IT Security 101: Data Loss Prevention (DLP)

Written By Jason Minor

Introduction

Today’s ITSEC101 topic is a simple one: data loss prevention (DLP).

This is a valuable safeguard for any organization that collects, stores, processes and transmits sensitive data such as PII and PHI. I will give a brief overview of the concept and provide some specific DLP solutions.

Data Loss Prevention (DLP) Explained

Overview

DLP involves the classification and labelling of data, the monitoring of data at rest, during processing and in transit, and includes administrative and technical controls to ensure its protection against accidental and intentional unauthorized access, use and particularly disclosure outside of an organization.

It should begin with well-written, enforceable policy, procedures, standards and guidelines that cover:

data identification, classification and labelling,
data access authorization and deauthorization,
data handling processes (i.e. how it is collected, stored, transmitted, and processed),
data protection, use, misuse, and disclosure,
data retention and disposal,
data request handling,
data use and access monitoring, and incident response,
data breach notification practices,
insider threats, and
user training and awareness practices.

Data Classification

Data classification can depend highly on the regulatory environment of an organization. Possible data labels include financial records, intellectual property (IP), personal identifiable information (PII), protected health information (PHI), payment card industry (PCI), etc. This could further include classifications to indicate sensitivity or access level such as public, confidential, etc.

Data Protection

An organization, especially one that is highly regulated, must deploy robust solutions for data in transit and at rest. There are many tools available specific to DLP that can help an organization with identifying, monitoring and protecting its data. They may differ in their purpose and scope, so care should be taken when selecting them.

Additionally, some security tools that are not designed as full DLP suites include methods for DLP within their scope. For example, some security email gateways (SEGs) provide pre-built DLP policies or the ability to incorporate Regex searches in their policies to protect outbound email, and some next-generation firewalls (NGFWs) provide similar policies that rely on special DLP policies with deep-packet inspection (DPI) to scan outbound traffic for data patterns.

Other security tools can be leveraged to further assist DLP efforts. Device control can be implemented to block write access for devices that have storage capabilities. This will prevent users from transferring/copying files to external media. Similarly, DNS/URL filtering can be used to block access to cloud storage sites.

Finally, it is vital to understand that other components of an organization information security program are also vital to this effort, and a holistic approach to data protection should be taken. For example, data encryption, system backups, and access control practices play key roles in an overall data protection program. Additional advanced systems such as user and entity behavior analytics can complement an organization’s DLP solution, and enhance its effectiveness.

Data Loss Prevention (DLP) Tools

Acronis Cyber Protect Cloud
https://www.acronis.com/en-us/products/cyber-protect-cloud/

Check Point DLP
https://www.checkpoint.com/solutions/data-loss-prevention/

CoSoSys Endpoint Protector
https://www.endpointprotector.com/

Code42 Incydr
https://www.code42.com/products/incydr/

Digital Guardian
https://www.digitalguardian.com/

Forcepoint DLP
https://www.forcepoint.com/product/dlp-data-loss-prevention

Microsoft Purview DLP
https://www.microsoft.com/en-us/security/business/information-protection/microsoft-purview-data-loss-prevention

Proofpoint DLP
https://www.proofpoint.com/us/products/data-loss-prevention

Safetica
https://www.safetica.com/

SolarWinds ARM
https://www.solarwinds.com/access-rights-manager

Sophos
https://www.sophos.com/

Symantec DLP
https://www.broadcom.com/products/cybersecurity/information-protection/data-loss-prevention

Teramind
https://www.teramind.co/solutions/dlp-data-loss-prevention/

Trend Micro IDLP
https://www.trendmicro.com/

Trellix DLP
https://www.trellix.com/products/dlp/

Varonis
https://www.varonis.com/platform/dlp

Conclusion

DLP is a simple concept, yet its use is complex. A defender should understand the complete scope of the data within their organization’s environment, and know the appropriate controls to protect it. Deploying a DLP solution is not a simple task, as it takes time to identify and classify the data, and must be adjusted for any changes within the organization that affect its scope.

Daily Cuppa

Today’s cup of tea is a refreshing Organic Green Tea provided by Newman’s Own. Organic, and non-profit. It’s a deliciously rich and healthy alternative to start the morning.

If you found this article of use, or enjoy the site in general, feel free to buy the author a cup of tea.
The author is also available for work.

Jason Minor
Previous

IT Security 101: DKIM, SPF and DMARC
Next

IT Security 101: the Structured Threat Information Expression (STIX) Standard