SecurityTrails Blog

Understanding Data Loss Prevention, DLP


Listen Later

Data loss has long been a serious issue for businesses of all sizes. Yet despite growing awareness surrounding the issue — and the security measures taken to prevent it — the number of data breaches continues to grow every year. Even worse, losing data isn't only just losing data: it also brings with it financial impact, loss of customer trust, corporate liability, loss of current and future business, and often some very hefty legal fines.
Traditional security controls such as firewalls, physical controls and network segmentation do help to keep malicious actors out of the network, but what about the inside of the network? After all, within your organization there are people with authorized access to sensitive data, and recognizing their intentions isn't easy. The danger often comes from within, and organizations need to maintain visibility over their sensitive data, including how it's interacted with, and who has access to it. This is where data loss prevention comes in.
It's a term that's often thrown around, and with such a wide scope it can be difficult to define. But that's precisely what we'll do today.
What is data loss prevention?
Data loss prevention, or DLP-is a set of procedures and tools used to prevent data loss, by ensuring that an organization's data isn't misused or accessed by unauthorized users. Organizations use DLP-to both secure their data and to comply with regulatory requirements.
The term DLP-is mostly used for tools and software that classify critical data and control data transfer to protect it from unauthorized users, and to prevent authorized users from accidentally or maliciously sharing data and putting the organization at risk. The data is classified according to the organization's business rules and policies, which are typically driven by compliance (GRPR for example).
DLP-tools monitor different entry points on a network, such as endpoints, email servers, and gateways; and also control data transfer between users and external parties. They also secure data at rest, in motion and in use and control that activity, monitoring for any potentially malicious data transfer or use. For example, DLP-tools would flag an activity such as an employee transferring corporate files to an external device, or forwarding an internal email outside the organization.
To reiterate, DLP-solutions monitor data inside the network, filter activity to stop suspicious activity, provide reporting for incident response and compliance, and analyze suspicious behavior to provide context to security teams.
Different types of data loss prevention
While we just went over how a "regular" DLP-solution works, there are still different solutions that work based on the perimeter they protect. As organizations generally have many security solutions in place, they don't often need an all, encompassing DLP. It's more practical to have one that suits their needs, with the type of solution they use focused on what needs to be protected. That's why we recognize four main types of DLP-solutions — network, endpoint, email and cloud DLP.
Network DLP
Network DLP-provides visibility into data in motion, by monitoring traffic that goes in and out of an organization's network. These solutions protect the organization's network, web application, email and FTP. Usually cloudbased, network DLP-solutions monitor every bit of data traffic between users and endpoints, blocking data transfer based on predefined rules which are customized for the organization and its policies. Unauthorized data transfer and malware are then prevented from travelling through the network.
Endpoint DLP
Endpoint DLP-solutions provide visibility into data on, well — endpoints. These solutions monitor laptops, PCs, servers, USBs, mobile devices, workstations, just about all devices on the network. They protect data used on company devices by ensuring information isn't sent or copied to unauthorized devices, and flag any attempts to do so. Endpoint ...
...more
View all episodesView all episodes
Download on the App Store

SecurityTrails BlogBy SecurityTrails