Security vendor CounterTack is expanding the capabilities of its next-generation endpoint detection and response platform with new data loss prevention functionality. CounterTack officially launched its Endpoint Threat Platform providing EDR capabilities in February 2017. Now new DLP features are being directly integrated into ETP, providing users with a single endpoint agent sensor to help detect and defend against threats as well identify potential data loss risks.
"One of the big issues we see companies having is agent fatigue on the endpoint," Neal Creighton, CEO CounterTack, told eWEEK.
CounterTack's ETP is a single sensor agent that helps organizations limit security technology sprawl on endpoints. Creighton explained that the ETP sensor was already seeing all the data coming from an endpoint, so it's a logical extension to provide DLP capabilities.
"While EDR is a function of our platform, we can do more," he said. "We can do EDR, we can do DLP, and you'll see us expand into other areas soon too."
Creighton said that CounterTack built the DLP technology on its own. The ETP sensor was already collecting data, and the DLP capability exposes the data in the ETP user interface in a way that customers want to see DLP information. In addition, there was some new code added for analysis of data, he said.
For some organizations, a core element of DLP is the data classification piece that labels and identifies the content and risk associated with data. Initially, CounterTack is not doing the data classification itself, but rather is relying on organizations to already be using a technology like Titus Data Classification, according to Creighton.
"We are able to read tags that companies are using already, and we're not re-creating what Titus does," he said. "We're just piggybacking on top of whatever companies are using to classify their data already."
Looking forward, Creighton said that CounterTack is working on a deeper content inspection technology that will be part of a future release that will be available before the end of the year.
Another key challenge when it comes to DLP is understanding how users send and share data with external sources, including cloud services like Dropbox. Creighton explained that CounterTack today does not have a direct integration with Dropbox, but it does have visibility that can help protect organizations.
"We're seeing all the activity from endpoints, collecting tremendous amounts of data that we send to our analysis cluster," he said. "So we're in a very good position to see everything that happens in the enterprise."
Creighton said the new DLP capability is being bundled directly as part of CounterTack's ETR product, and customers will not need additional licensing.
"Today's strategy is to build as much as we can into the platform, using one agent and one common back end," Creighton said.
There is often a direct correlation between DLP data and security threats that a combined platform will help to identify. For example, Creighton said that if CounterTack sees a privilege escalation attempt followed by a file that is classified at a certain level being moved outside the organization, it all ties together as part of attack.
"There is a huge benefit to having access to DLP data to help with the overall scoring of an attack, especially when there is data exfiltration," Creighton said. "Having DLP with EDR makes the whole product stronger."