DLP The Problem

What is DLP?
Data Loss Prevention (or Data Loss Protection) solutions/products are designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders. It has also been referred to as Information Leak Detection & Prevention (ILDP), Information Leak Prevention (ILP) or Content Monitoring and Filtering (CMF).

Why do I need DLP?
Today’s security professionals face a daunting challenge: Protecting the organization’s most valuable asset, its information, amidst widespread investment in new, more efficient communication technologies. As organizations invest in new business systems and processes to exchange critical information to, from and about customers, partners, and employees in real-time, more opportunity exists for information leaks. Data breaches are rapidly becoming the forerunner of IT security concerns, in part because of the increase in both the frequency and severity of such breaches.

The situation is further complicated by the need to protect sensitive data whether it’s at rest – i.e. stored within repositories inside the enterprise – or in motion, either on the corporate network or on external links. This task has been compounded by the influx of consumer-based technology into the workplace, such as digital media players, cameras, IM and social networking sites, and USB devices, which are all potential sources of information leaks.

Over the years, organizations have spent a tremendous amount of resources in hopes of protecting their information. However, their efforts have been focused on preventing outsiders from hacking into the organization, educating employees, and securing data at rest. According to analyst firms, the majority of all leaks are the result of unintentional information loss from employees and partners, both external and internal leaks. The average information leak costs organizations approximately $182 per record (according to the Ponemon Institute), averaging roughly $4,800,000 per breach in total. The high cost of a breach can have a profound effect on organizations P&L, market presence, and competitive advantage as a result of damage to brand and reputation, and loss of customers and IP. As organizations invest millions in business systems increasing the availability of information to build or maintain a competitive edge, there remain a slew of security-related considerations, including:

• Where is the organization’s confidential & sensitive data?
• How, where, and when is the data transmitted and by whom?
• How can the data be controlled and protected?
• What is my organization’s financial risk (from a leak)?

How Does DLP Work?
DLP solutions classify data in motion, at rest, and in use, and then dynamically apply the desired type and level of control, including the ability to perform mandatory access control that can’t be circumvented by the user. It monitors multiple channels for specific inbound and outbound content. DLP solutions typically:

• Performs content-aware deep packet inspection on inbound and outbound network communications traffic including email, IM, FTP, HTTP and other TCP/IP protocols
• Track complete sessions for analysis, not individual packets, with full understanding of application semantics
• Use linguistics analysis techniques beyond simple keyword matching for detection (i.e. advanced regular expressions, partial document matching, Bayesian analysis and machine learning)
• Detect (or filter) content that is based on policy-based rules
• Block (at a minimum) policy-based violations over email