You might be looking for data protection software and wonder what the sales websites mean when they talk about “data at rest” and “data in motion.” Other terms you could see include “data in transit” and “data traffic.” Data can be stolen, damaged, or deleted, and those events can occur when that data is either being moved or static.

Some system activities involve a combination of data in motion and data at rest. For example, the standard for email transmission always consists of storing the email on a mail server. Therefore, to protect data fully, you need to secure it both at rest and in motion.

Here is our list of the four best security systems for data at rest and in motion:

  • CrowdStrike Falcon Insight (FREE TRIAL) The combination of endpoint-based EDR and a cloud-based SIEM. Versions are available for Windows, macOS, and Linux. Access a 15-day free trial.
  • ManageEngine Endpoint DLP Plus (FREE TRIAL) This package provides sensitive data discovery and classification plus file integrity monitoring to protect that discovered PII. Runs on Windows Server. Start 30-day free trial.
  • Endpoint Protector This data loss prevention system watches overall points on a system that can be used for data exfiltration. Available as a hosted service, as an app on cloud platforms, or for installation as a virtual appliance.
  • Acunetix A vulnerability scanner for Web applications and networks. Available as a hosted SaaS platform or for installation on Windows, macOS, or Linux.

Protecting data at rest

There are several levels of protection that you can implement for data at rest. However, you will probably end up with at least two layers of security to protect the data stored on your system. The four types of protection that you need to consider for data at rest are:

  • Endpoint protection
  • Data loss prevention
  • File integrity monitoring
  • Cloud account security

You can read more about these security services in the following sections.

Endpoint protection

An endpoint protection system is usually called endpoint protection and response (EDR) because these security packages include mechanisms to shut down attacks on endpoints. There are two threats to your endpoints – malware, an automated method to steal or damage data, and intrusion, a manual attempt.

The core of an EDR is what used to be known as an anti-malware service. However, as manual threats also need to be spotted and blocked, anti-malware required systems to expand their capabilities; this is how EDR systems came about.

Data loss prevention

There is an overlap in the purpose of EDR and data loss prevention (DLP) systems by the methodologies of the two systems are different. DLP services watch all exits and block unauthorized data transfers. This could be in the form of files attached to emails or chat messages, the copying of files onto a memory stick, transfers over network applications, such as FTP, and, However, as the printing of documents.

DLP is necessary because it also blocks insider threats.  Authorized users can disclose or damage data either accidentally or intentionally. The user could be a whistleblower or disgruntled. Tricksters might impersonate colleagues and fool a user into sending data.

Another type of insider threat is the disclosure of credentials because of phishing attacks. The result of a successful phishing attempt is called account takeover (ATOI). It is possible to buy security packages that address this tactic. ATO detection can also be integrated into EDR and DLP packages.

File integrity monitoring

There are two types of file integrity monitoring (FIM) services. The first of these protect critical system files from tampering. For example, log files must be stored and preserved in their original state if a business follows a data protection standard, such as PCI DSS, HIPAA, or GDPR. This is because external auditors will check these files for signs of data disclosure or misuse of personally identifiable information (PII).

Log files are also important sources of security information, and Security Information and Event Management (SIEM) systems mine logs for signs of intrusion or other malicious activity. Thus, log files should be protected from tampering because intruders know that they need to delete records from log files to keep them hidden.

FIM is also used to protect PII from inappropriate use. So, FIM involves finely tuning user groups and ensuring that only those accounts needing access to PII can get at those data stores. FIM for PII requires the security system to know where PII is held and how sensitive that data is. Thus, FIM systems are usually paired with sensitive data eDiscovery services. These categorize data by its degree of sensitivity. Therefore, the FIM system needs to be set up with security policies to direct different levels of security monitoring for specific categories of sensitivity.

Cloud account security

If your business uses cloud-based tools delivered on the Software-as-a-Service model, the package probably also includes storage space for data, such as log files. You might also have an account with a data storage service, such as OneDrive or Google Drive. Another commonly accessed cloud service is Web hosting.

