TAG Blog Series 3 – How ADX is Integrated by BlackFog

Dr. EDWARD AMOROSO, FOUNDER & CEO, TAG

This series of blogs developed by TAG Infosphere highlights a powerful new cybersecurity solution known as Anti Data Exfiltration (ADX) which provides on-device data security and threat protection. Commercial vendor BlackFog pioneered ADX which is shown to effectively stop cyberattacks such as ransomware, spyware, malware, and phishing.

It is key for enterprise security teams to understand how ADX differs from traditional data loss prevention (DLP) because most security groups have tended to rely on this method for their data security. Most DLP solutions exhibit many cost, functional, and security-related drawbacks that often prevent successful implementations.

The BlackFog Enterprise product is a comprehensive solution designed to implement ADX for enterprise buyers. At the heart of BlackFog Enterprise is its on-device agent, which goes beyond traditional antivirus and Endpoint Detection and Response (EDR) solutions. As explained above, ADX focuses on preventing unauthorized data from leaving devices, a critical aspect in modern cybersecurity.

This commercial solution works by monitoring data exfiltration from any network to ensure data security and regulatory compliance. The product offers a proactive approach to cybersecurity, using AI based algorithms to identify unusual behavior and the unauthorized removal of data from devices and networks.

The product emphasizes on-device data privacy and security. It protects endpoint devices by investigating outgoing data on endpoint devices, providing a more streamlined and less intrusive approach than traditional methods like firewalls or Data Loss Prevention (DLP). This makes it effective even for mobile devices and remote work environments, securing data directly on the devices without relying solely on network-based protections.

BlackFog’s ADX works by focusing specifically on outbound data packets at level 3 of the OSI stack. As such, the solution works at the packet level to obtain information about the source and destination of the datagrams. Using AI across dozens of parameters, the BlackFog product determines the legitimacy of the packets and therefore whether or not they are permitted to leave the device.

For example, if a packet originates from some system process that does NOT have networking capability, then it has a high confidence level that the process is hijacked and should be stopped. In addition, if a packet is exfiltrating data to the dark web, then it’s probably doing something unacceptable. Similarly, the product can geofence data and determine when data is traveling to unauthorized destinations such as Russia or China, telltale signs of many ransomware attacks.

These rules are applied on every packet using an AI-based algorithms, such as behavioral analysis to stop data exfiltration. It is important to point out here that this is quite different from the way traditional data loss prevention (DLP) works. Recall that most DLP solutions work at the edge of the enterprise network much like a firewall and typically involve a hardware device that must be capable of processing large volumes of data.

As a result, DLP platforms can be expensive. In addition, all packets must flow through the checkpoint, which means that DLP is only useful behind a corporate firewall and not very useful in today’s hybrid workforce environment where everyone works from home, or on the road. Second, many DLP solutions are designed to inspect packets, decrypt them (since most traffic is effectively SSL), which can breach the end-to-end trust of a certificate.

Finally, DLP operates on the principle of data classification. That is, once the packet has been decrypted, it looks inside to see if there are tagged documents or elements. Addressing such an issue requires, of course, the ability to constantly tag documents internally. This can be virtually impossible from a resource perspective for most organizations with their high volume of documents and other types of files created on a daily basis.

BlackFog has taken the view that the traditional approach to DLP is just not feasible for most enterprise teams and designed ADX as a practical solution to all these problems. It uses real time network and process-based AI detection and analysis to provide anti data exfiltration with no human intervention.

Click here for more information on the specifics and technical details of how BlackFog helps enterprise teams implement and enforce security policies using ADX.

BlackFog is the leader in on-device data privacy, data security and ransomware prevention. Its behavioral analysis and anti data exfiltration (ADX) technology stops hackers before they even get started. The company’s cyberthreat prevention software prevents ransomware, spyware, malware, phishing, unauthorized data collection and profiling and mitigates the risks associated with data breaches and insider threats. BlackFog blocks threats across mobile and desktop endpoints, protecting organizations data and privacy, and strengthening regulatory compliance.

TAG is a trusted next generation research and advisory company that utilizes an AI-powered SaaS platform to provide on demand insights, guidance, and recommendations to enterprise teams, government agencies, and commercial vendors in cybersecurity, artificial intelligence, and climate science.

Copyright © 2024 TAG Infosphere, Inc. This report may not be reproduced, distributed, or shared without TAG Infosphere’s written permission. The material in this report is comprised of the opinions of the TAG Infosphere analysts and is not to be interpreted as consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report are disclaimed herein.