Is anyone happy with their SaaS DLP or are we all just tolerating the alerts?
We are a fintech startup with 40 people. Last month, DoControl flagged a contractor downloading our API documentation to his personal google drive. Our legacy SaaS DLP saw the credit card regex hits in slack and sent me 40 alerts that day but it didn't capture the 200 MB of source code that left through a shared Dropbox link.
I have been reviewing those credit card alerts for the three months thinking we were covered. The contractor had access to our GitHub repos, jira and confluence. DoControl correlated the download spike with account status. The contractor was inactive in our HRIS but still had live OAuth tokens in three tools.
I spent the next week finding every former employee with lingering access as our SaaS DLP was built for email attachments. Is anyone actually happy with their SaaS DLP or are we just tolerating the alerts? I am not looking for vendor recommendations, I want to know if your DLP catches real exfiltration or if you're also playing whack-a-mole with regex rules.