In all of these services, your account is held on the same server as many other accounts. Therefore, you need to be sure that other account holders can’t break into your disk space, and you also don’t want the provider’s technicians to access your data.

Cloud providers ensure account privacy by fully encrypting the disk space allocated to each subscriber. This encryption is usually implemented with the Advanced Encryption Standard (AES) cipher with a 256-bit key. AES provides powerful, uncrackable encryption. Within that cloud account, you will need to set up user accounts.

Most cloud storage and productivity suites, such as Microsoft 365, allow account administrators to set up individual user accounts. The management of these accounts is as essential on cloud services as it is on your network. In addition, they enable the activity tracing services built into cloud systems to provide helpful information.

Data in Motion

Protecting data in motion is a much simpler task than safeguarding data at rest. This is because data security for internet connections has been a big issue for a long time. There are very competent protocols in existence to block hacker attempts on data in transit. Capturing data as it crosses the internet requires excellent technical skills that many hackers just don’t have. The newer scam of tricking credentials out of users is a lot easier to perform.

When protecting data in motion, you need to look at the following services:

  • Web transactions
  • File transfers
  • Team collaboration

As communication is the connective tissue between applications, the issues involved in securing data in transit are closely tied to data management at rest. The task of tracking activity with logs and tightly defining access rights spread across all resources in your system. So, when you have organized your system to secure data at rest properly, you have already performed most of the tasks needed to secure it in motion.

Protecting Web transactions

You no doubt activate and manage HTTPS for all of your Web connections. With that security service in place, you have pretty much covered your Web transaction security. In addition, periodic Web application vulnerability scanning will ensure that hackers do not have inroads into your core systems through your public-facing Web presence.

Web application firewalls can also give constant protection for your Web-based assets.

File transfers

The File Transfer Protocol (FTP) is one of the oldest systems used on the Internet, and it has worked well in all respects other than security. However, you should ensure that all of your data movement systems use SFTP or FTPS instead of FTP. Although you would choose to launch a secure file transfer system to move files, you don’t know what all of your applications are using.

System documentation and vulnerability scanning will give you insights into where file transfer activity is not adequately protected.

Team collaboration

Team collaboration systems require information to be shared. This results in the same data being both at rest and in motion. So, for example, if a group of people have access to the same document that is held on Google Drive and access it through Google Docs, that document is at rest on the Google server, its content is also frequently transferred back and forth between the Google Server and the browsers of the people who are updating it.

Fortunately, the security of those transfers is implemented by HTTPS, and the at-rest security is covered by the account encryption provided as standard by Google. Unfortunately, these security measures don’t block unauthorized disclosure by authorized users. So, your DLP solution will need to have the capability to monitor cloud resources as well as your network’s endpoints.

The best tools to protect Data at Rest and Data in Motion

You need a range of security services to protect data at rest and in motion entirely. Fortunately, some packages cover several of the functions that you should put in place for complete data security.

With these selection criteria in mind, we produced various options to suit businesses of all sizes.

Our methodology for selecting a security tool for data at rest and in motion  

We reviewed the market for data security systems analyzed tools based on the following criteria:

  • A service that can cover several data protection requirements in one package
  • Options for on-premises installation plus SaaS solutions
  • A system that is compliant with data privacy standards
  • A guided service that will automatically cover all data security issues that the system administrator might otherwise overlook or be unaware of
  • Adaptable methods that can be adjusted by templates or manually.
  • A free tool or a paid service that offers a free trial or demo for assessment
  • Value for money, represented by a complete set of functions that provide proper security without costing too much

You can read more about each of these tools in the following sections:

1. CrowdStrike Falcon Insight (FREE TRIAL)

CrowdStrike Falcon Insight adds a cloud-based SIEM onto an EDR product of CrowdStrike, called Falcon Prevent. Each Falcon Prevent instance, installed on Windows, macOS, or Linux, acts independently while also uploading activity reports and log data to the Insight cloud module.

