Blogs & Resources

Data discovery and protection!

Supreeth Rao

Theom enables cloud security teams with Data Detection and Response (DDR) capabilities empowering a data-centric context towards threats. Once the risks are identified, Theom protects cloud data assets with continuous real-time remediation of the risks. 

Cloud data is becoming critical to enterprises as businesses are getting more data-driven. Theom auto-discovers all enterprise cloud data and builds the context and relationships around data, including who is accessing what data assets. Theom classifies every data asset, bringing the context of data understanding into the relationship map along with security attributes and access. Using the relationships, Theom helps enterprises to identify risks to critical data assets, the likelihood of the risk happening, and the impact of the risk. Theom can estimate the financial liability associated with every data asset and uses the asset's criticality to the business to rank risks. 

Limitations of traditional detection and response techniques:

Cloud infrastructure can produce a whole lot of events. If there is no understanding of the impact of a threat to the underlying data asset, the exercise can become even more laborious. Manual techniques to fix the problem lead to inaccurate and incomplete responses with further more questions than answers.

Theom’s Approach:
Build the data relationship map
  1. Complete discovery of data, access, and relationships
  2. Which data asset is critical to an organization, and what are the risks associated with the data asset?
  3. Theom helps identify sensitive data, IP (intellectual property), and custom critical information for a business over structured, semi-structured, and unstructured data.
  4. Understand attributes of every access to data asset, like over-provisioned or not, atypical access behavior.
Risk Identification and Response

Theom has a cloud push for rules. These include best practices in the industry, including the likes of NIST, CIS, and OWASP, as well as susceptibility to threats from cloud ransomware. Customers can also build their own custom rules to identify additional risks. 

Once the violations are identified, they manifest as risks, and Theom provides remediations to each risk. The remediations are available as one-click workflows and can integrate with other tools within the enterprise to ensure data protection.

For every risk, the enterprise can, with Theom, understand the business impact of the underlying data asset, thereby helping cut down the noise and get to the data-centric viewpoint for any security incident. Theom can integrate the data impact and criticality with other security alerts, cutting down alert fatigue across the enterprise.

To conclude, Theom delivers on Data-Driven Response (DDR) use case, taking it a leap beyond Cloud Driven Response (CDR). With auto-discovery, risk identification, and continuous data protection, enterprises can respond to threats continuously and proactively.