How Lightbeam Implements Data Security Posture Management (DSPM)
Lightbeam’s DSPM discovers and secures sensitive data across cloud, on-prem & hybrid systems with AI-driven, identity-centric protection.
How Lightbeam Implements Data Security Posture Management (DSPM)
Lightbeam’s DSPM discovers and secures sensitive data across cloud, on-prem & hybrid systems with AI-driven, identity-centric protection.
Transcript
Hello everybody.
I'm Hena. I'm the product marketing manager here at
lightbeam, and today I'll walk you through, uh, our DSPM,
our capabilities that we have.
Uh, one thing about lightbeam is
that we are identity centric, and that's how we do our DSPM.
So do it.
Uh, firstly, as you can see, this is our,
you know, create dashboard.
And there there's a lot that you can do here.
But today we're just gonna focus on our DSPM capabilities,
starting with, which are data classification.
So data classification, the first step
of it is data discovery.
You connect all the data sources.
There are different types of data sources
that you can connect, connect it to,
or it can be your structured or your unstructured
or your semi-structured data sources.
And we deploy in, you know, cloud or be it your on-prem
or even SaaS environments.
So once you have it all connected, you can go
and start, you know, scanning for different types
of P-I-P-H-I, uh, data.
And then we can start classifying.
Uh, as you can see here, the different types
of classifications already present.
There is data, there's human resources, finances,
or, uh, identity, medical or legal, right?
And bunch of other stuff also
that you can just customize based on your requirement
or your industries or your, uh, company's requirement.
Uh, if you want something that is not here
and you want to create it, you can click on
or create new classification.
You can, uh, name it. Let's say finance.
You give your own description to be more specific,
and then you, if you want it to be even more specific,
let's start with, uh, earning statements, right?
There are different types of, uh,
financial information that is there.
So you can just create, okay,
and then created your create, uh, classified dashboard,
which is gonna click on financial, uh, documents.
So you can see the document has been classified
as financial, and then there's sub classification,
there's earning statements, there's much more.
What you need to do is you can just filter it out.
Let's say you just want to look at, um, you know,
invoices, right?
Uh, we can just apply that filter and only invoices
and receipts will show up, right?
So this is all really easy.
You can customize it, uh, easy to use.
Second part to it is that once you have it all classified,
as you can see, I opened a sample later just
to give you a better look at what we do.
This is the classification is financial,
and it is sub classification, invoices, receipts.
And what you can see here is that we found, uh,
some financial records in AWS, right?
This is the exact name,
but you'll find who is the object owner,
when was it modified, and what is the link of it, right?
And here you can see this is the sort of data that is there.
Now, one more cool thing
and something that is also required in DSPM is
what risk remediation.
Now, how do you remediate risk?
One form is, and lightbeam also helps you
To do is, uh, you can mask your sensitive data,
be it when you are using the IBM also,
if you want to share this file.
So what I need to do is I can just unmask it for now,
and let's say it was already unmask
is a new piece of information.
I see, okay. Here, there's a lot of financial information
that I probably don't want other people to find out, right?
So I'm just gonna mask this data
and if I want to download this file
and I wanna share it with somebody,
I can just share it without, uh, you know, having that data
exposed to a lot of people.
Yeah. Okay.
So, um, talking about, uh, risk remediation,
how I was talking about policies.
I'm just gonna take you through, uh, briefly as to
how you can create policies for so that you have, uh,
you know, automated risk remediation, uh, the masking part
that, that we were looking at earlier.
That's, you know, masking and unmasking.
That was a real manual, um, drive.
So what you can do is your list.
We can go to all policies, uh, from our dashboards,
and there's some policies that we've already created.
Uh, we have external access,
internal access for external access.
Let's say you don't want, you want us to, like,
we do flag sensitive information if it's been shared
with somebody who's outside organization
or somebody who has not been authorized, right?
Or if you want to flag sensitive information,
it has been if it contains like,
you know, customers or client.
So different types. And if you also want to create
a new rule set, you can just go to create new rule set.
You can name it up, let's say open access, right?
You can give a descrip in terms of, I do not want,
can you flag if there is a file which just has open access
and has, you know, P-I-I-P-H-I information.
The second part would be for you
to connect it to data sources.
You can customize, you only want to see, uh, let's say
in Gmail, who is sharing open access files
with P-H-I-P-I-I data, right?
Uh, then you can create your particular notifications.
Let's you select Gmail for now,
and then we're gonna go at next
a bunch of alerts.
Who is going to alert this?
Who is the total, uh, data source owner?
Who is the object owner?
Uh, do you, who do you want it to, uh, assign
to or alert to?
You want it to alert to the data source owner so
that the data source owner, let's say at Gmail, they know,
uh, you know, this particular file has been shared.
What is the alert notification going to look, look like?
What is the severity? Is it critical? Is it warning?
I would say if it's, let's say customer, client,
you can also do that.
And then you can create it as critical.
