a flood of IT support tickets.

Coverage for certificate-pinned and E2E encrypted applications

Other architectures inspect data for EDM by decrypting network traffic. Many commonly-used applications – like Dropbox, Google Drive, and iMessage – use a technique called certificate pinning, which limits the ability of DLP solutions to decrypt traffic for inspection. Other applications, like WhatsApp and Signal, utilize end-to-end encryption which again limits visibility and control of these applications. If your organization isn't willing to completely restrict the usage of such applications, in-line inspection and enforcement won't work with these essential and commonly-used applications.

Limited Contextual Information

Relying solely on exact content matches can result in false positives and negatives, disrupting employee productivity and triggering lengthy investigations. Without understanding the source of the data and who is interacting with it, protection measures that utilize EDM can be less effective.

Encrypted or Compressed Files

If a file containing matches is zipped or encrypted, traditional EDM approaches can't successfully inspect its content – allowing these files to evade a company's data protection policies.

Cyberhaven’s approach to EDM

Cyberhaven has integrated EDM into our innovative approach to data protection, overcoming the limitations of legacy technology:

Utilizing the cloud for content inspection

Cyberhaven performs all of its content inspection functionality in the cloud, not on the endpoint. This greatly reduces the impact of data protection on employee productivity and satisfaction, while still ensuring your sensitive data is monitored and secured.

Coverage for certificate-pinned and E2E encrypted apps

Cyberhaven enforces policies for web and cloud applications on the endpoint, before visibility is lost due to network protections. This approach allows employees to use these applications, without jeopardizing a company's data security.

Combine EDM with the power of Data Lineage

Cyberhaven integrates EDM with data lineage to completely transform how organizations approach data protection. Data lineage is the process of tracking data as it moves within an organization to understand its origins, the ways it's been modified, as well as who is using it and how. Combining data lineage with EDM, offers key benefits for your data protection strategy:

‍
1) Allowing for the creation of precise data protection policies

‍Any context captured by lineage can be combined with EDM, to further reduce false positive alerts and ensure confident protection of your organization's data with minimal employee disruption and operational burden

2) Protecting against data obfuscation methods like compression or encryption

By tracing data as it is moved and transformed, Cyberhaven is able to "remember" the results of content-inspection even if a file has been compressed or encrypted. This allows the continued enforcement of policies in those situations.

3) Accelerate incident investigation and resolution

The aftermath of an incident can be a lengthy and complicated process, with the low-context alerts provided by other tools. With lineage, analysts have access to the full history of data movement leading to an incident. Lineage can quickly user intent and gaps in access control – making post-incident remediation easy!

Protecting your data with Cyberhaven

With Cyberhaven's innovative approach to Exact Data Match, companies can now enjoy a more robust, context-aware DLP solution that minimizes performance impact and extends protection across modern communication and storage platforms. If you're interested, learn more about Cyberhaven’s approach to data security here.

‍