Episode #21 - Automating continuous Classifying, Modeling, & Auditing of data actions with Theom
Manage episode 346277370 series 3298179
We at Ink8r have long been advocates for calibrating protection against threat modeling exercises to properly align protection for assets. When it comes to securing production resources in the cloud this often means extending beyond Cloud Security Posture Management (CSPM) and including Data Security Posture Management (DSPM), among other capabilities, to properly address threats. With Theom we find not only a complete data security solution but also a platform that has truly thought through what the enterprise practically requires.
Join us as we speak with Navindra Yadav, serial entrepreneur & inventor, and Co-Founder & CEO of Theom as we explore their platform and how they are truly the enterprise's Data Bodyguard!
Theom leverages NLP classifiers to discover/classify your data in the cloud across analytical stores, object stores, and relational databases (all at a granular level) and even monitors how that data is accessed (in-flight observations). With this approach, Theom can determine potential financial exposure by combining metadata of the entities accessing/actioning the data along and determining the sensitivity of that data. Historically, determining Annualized Loss Expectancy has been challenging. Organizations typically must determine an Annual Rate of Occurrence (ARO) and multiply it by the Single-Loss Expectancy (SLE) for each time a risk arises. With Theom this becomes infinitely easier and allows for a quantitative view of risk for your critical assets. WOW!
And that is just the beginning. Theom will also determine anomalous behavior regarding entity activity to help curtail overprovisioned access and help thwart more complicated 'slow leak' attacks. Activity can include actions on data, as well as how the data is being accessed. By looking at API access and comparing against Swagger specs for the API, Theom can expose discrepancies between spec and actual API configuration/exposure. Another WOW!
A final note on Theom has to do with platform design and the team's foresight regarding architecture. By leveraging Distributed Ledger Technology (DLT) Theom has placed a priority on security from several perspectives. They immediately deliver Proof of Action for every transaction including proof that Theom doesn't manipulate any customer data (i.e., all analytics happens in the customer environment, without data movement of any kind); all data analytics incur minimal costs to the customer (e.g., we are talking under $20/day, which is incredible); and an entire world opens up for futures around concepts such as Proof of State (e.g., imagine an auditor or cyberinsurance company validating state directly - without interacting with Theom at all).
45 episode