Data Loss Prevention
Handling Sensitive Information
Organizations handle sensitive information like trade secrets, business plans, health records, and PII.
- Types include trade secrets, business plans, health records, and PII
- Risks include security incidents, fines, and reputational damage
Data Loss Prevention (DLP)
DLP is a technology used to identify, monitor, and protect sensitive data to prevent unauthorized access, use, or transmission.
- Prevents unauthorized access, use, or transmission of sensitive data.
- Safeguards against accidental or malicious data sharing.
- Uses policies, monitoring, and enforcement to mitigate potential breaches.
- Protects against data leakage across channels like email, web, and endpoints.
- Involves content discovery, classification, encryption, and policy enforcement.
A data loss prevention system can scan outgoing messages to determine whether they potentially contain personally identifiable information or other sensitive information.
DLP Mechanisms
DLP solutions use the following mechanisms in action:
-
Pattern matching
- Detects sensitive formats like credit card and Social Security numbers
- Scans for terms like "confidential", "proprietary", or "top secret"
- Uses algorithms to minimize false positives
-
Watermarking
- Labels documents with electronic tags for tracking
- Monitors movement across networks to enforce policy
- Logs access and sharing of sensitive files for compliance
Identity Finder
Identity Finder is a host-based tool that scans systems for sensitive information.
- Scans for data like Social Security numbers, passwords, and credit card numbers
- Users can delete or encrypt sensitive files based on the findings
Endpoint DLP
Also known as Host-based DLP, the Endpoint DLP system is a security solution designed to monitor and control data transfers on endpoint devices such as laptops, desktops, smartphones, and tablets.
- Detects sensitive data based on predefined rules.
- Prevents unauthorized data transfers.
- Enforces data security policies consistently.
- Works like an IDS/IPS but for data
- Can be set to detection mode or prevention mode
Network DLP
A Network Data Loss Prevention (DLP) system is a piece of software or hardware that monitors and control data transfers within a network infrastructure.
- Placed at the perimeter of the network.
- Detects data-in-transit; focused on things going out of the network.
- Scans for unencrypted sensitive data and blocks unauthorized transmissions
- Can automatically encrypt content, especially for email-related DLP systems
Storage DLP
A Storage Data Loss Prevention (DLP) system is a software installed on a server in a datacenter that inspects the data-at-rest.
- Safeguard sensitive data stored across different storage platforms.
- Ensure compliance with security policies and regulations.
Cloud-based DLP
A DLP usually offered as a SaaS and is part of the cloud service and storage needs.
- Data stored in the cloud services are protected.
- Example: Google Drive