Toxic Combinations of Risks

The best scenario for seeing contextual intelligence in action is detecting Toxic Combinations of Risks.

Toxic Combinations of Risks is a concept that refers to scenarios where seemingly benign security risks, such as access entitlements or misconfigurations, do not appear to be critical when assessed in isolation. However, when all these low-risk scenarios are combined together under one roof or context, they give a picture of a highly critical data security risk. For instance, a publicly exposed S3 bucket, newly discovered sensitive data, or an unsanctioned AI model may initially appear as low-risk incidents. However, when all these dots are linked together, security teams may realize that the unsanctioned AI model has access to the publicly exposed S3 bucket that contains sensitive data. This leads to a scenario where an external attacker could poison the data that the AI model would eventually use without proper security and access controls.

DSPM uses the power of the Knowledge Graph to link together and better understand different metadata attributes. This helps effectively identify and prioritize the detection of such a toxic combination of risks. The solution helps teams create custom toxic combination rules that consider the business context of the data and application needs. Ultimately, security teams experience effective risk identification and fewer false positives.

It is also imperative to understand that every business has some unique data that demands context-specific security, governance, and compliance controls. The ability to create custom rules for a toxic combination of risks can effectively allow security teams to identify risks that closely align with the business context.