How to secure your companies secrets with DLP – Data Leakage Prevention
Insider threat is a security threat to network assets and most importantly business data, from people inside a network. Insiders are company employees and contractors or partners. The data breaches caused by employees are lots of times unintentional, losing a company laptop or sending a business document to a wrong address. Data breaches by intentionally malicious employees are less often. Data breaches caused by outsiders that are authorized to access networks are more times intentional than accidental. Edward Snowden’s worked for NSA as an outside contractor, took their data and released it in public.
Security solutions specialized for business data protection are known as Data Loss Prevention or DLP. They have three primary functions.
A – To recognize business data no matter the document type or the language in which the documents are written. This is where they perform data classification, categorization, fingerprinting, discovery, machine learning etc. Some types of data are pre-configured, like the formats of credit card numbers, keywords etc. For custom data we point the solution to an example document or lots of them and it is then scanned – DLP can learn how our business data looks.
B – To detect – discover – this data as it is being used, transferred or simply stored somewhere. We call this three – data in use, data at rest, and data in motion.
C – To monitor and report about data, and most importantly to detect, alert on, and possibly block everything that is not according to pre-configured corporate security policies and business practices. For instance to block users from printing certain documents, or block a group of users from accessing a customer database, preventing any kind of document being sent by email except to whitelisted addresses, or to completely block saving documents on USB media.
Additionally it is good to have advanced forensic capabilities on data incidents, those are detected events that are not in compliance with configured policies.
As we can see, this are usually quite “big”, complex solutions. They have a broad set of functionalities and must be able to “look” everywhere – monitor the networks, all the endpoints, applications, user directories, gateways to internet, storage archives etc. Most of the vendors have a complete DLP suite with an option to buy just a part of it. To get started with GDPR compliance companies could for instance use just a Discovery part of DLP solutions. Some customers need only endpoint monitoring, others don’t care about data usage on endpoints but need to monitor data transfers on local networks, web and email. For more information, please visit Trellix & Skyhigh security (McAfee Enterprise) or Forcepoint website.