Identify what personal
data you store and process
Evaluate what risks your
data is exposed to
Set procedurals and technical controls
to mitigate the risks
Enhance visibility and ability to
detect and respond to incidents
Technology wise, Bitdefender’s layered response help companies to become compliant with the GDPR security requirements
by offering protection against data loss, data theft, including targeted attacks and enhanced visibility on data breaches.
According to Verizon’s 2016 Data Breach Investigation Report (DBIR), there were 554 million data losses records in the first half of 2016, alone. The same report also revealed that this type of data breach is common for healthcare organizations, making up almost half (45%) of healthcare data breaches with many data losses resulted from lost or stolen devices.
Bitdefender’s response: GravityZone Full-Disk Encryption
GravityZone Full Disk Encryption is leveraging the encryption mechanisms provided by Windows (BitLocker) and Mac (FileVault), taking advantage of the native device encryption, to ensure compatibility and performance. There will be no additional agent to deploy and no key management server to install. The solution provides:
There will be no additional agent to deploy and no key management server to install.
According to the same Verizon report, there were 1,616 social attacks in 2016, approximately half (828) of which with confirmed data disclosure. In 95 percent of cases, attackers followed up a successful phish with software installation. That’s to be expected given most social attackers’ motivations and targets. Two-thirds of these actors chase after financial gain, whereas another third is in it for conducting espionage. Both these motivations involve the theft of credentials, personal information, and trade secrets.
Bitdefender’s layered next-gen endpoint protection platform is designed and built from ground up to protect against elusive, advanced targeted attacks. Several layers of security provide protection both at the pre-execution (Hyperdetect, Sandbox Analyzer), on-execution (Advanced Anti-exploit and Application Control), as well as a breakthrough technology for datacenter specific protection (HVI- Hypervisor Introspection).
According to a study carried out in 2017 by Ponemon Institute on the cost of data breaches, the results showed that the average time to identify a data breach is 191 days and the average time to contain the breach is 66 days. In the case of Equifax, the data breach occurred from mid-May to July 2017, was discovered at the end of July and was publicly disclosed in early September.
Visibility is key to tackle inside threats and data breaches. If discovered early enough, the efforts and related costs required to respond and mitigate internal threats resulted from data breaches could be substantially reduced.
Bitdefender’s layered next-gen endpoint protection platform was built from ground up based on the principle of adaptive security, which means that apart from the prediction, prevention and detection technologies, the security suite also includes dedicated visibility tools such as Endpoint Security HD Insight and Security Analytics for EDR
GDPR has become a reality and soon enough all companies will need to implement the necessary steps to become compliant. The process itself is complex and it involves several steps such as an assessment and gap analysis of the data privacy maturity, a detailed roadmap to address the new legislative requirements, a comprehensive map for security testing, audit and process evaluation and a continuous communication loop for constant compliance and improvement.
However, in the center of all these initiatives, companies will need to invest in technology as the main facilitator to achieve compliance. GDPR is talking about defining the state-of-the-art technology attributes for managing structured and unstructured data with a strong focus on data protection and privacy.
Through its integrated, layered next-gen security solution, Bitdefender is perfectly positioned to help companies becoming compliant by offering a set of technologies that seamlessly respond to the most rigorous GDPR requirements.