You can get a 15-day free trial of Falcon Prevent.

Pros:

  • Spots zero-day malware, including new viruses, spyware, and ransomware
  • Combines EDR and SIEM
  • Implements UEBA for activity baselining
  • Incorporates a threat intelligence feed

Cons:

  • No file integrity monitoring

2. ManageEngine Endpoint DLP Plus (FREE TRIAL)

CrowdStrike Falcon Insight’s cloud system gets a threat intelligence feed and applies user and entity behavior analytics (UEBA) to establish an activity standard and then spot anomalous behavior. The cloud system coordinates the activities of the Prevent instances and warns all modules if one experiences an attack. The endpoint agents are equipped to shut down threats by quarantining files, isolating the device, and killing processes.

Get FREE Trial: https://go.crowdstrike.com/try-falcon-prevent.html

ManageEngine Endpoint DLP Plus is a data protection system that implements data loss prevention. Tools in this bundle of services include sensitive data discovery and classification. Identified stores of sensitive data are then protected with containerization, which only allows those files to be accessed by authorized applications, which in turn will have tight user authentication.

As well as providing protection for data at rest Endpoint DLP Plus implements file movement lockdown. USB devices, email systems, and file transfer systems are monitored and blocked if a user tries to move a classified file through one of these channels. All of the activity related to marked stores of sensitive data are logged, which provides an audit trail for compliance reporting.

ManageEngine Endpoint DLP Plus is a software package for Windows Server. The package is available in a Free edition, which is limited to monitoring files on 25 devices. You can get the Professional edition on a 30-day free trial.

  • Sensitive data discovery and classification

  • Data exfiltration controls

  • Activity logging for compliance auditing

  • Not a SaaS package

ManageEngine Endpoint DLP Plus Start a 30-day FREE Trial

3. Endpoint Protector

Endpoint Protector is a data loss prevention system that operates on endpoints. It implements activity tracking on the device, which includes application usage. It also offers a sensitive data discovery and classification service.

With a main module managing monitoring activities, endpoint agents for Windows, macOS, and Linux gather data and implement controls and responses.

Controls include USB activity management that can block all data from being copied onto memory sticks or just ban the movement of classified data. Similarly, the service monitors data movement attempts on cloud services and email systems, such as Outlook, Skype, and OneDrive. The printing of sensitive data can also be controlled. Access rights management tools work with security policies to control access to different levels of sensitive data held in files.

Endpoint Protector is a SaaS system, and it is also available on the relevant marketplaces of AWS, GCP, and Azure. It can also be installed as a virtual appliance.

Endpoint Protector covers all of the services that data thieves can use to get data out of a network. So whether the con artists manipulate innocent users into sending data out or breaking into the system and stealing it themselves, Endpoint Protector will block them. You can get access to the demo.

  • Provides a thorough strategy for the monitoring of sensitive data

  • Quickly detects threats on an endpoint and communications that activity to other device agents

  • Implements rapid responses to malware and intruder threats

  • Controls all possible channels for data movement

  • Improves access rights management

  • An integrated SIEM would have been nice to have

4. Acunetix

Acunetix is a Web application vulnerability scanner that seeks out 7,000 weaknesses, including the OWASP Top 10. There is also a network vulnerability scanner option for Acunetix, which can identify more than 50,000 potential exploits.

Acunetix implements Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST) and also includes an Interactive Application Security Tester (IAST), called AcuSensor. This is an excellent tool for protecting Web applications and thus, blocking ingress by intruders that would like to get hold of your sensitive data.

This tool is suitable for businesses that need to prove compliance with PCI DSS, HIPAA, and ISO 27001. Acunetix is offered as a hosted SaaS platform, and you can also download the software for installation on Windows, macOS, and Linux. Assess Acunetix by accessing the demo system.

  • DAST, SAST, and IAST scanning

  • Web application and vulnerability management

  • Offers scans on-demand or continuously

  • No sensitive data monitor