Remediation guidance will help customers accelerate data risk reduction and tackle threats such as insider and toxic/dark data hazards. Credit: Gorodenkoff / Shutterstock Data security platform BigID has announced the release of a new automated, context-based data risk remediation recommendations capability to enable security teams to make informed decisions that reduce risks and elevate data security posture management (DSPM). The capability leverages an in-app recommendation engine that provides actionable insights for addressing critical data risks across environments at scale, indicating optimal remediation actions, according to BigID. The new remediation guidance will help customers accelerate data risk reduction and mitigate disruption, among other benefits, the firm said in a press release. A range of factors including dispersed networks, diverse attack vectors, and resource constraints often hamper organizations’ ability to effectively respond to and remediate cyberthreats. Conversely, having a team in place with the right protocols and tools to respond to cyber risks has been shown to significantly reduce the costs and time required to identify/contain security incidents. Risk remediation advice is based on data context, past actions BigID’s new feature decides the best way to fix a problem by looking at the context of the data and what was carried out on similar types of sensitive data in the past, the company said in a blog post. “This simplifies the data risk remediation process significantly, enhancing your security team’s ability to bridge the gap between insights and action,” it added. This serves as a “lifeline” for making quick, informed decisions regarding data threats, according to BigID. “Context-based remediation recommendation is a game-changer in the world of data security. It equips security teams with intelligent recommendations to swiftly and decisively respond to their biggest data risks,” commented Tyler Young, CISO, BigID. Investments in AI, automation, and user-friendliness are designed to make data remediation workflows better, smarter, and more flexible, BigID said. According to the company, the recommendations will allow customers to: Accelerate SecOps by closing the gap between insight and action by automatically receiving recommended data risk remediation guidance. Enhance remediation decision-making across entire data environments with guidance based on data context such as sensitivity, location, accessibility, and past actions. Mitigate disruption by pinpointing the right steps to reduce data risks promptly, minimizing guesswork and human error to prevent disruption and maintain operations. Remediation guidance covers insider threats, toxic/dark data risks Examples of BigID’s data remediation recommendations at work include reducing insider threats and mitigating toxic/dark data risks, a company spokesperson tells CSO. They cite an insider risk scenario: There’s a highly sensitive document labeled super confidential that is open to everyone in the company – as well as some external parties such as contractors and third-party vendors. “BigID can set up policies to surface potential overexposed data sets, sources, and files (open or externally accessible), as well as over-privileged users. Based on access permissions and the context of the data, BigID’s data remediation capability will automatically trigger workflows to revoke access rights and fix permissions natively to reduce insider risk as well as external access,” the spokesperson says. As for toxic data combinations, organizations often store multiple types of sensitive, personal information co-located within the same data source or table, increasing the magnitude of damages they receive if that organization ever gets breached, according to the BigID’s spokesperson. “BigID’s new data remediation recommendation capability can identify toxic data combination sets and then automatically trigger remediation workflows with data security partners to carry out the specific action, whether that’s to move, mask, or encrypt,” they add. In the scenario of dark or shadow data that typically goes unused but can be highly sensitive in nature, elevating security risk by existing in the environment without proper safeguards around it, BigID identifies non-business critical sensitive data that should be removed from the organization. “Based on the context of the data, BigID’s new data remediation will recommend and then kick off an end-to-end data deletion workflow for minimization.” Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe