Thales is adding data risk intelligence functionality to the Imperva Data Security Fabric (DSF) solution, marking the first joint offering that includes capabilities inherited through its acquisition a year ago of Imperva and giving it traction in a growing subset of the larger threat intelligence space.
There is growing pressure on organizations to better protect their data, which is increasingly distributed throughout on-premises, cloud, and edge environments and is increasingly the target of highly sophisticated threat groups. The costs of data breaches also continues to rise and governments are instituting data protection requirements through such laws as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Managing data security in such a threat landscape and regulatory compliance environment is difficult. In its 2024 data threat report, Thales, an MSSP 250 company, found that 93% of enterprises reported an increase in threats compared to the previous year.
All of this opens opportunities for MSSPs “to leverage data risk intelligence for differentiation and competitive advantage, as well as a growing additional revenue stream,” Krista Case, research director and senior analyst with The Futurum Group, told MSSP Alert.
Identifying the Data at Risk
Threat intelligence is a broad focus aimed at gaining insight into malicious actors’ tactics, techniques, and procedures (TTPs), including their motivations, and the techniques and tools they use to breach and compromise systems, Case said. Data risk intelligence is about identifying, assessing, and mitigating risks to data assets, including uncovering and analyzing the potential exposure of and threats to sensitive, high-value, and compliance datasets.
“The space is growing in interest and in dollars spent,” she said. “This is due not only to the growing importance of data in our modern economy and lives, but also due to the subsequent frequency and severity of data breaches, as well as their growing sophistication.”
Krishna Ksheerabdhi, director of product marketing for data security at Thales, told MSSP Alert that “trying to identify where risk exists when it comes to data is not necessarily new; organizations have attempted to do this in the past. The issue now is that threat actors have tools such as AI that increase their velocity and breadth of reach, and traditional manual processes of collecting and analyzing risk data cannot keep pace.”
It’s further complicated by organizations relying on multiple vendors and tools, which leads to a fragmented view of data risk, Ksheerabdhi said.
“In an era where AI-fueled threats are becoming increasingly sophisticated, our clients face adversaries designed to outmaneuver native cloud and on-premises defenses,” he said. “It is now more important than ever to shift from a reactive incident response to a more proactive fortification of their data estate.”
The new offering unites risk and threat identification capabilities in Imperva DSF with data protection functions in Thales’ CipherTrust Data Security Platform. According to Thales, its new Data Risk Intelligence solution combines intelligence and contextual insights that give enterprises and SMBs greater visibility of the risks to such critical data and assesses the strength of encryption across their entire data environments. CISOs, other executives, and data specialists can use the information to identify the most critical data that is at the highest risk and prioritize ways to mitigate the risks.
NVISIONx, a Santa Monica, California-based data security posture management company, wrote in a blog post in July that data risk intelligence “is about knowing all of your data in both business context as well as in terms of cyber risk and compliance. Removing the blinders and knowing your data more completely will empower you to make better decisions to enhance your broad data protection capabilities.”
Merging Thales, Imperva Capabilities
Thales in December 2023 closed the deal to buy Imperva from private equity firm Thoma Bravo for $3.6 billion. Thales, based in France, bought Imperva to enhance its data security capabilities and extend its reach into the application security space.
Key capabilities offered by Thale’s Data Risk Intelligence include improved risk prioritization, more complete visibility of data risks, risk indicators, integration of encryption capabilities of Thales’ CipherTrust Data Security Platform, and advanced analytics that includes posture-based and machine learning behavioral risk indicators.
“Data is our lifeblood, and its privacy and protection is paramount for both business and legal reasons,” Futurum’s Case said. “Obtaining intelligence into the risk profile of the data estate is critical to, naturally, reducing risk and reducing the likelihood of a breach, but also to optimizing continuity of core business operations and services. It is also needed to comply with data privacy legislation.”
MSSPs Offer Visibility, Strategies
For MSSPs, the increasing data sprawl across a complex and disparate network of infrastructure and devices enhances consulting and managed services opportunities to help organizations obtain visibility into their data security posture and risk profile, she said.
“From there, [they can help] to craft strategies to optimize data protection,” Case said. “This could include identification, classification, and the assignment of protection policies for sensitive data, data loss prevention [DLP] to prevent malicious access to and sharing of sensitive data, and continuous monitoring for anomalies and threats.”
MSSPs also can offer guidance for complying with the ever-evolving data privacy regulatory landscape.
“The more data we can collect and combine, the more accurate view the MSSP and MSP can gain,” Thales’ Ksheerabdhi said. “The value to the MSSP and MSP is that with this visibility, they can examine their customer’s environment and identify where improvements can be made, either through a professional service or by deploying a specific technology service to fortify the environment.”
