Data Detection and Response (DDR)

Data Detection & Response (DDR) refers to how organizations discover and respond to threats affecting their data. Having clear processes to address security threats is critical for preventing sensitive data exfiltration and ensuring that the organization’s data is secure.

DDR provides continuous monitoring of activity logs (ex. AWS CloudTrail) to identify new or emerging threats to your data. It can alert to suspicious activity (unusual accesses, atypical volume or data movement activity, first time accesses, new 3rd party accesses, etc.) which may require further investigation. It provides early warning to possible data breach or inadvertent disclosures. These requirements can be met by tools that monitor data events through the logs provided by the cloud vendor within the customer's cloud account. DDR complements Data Security Posture Management (DSPM), by providing near real-time alerting to suspect or malicious activity - to ensure comprehensive protection of your sensitive data.

Differences Between Data Detection and Response (DDR) and Cloud Detection and Response (CDR)

Attribute CDR DDR
Monitored environment Cloud assets and infrastructure Data repositories within the cloud environment
Threat detection method Log analysis, anomaly detection, machine learning Data-aware detection rules and behavioral analysis based on data access
Presence requirement Typically agentless, can have agents on cloud resources Typically agentless, Data collection from various sources, not limited to endpoint
Example Vendor Wiz, Rapid7 InsightIDR, FireEye Helix Sentra DDR, Exabeam, Securonix, LogRhythm

A successful solution empowers organizations to detect incidents earlier, preventing catastrophic data loss or minimizing its impact. Integration of Data Detection and Response (DDR) with Security Information and Event Management (SIEM) / Security Orchestration, Automation and Response (SOAR) tools helps mitigate "notification overload", enabling security teams to consolidate all alerts in a single location.

See All Glossary Items
Cloud Data Security

Recommended From Sentra