Active Directory, Group Policy, File Servers, SharePoint, and similar systems contain some of the most critical data businesses use. Contained within these systems are user accounts, access permissions, storage of sensitive documents, and more that must be protected from unauthorized access and use. Yet, for many companies, securing the data in these systems remains a major organizational challenge. Data security requires that IT and operations teams have a full inventory and understanding of what data they have, its sensitivity, where their critical and sensitive data resides, who/what is accessing it, and how it’s being accessed, etc. And visibility is just the first step. Baseline behavioral understanding of user access is the next important element in mitigating threats, but one that's predicated on knowing the who, what, and how.
Data has been dubbed the "crown jewels” of business. While security experts might argue about where to place controls to protect that data—directly around the data, at the endpoint, on the access permissions—it is nonetheless the data that always falls to the center. An entire class of cyber security vendors is thus focused on data-centric security for file and folder systems, share sites, and directories. Among them is Lepide, a data threat detection vendor out of the UK.
Founded in 2015, Lepide had its beginnings in helping organizations understand what was happening in their Active Directory (AD). While AD includes native capabilities, Aidan Simister, co-founder and CEO of Lepide, says the enterprises with which they were speaking early on found native controls to be insufficient for securing data. As is consistent with above sentiments, “Companies don’t have a clue where their sensitive data is and what’s happening to their files and folders,” he said during a recent briefing. He and his co-founders set out to build software to give companies visibility and control over data access, along with a way to measure data risk.
Currently delivered as on-premises software. Lepide consists of four modules: Lepide Insight Lepide Detect, Lepide Trust, and Lepide Identify. Following the basic tenets of the NIST Cybersecurity Framework, identification is the first component of the software. Upon deployment and integration with companies’ SIEM, SOAR, AD, file shares, collaboration software, and more, Lepide automatically discovers data, checks its content for sensitive information (e.g., Social Security Numbers, email addresses, credit card information), tags it, and uncovers associated access permissions.
Next, via Trust, Lepide looks at access permissions and privileges to understand who has access to what, if those permissions/privileges are appropriate, and how they could be abused. Least privilege is baked into the analysis so admins can see where the problems are then remove unnecessary access to lessen risk. At the same time, Lepide Detect is analyzing user behavior and establishing baselines to understand anomalies, how data is accessed and used, when it’s copied/modified/used, when/if new sensitive data is added, and more. With this information, Detect can identify high-risk behaviors and administrative actions, determine deviations from the norm, and alert on risky or suspicious behavior.
An important part of this process, said Simister, is the data risk scoring incorporated in the platform, whereby admins can use the dashboard to view risk scores that are determined by the sensitivity of the data, the number of accounts with access, and associated access levels. This helps companies make better decisions about their data access and improve governance, said Simister.
The final piece of the Lepide puzzle is Insight, which is the audit and reporting component of the platform. Insight is especially valuable for auditing compliance and showing which parts of a company’s infrastructure are at highest risk of data exposure. As such, the bulk of Lepide’s clients fall into highly regulated industries like healthcare, financial services, and legal, though any company concerned about data risk could take advantage of the platform’s capabilities.
“We built Lepide,” said Simister, “because companies are struggling with the tangibility of their data and managing acceptable levels of risk. It’s ridiculous that companies spend more and more on security and breaches still happen—and so many of the causes are preventable, like revoking unnecessary access to sensitive data. Our mission is to get our customers to a place where what really matters is the data.”
Along those lines, one of the most impressive aspects of Lepide is their commitment to support services. While all the major players in the space offer support, Lepide never charges for professional services and will hold customers’ hands as little or as much as the customer requires. “If a customer wants us to complete the entire install, we’ll do it. If they want to call in everyday, that’s fine with us. We want every customer to get the most value out of Lepide.”
Another attractive aspect of the technology is its affordability and scalability. Lepide customers can save as much as 40% versus competitive platforms and don’t have to worry about managing expensive, complicated hardware. Overall, Lepide is a nice option for companies that want to efficiently uncover data risk throughout their environment. One area for growth is the addition of remediation capabilities. At present, companies must use third-party tools, albeit ones likely already deployed, to alter access permissions. The opportunity for Lepide is broader integration and/or building in native capabilities. But as a young, hungry company with a passionate leader, we anticipate it won’t be long before additional features and functionality are market ready.