Uh, what other regular, you know, you, let's say you want
to comply to CCPA, write off.
And then you can just save and close. There you have it.
Different types of, uh, policies that you can create.
And this will ensure
that you have automated risk remediations.
I'm Hena. I'm the product marketing manager here at
lightbeam, and today I'll walk you through, uh, our DSPM,
our capabilities that we have.
Uh, one thing about lightbeam is
that we are identity centric, and that's how we do our DSPM.
So do it.
Uh, firstly, as you can see, this is our,
you know, create dashboard.
And there there's a lot that you can do here.
But today we're just gonna focus on our DSPM capabilities,
starting with, which are data classification.
So data classification, the first step
of it is data discovery.
You connect all the data sources.
There are different types of data sources
that you can connect, connect it to,
or it can be your structured or your unstructured
or your semi-structured data sources.
And we deploy in, you know, cloud or be it your on-prem
or even SaaS environments.
So once you have it all connected, you can go
and start, you know, scanning for different types
of P-I-P-H-I, uh, data.
And then we can start classifying.
Uh, as you can see here, the different types
of classifications already present.
There is data, there's human resources, finances,
or, uh, identity, medical or legal, right?
And bunch of other stuff also
that you can just customize based on your requirement
or your industries or your, uh, company's requirement.
Uh, if you want something that is not here
and you want to create it, you can click on
or create new classification.
You can, uh, name it. Let's say finance.
You give your own description to be more specific,
and then you, if you want it to be even more specific,
let's start with, uh, earning statements, right?
There are different types of, uh,
financial information that is there.
So you can just create, okay,
and then created your create, uh, classified dashboard,
which is gonna click on financial, uh, documents.
So you can see the document has been classified
as financial, and then there's sub classification,
there's earning statements, there's much more.
What you need to do is you can just filter it out.
Let's say you just want to look at, um, you know,
invoices, right?
Uh, we can just apply that filter and only invoices
and receipts will show up, right?
So this is all really easy.
You can customize it, uh, easy to use.
Second part to it is that once you have it all classified,
as you can see, I opened a sample later just
to give you a better look at what we do.
This is the classification is financial,
and it is sub classification, invoices, receipts.
And what you can see here is that we found, uh,
some financial records in AWS, right?
This is the exact name,
but you'll find who is the object owner,
when was it modified, and what is the link of it, right?
And here you can see this is the sort of data that is there.
Now, one more cool thing
and something that is also required in DSPM is
what risk remediation.
Now, how do you remediate risk?
One form is, and lightbeam also helps you
To do is, uh, you can mask your sensitive data,
be it when you are using the IBM also,
if you want to share this file.
So what I need to do is I can just unmask it for now,
and let's say it was already unmask
is a new piece of information.
I see, okay. Here, there's a lot of financial information
that I probably don't want other people to find out, right?
So I'm just gonna mask this data
and if I want to download this file
and I wanna share it with somebody,
I can just share it without, uh, you know, having that data
exposed to a lot of people.
Yeah. Okay.
So, um, talking about, uh, risk remediation,
how I was talking about policies.
I'm just gonna take you through, uh, briefly as to
how you can create policies for so that you have, uh,
you know, automated risk remediation, uh, the masking part
that, that we were looking at earlier.
That's, you know, masking and unmasking.
That was a real manual, um, drive.
So what you can do is your list.
We can go to all policies, uh, from our dashboards,
and there's some policies that we've already created.
Uh, we have external access,
internal access for external access.
Let's say you don't want, you want us to, like,
we do flag sensitive information if it's been shared
with somebody who's outside organization
or somebody who has not been authorized, right?
Or if you want to flag sensitive information,
it has been if it contains like,
you know, customers or client.
So different types. And if you also want to create
a new rule set, you can just go to create new rule set.
You can name it up, let's say open access, right?
You can give a descrip in terms of, I do not want,
can you flag if there is a file which just has open access
and has, you know, P-I-I-P-H-I information.
The second part would be for you
to connect it to data sources.
You can customize, you only want to see, uh, let's say
in Gmail, who is sharing open access files
with P-H-I-P-I-I data, right?
Uh, then you can create your particular notifications.
Let's you select Gmail for now,
and then we're gonna go at next
a bunch of alerts.
Who is going to alert this?
Who is the total, uh, data source owner?
Who is the object owner?
Uh, do you, who do you want it to, uh, assign
to or alert to?
You want it to alert to the data source owner so
that the data source owner, let's say at Gmail, they know,
uh, you know, this particular file has been shared.
What is the alert notification going to look, look like?
What is the severity? Is it critical? Is it warning?
I would say if it's, let's say customer, client,
you can also do that.
And then you can create it as critical.
Uh, what other regular, you know, you, let's say you want
to comply to CCPA, write off.
And then you can just save and close. There you have it.
Different types of, uh, policies that you can create.
And this will ensure
that you have automated risk remediations.