How Egnyte Metadata Supports DLP Integration
Using AI-based content detection, Egnyte has demonstrated the ability to detect and classify millions of documents for our customers over several years. Egnyte customers can locate files containing sensitive information, write safeguard policies to control how they are shared, and write file lifecycle management policies to automate retention, archival, and deletion. This works well within Egnyte, and Egnyte also extends these benefits to the ecosystem of other solutions in our customers’ environments.
Therefore, Egnyte is announcing enhancements to metadata tagging of files to provide readable labeling across different environments outside Egnyte. Using Egnyte’s AI-driven capabilities to detect different types of files and files with sensitive information, it is now possible for external Data Loss Prevention (DLP) and Cloud Access Security Brokers (CASBs) to be aware of and take actions based on the classifications coming from Egnyte. Most importantly, this does not require any API or integrations. The files themselves carry the information needed. In this article, we will discuss how the solution works and the ways in which it can enhance your security posture across your environment.
Metadata at Egnyte
Metadata can be associated with files in two ways with Egnyte. First, users can create their own metadata tags. This is useful for searches and workflows. Secondly, Egnyte has started introducing the capability for Artificial Intelligence (AI) to automatically generate and associate metadata, which is then attached to the file properties for use by both Egnyte and external systems. This blog will review both types of metadata, starting with user-defined metadata.
User Defined Metadata
For user-defined metadata, users can create their own metadata schema and then associate metadata with files. To start with, customers can create new metadata types and populate them with allowable fields as needed using the Egnyte tool.
Once the metadata schema has been created, users can manually assign metadata to files. With the metadata attached, users can then include the custom metadata field in file listings. They can also use the metadata as search criteria to find files.
Once the metadata schema has been created, users can manually assign metadata to files.
With the metadata attached, users can then include the custom metadata field in file listings.
They can also use the metadata as search criteria to find files.
Egnyte AI-Generated Metadata
Egnyte also has the capability to generate and attach metadata automatically, and this is where the value to external systems is created. As files are uploaded or created in Egnyte, they are automatically scanned against the classification rules, and metadata is applied to each file. The metadata is stored within the properties section of the file itself so that, once written, the metadata always travels with the file – even outside of Egnyte. The metadata can be based on location, attributes, and, most importantly, sensitive data classification.
For some time now, Egnyte has had hundreds of pre-built data patterns matching laws and regulations from all over the world. The administrator can simply select which laws and regulations apply, and then Egnyte will constantly scan all files in governed repositories to discover files containing data that match the criteria. For files stored in Egnyte, Egnyte can then apply safeguard policies to help protect this data from inappropriate access and sharing. However, now Egnyte has the ability to write this metadata into the file properties of each file. Thus, even if the file is subsequently moved outside of Egnyte, the AI-based metadata classification is persistent and travels with it.
Benefits
The persistent metadata marking of files extends its benefits to many parts of the security architecture. Here are some examples.
Cloud Access Security Brokers
Cloud Access Security Brokers (CASBs) is a security policy enforcement point that is placed between a cloud service user and the cloud-based service to apply enterprise security policies as cloud-based resources are accessed. Although a CASB typically focuses on enforcing policies at the session level, a CASB can use the metadata on files provided by Egnyte to manage user access and monitor sessions for compliance. If an unauthorized attempt is made to access a file containing sensitive information (perhaps from a suspicious location), the CASB can intervene even if that file is no longer stored in Egnyte. In that way, CASB vendors such as Zscaler, Palo Alto Networks, Netskope, and SkyHigh can use the metadata attached to files by Egnyte’s AI-based analysis to better protect against unauthorized access to sensitive information.
Email Security
Egnyte-assigned metadata can also assist with email security. Egnyte has been able to scan Microsoft Exchange Online repositories for sensitive information for some time. However, if a file has passed through Egnyte, it can be labeled automatically with metadata information that passes with it. Just like the metadata information that Microsoft attaches, such as labels saying the file was downloaded from the Internet, Egnyte metadata can label a file as sensitive so that Microsoft applications can recognize it and treat it as such. These include Microsoft Purview Information Protection and Microsoft Defender for Office, as well as Proofpoint and Mimecast. This greatly enhances these tools so that instead of simple pattern matching (at wire speed), the AI-driven metadata labels from Egnyte can provide finer discrimination.
Endpoint Data Loss Prevention (DLP) and Integrated Risk Management (IRM) tools
Customers using tools like Data Anchor, Fasoo, Microsoft Defender, and Digital Guardian on endpoints can make use of the metadata labels applied by Egnyte to add protection for sensitive files stored on endpoints. These tools can be configured to identify files marked as sensitive by Egnyte and then protect them locally.
Network-based DLP Tools
Other DLP tools such as Symantec, Trellix, and Forcepoint can also detect and use the metadata provided by Egnyte to protect files in motion transiting the network. Because they operate at wire speeds, they often can’t detect sensitive information fast enough. However, they can detect the sensitive file labels added by Egnyte and apply appropriate protection policies.
Archival and eDiscovery Solutions
Finally, tools that find and manage documents can make use of the metadata labels applied by Egnyte. Vaeem and Relativity. As long as the files have been scanned and classified by Egnyte, these tools can use the labels for search, retrieval, and archive functions for files stored outside of Egnyte.
Key Benefits of Using Egnyte to Classify and Label Data for the Enterprise
Egnyte uses AI techniques developed over many years to detect, classify, and now label sensitive files as well as other attributes. There are several benefits of using Egnyte as the classification engine for the enterprise.
First, Egnyte can apply consistent classification policies across all files in the enterprise, even if they migrate to other repositories. Consistent classification, in turn, helps maintain consistent DLP policy application across multiple tools. All of your DLP tools, from endpoint to email, will be coordinated and act on the same information.
Second, the Egnyte AI provides accurate classification with discrimination rules built up by analyzing billions of files. This is because Egnyte runs scans against data at rest; it can provide much more accurate verdicts than a tool that must operate at wire speed. Rather than simple pattern-matching, Egnyte scans surrounding information for contextual clues. Egnyte also uses Optical Character Recognition (OCR) to scan images for sensitive text.
Third, it is much easier to set up and configure Egnyte classification policies than other tools. For the admin, it’s simply a matter of clicking the jurisdiction and selecting appropriate laws and regulations. Egnyte handles the rest and keeps it updated with new laws and regulations.
Fourth, no integration is required. Because the metadata is attached as labels to the file properties of each file, there is no additional API or interface integration required between systems. The necessary information travels with each file. Systems can be swapped out and changed without disruption.
Conclusion
Egnyte is continuing to enhance data classification tools with innovation and performance at scale. If you want to learn more about data classification at Egnyte, talk to your Egnyte representative.