An organization needs to make sure sensitive data like company confidential information or data collected from customers do not get shared outside the internal network without legitimate reasons. Sometimes sensitive data get shared outside the company network purposefully because of internal threats. And, sometimes it happens accidentally by ignorant employees. A company needs to prevent its employees from sharing sensitive data accidentally or purposefully. Data Loss Prevention is a solution or process that is used for that purpose.
What is Data Loss Prevention ?
Data Loss Prevention or DLP is a strategy to make sure that end users do not send sensitive data or critical information outside the corporate network intentionally or accidentally. Sensitive data may include confidential data like Intellectual Property or corporate data like financial documents, strategic planning document, employee information and customer data like Social Security Number, credit card number, medical records etc.
DLP can be effectively used to prevent insider threats as well as to comply with rigorous state privacy laws.
How is Data Loss Prevention done ?
Data loss can be prevented in various ways. Standard security measures include firewalls, IDPS and anti-virus solutions. They are commercially available products that can prevent insider threats and outsider attacks.
Advanced measures may include using Machine Learning to detect and prevent abnormal access of sensitive data. Honeypots (What is a Honeypot ?) and user activity monitoring solutions also can be used for that purpose.
Often designated Data Loss Prevention systems are used to detect and prevent data loss. These DLP solutions use mechanisms like data matching, data fingerpriting, statistical methods etc to prevent unauthorized sharing of sensitive data whether done accidentally or purposefully.
Sensitive data can reside on various computing devices like physical servers, virtual servers, databases, file servers or endpoint devices like computers, POS devices etc. It can also move through various network access points like wireless, VPNs etc. Thus a variety of solutions can be used to prevent data loss, data leaks and data recovery.
Data Loss Prevention solution can identify confidential data, track the data as it moves outside the enterprise network and prevent unauthorized disclosure using disclosure policies. It uses business rules to classify and protect sensitive data.
How does Data Loss Prevention solution identify sensitive data ?
A DLP solution has to first identify sensitive data in order to prevent data losses. This can be done using various techniques.
Sensitive data in fact can be of two types – structured and unstructured. Structured data are data that exist in specific formats. Credit card data, Social Security Number, date of birth, email address etc are examples of structured sensitive data. Regular expressions can effectively used to detect structured sensitive data. Data Loss Prevention solutions in fact use a number of predefined policies that have rules to identify structured sensitive data. Regular expressions are widely used for that purpose. Sometimes data is matched against context also so that sensitivity of data can be identified in a better way. For example, if an employee from payroll department looks into some other employee’s remuneration package, it is usual. But, if someone from sales department does the same, DLP solution should be able to raise a flag and report it.
Unstructured data on the other hand does not have any specific formats. Source code, media files etc are examples of unstructured sensitive data. Without analyzing the contents it is difficult to detect whether it contains any sensitive data. Data Loss Prevention solutions often use fingerprinting for this purpose. Fingerprints of unstructured sensitive data are made using cryptographic hashes and saved in databases. Later, these fingerprints are used to identify sensitive data elsewhere.
Types of DLP Solutions
Data Loss Prevention solutions prevent data breaches by monitoring sensitive data while the data is in-use in endpoint devices, in-motion in network or at-rest in data storage.
Network Based Data Loss Prevention Solution
DLP solution can prevent data loss for data in-motion by monitoring all traffic leaving the internal network. Monitored data may include all data transferred using multiple protocols like HTTP, FTP, IM, P2P, SMTP etc. For example, all files transferred outside the company network using FTP protocol or all emails sent outside the enterprise network can be monitored.
Datacenter or Storage Based Data Loss Prevention Solution
DLP solution can protect data at rest stored within an organization’s datacenter infrastructure like file servers, SharePoint and databases. It can determine where the sensitive data resides and whether it is stored securely. Protecting data at-rest may involve methods such as access control, data encryption and data retention policies.
Endpoint Based Data Loss Prevention Solution
Data Loss Prevention solution may also include agent based solution that sits on end user workstations and laptops and monitors data leaving the endpoint. It can control communication via email, instant messengers etc and can control access to physical devices and block attempted transmission of sensitive data. These solutions must be installed on every endpoint devices.
Data Loss Prevention Solution Vendors
There are quite a number of vendors that provide good Data Loss Prevention solutions. Some reputed ones are mentioned below :
Total Protection for Data Loss Prevention
Point Data Loss Prevention
Guardian Data Loss Prevention
What is Next Generation Firewall (NGFW) ?
How are malware detected by traditional anti-virus solutions & how is NGAV different from them ?
What is Deep Packet Inspection ?
What is a Honeypot ?
What is Intrusion Detection System & how does it work ?
How can AI, Machine Learning & Deep Learning be used to improve cyber security ?