- Data loss prevention software
-
Data Loss Prevention (DLP) is a computer security term referring to systems that identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination and so on) and with a centralized management framework. Systems are designed to detect and prevent unauthorized use and transmission of confidential information Vendors refer to the term as Data Leak Prevention, Information Leak Detection and Prevention (ILDP), Information Leak Prevention (ILP), Content Monitoring and Filtering (CMF), Information Protection and Control (IPC) or Extrusion Prevention System by analogy to Intrusion-prevention system.
Contents
Types of DLP Systems
Network DLP (aka Data in Motion <DiM>)
Typically a software or hardware solution that is installed at network egress points near the perimeter. It analyzes network traffic to detect sensitive data that is being sent in violation of information security policies.
Storage DLP (aka Data at Rest <DaR>)
Typically a software solution that is installed in data centers to discover confidential data is stored in inappropriate and/or unsecured locations (e.g. open file share).
Endpoint DLP (aka Data in Use <DiU>)
Such systems run on end-user workstations or servers in the organization. Like network-based systems, endpoint-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users (e.g. 'Chinese walls'). They can also control email and Instant Messaging communications before they are stored in the corporate archive, such that a blocked communication (i.e., one that was never sent, and therefore not subject to retention rules) will not be identified in a subsequent legal discovery situation. Endpoint systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities) and in some cases can access information before it has been encrypted. Some endpoint-based systems can also provide application controls to block attempted transmissions of confidential information, and provide immediate feedback to the user. They have the disadvantage that they need to be installed on every workstation in the network, cannot be used on mobile devices (e.g., cell phones and PDAs) or where they cannot be practically installed (for example on a workstation in an internet café).
Data identification
DLP solutions include a number of techniques for identifying confidential or sensitive information. Sometimes confused with discovery, data identification is a process by which organizations use a DLP technology to determine what to look for (in motion, at rest, or in use). DLP solutions use multiple methods for deep content analysis, ranging from keywords, dictionaries, and regular expressions to partial document matching and fingerprinting. The strength of the analysis engine directly correlates to its accuracy. The accuracy of DLP identification is important to lowering/avoiding false positives and negatives. Accuracy can depend on many variables, some of which may be situational or technological. Testing for accuracy is recommended to ensure a solution has virtually zero false positives/negatives.
Data leakage detection
Sometimes a data distributor gives sensitive data to a set of third parties. Some time later, some of the data is found in an unauthorized place (e.g., on the web or on a user's laptop). The distributor must then investigate if data leaked from one or more of the third parties, or if it was independently gathered by other means.[1]
Data at Rest
"Data at rest" specifically refers to old archived information that is stored on either a client PC hard drive, on a network storage drive or remote file server, or even data stored on a backup system, such as a tape or CD media. This information is of great concern to businesses and government institutions simply because the longer data is left unused in storage, the more likely it might be retrieved by unauthorized individuals outside the network.
See also
References
- ^ Panagiotis Papadimitriou, Hector Garcia-Molina (January 2011), "Data Leakage Detection", IEEE Transactions on Knowledge and Data Engineering 23 (1): 51–63, doi:10.1109/TKDE.2010.100, http://ilpubs.stanford.edu:8090/968/1/leakage_tkde_final.pdf
External links
- The Full Cost of Computer Data Loss Calculator, provided by Data Recovery Group
- Data Loss Database, maintained by attrition.org
- Cost of a Data Breach, maintained by ponemon.org
- Cornell Spider, Open Source Data-at-Rest Data Loss Prevention Software by Cornell University
Malware Infectious malware Concealment Malware for profit Privacy-invasive software · Adware · Spyware · Botnet · Keystroke logging · Web threats · Fraudulent dialer · Malbot · Scareware · Rogue security software · RansomwareBy operating system Protection Antivirus software · Defensive computing · Firewall · Intrusion detection system · Data loss prevention softwareCountermeasures Categories:
Wikimedia Foundation. 2010.