Back to glossary


Data Detection and Response (DDR) describes a technology-enabled solution for dynamically protecting data stored in the cloud. DDR tools look beyond static posture and risk analysis, and take data content and context into account in order to identify cybersecurity risks in real time. With DDR, organizations are able track both data in use and data at rest at a granular level, regardless of which cloud data store it resides in (both managed and unmanaged). DDR is capable of detecting threats based on what is done with the data – which can make it useful for preventing insider risk, or other types of misuse of data by authorized personnel.

DDR tools need to operate in an agentless model in order to monitor infrastructure owned by public cloud providers, without sacrificing speed or accuracy in monitoring data events. Data privacy and compliance with legislation such as GDPR should also be considered, as the solution requires access to sensitive customer data. Both of these requirements can be satisfied by tools that monitor data events using the logs provided by the cloud vendor, within the customer’s cloud account.

An effective solution allows organizations to catch incidents earlier, averting calamitous data loss or minimizing its harms. DDR can also be integrated with SIEM/SOAR tools to reduce ‘notification overload’ and allow security teams to consume all alerts in one place.

To learn more: