Perimeter monitoring, or data traffic monitoring, is the process of monitoring data movement into and out of different environments for the purpose of detecting movement that presents a potential risk to the organization. The process of perimeter monitoring is facilitated by several control schemes, including directive controls, preventative controls, and detective controls. Directive controls are standards, policies, and processes that define how data should be captured, scrubbed, and provisioned. Preventative controls aim to prevent sensitive information from entering test environments. Detective controls generate alerts when other controls fail and attempt to limit the impact, identify areas that need improvement, and collect evidence that the various controls are working. These controls help to protect systems, infrastructure, information, and brand, and when they are not followed, all of these aspects may be at risk.
Current methods for identifying non-compliant data movement are largely manual in nature, and involve manual discovery efforts that attempt to associate defined processes with actions taken. These methods typically do not use empirical data, such as activity logs, primarily because the information is difficult to properly correlate.