Data loss prevention software

Data loss prevention software

Data Loss Prevention (DLP) is a computer security term referring to systems that identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination and so on) and with a centralized management framework. Systems are designed to detect and prevent unauthorized use and transmission of confidential information Vendors refer to the term as Data Leak Prevention, Information Leak Detection and Prevention (ILDP), Information Leak Prevention (ILP), Content Monitoring and Filtering (CMF), Information Protection and Control (IPC) or Extrusion Prevention System by analogy to Intrusion-prevention system.


Types of DLP Systems

Network DLP (aka Data in Motion <DiM>)

Typically a software or hardware solution that is installed at network egress points near the perimeter. It analyzes network traffic to detect sensitive data that is being sent in violation of information security policies.

Storage DLP (aka Data at Rest <DaR>)

Typically a software solution that is installed in data centers to discover confidential data is stored in inappropriate and/or unsecured locations (e.g. open file share).

Endpoint DLP (aka Data in Use <DiU>)

Such systems run on end-user workstations or servers in the organization. Like network-based systems, endpoint-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users (e.g. 'Chinese walls'). They can also control email and Instant Messaging communications before they are stored in the corporate archive, such that a blocked communication (i.e., one that was never sent, and therefore not subject to retention rules) will not be identified in a subsequent legal discovery situation. Endpoint systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities) and in some cases can access information before it has been encrypted. Some endpoint-based systems can also provide application controls to block attempted transmissions of confidential information, and provide immediate feedback to the user. They have the disadvantage that they need to be installed on every workstation in the network, cannot be used on mobile devices (e.g., cell phones and PDAs) or where they cannot be practically installed (for example on a workstation in an internet café).

Data identification

DLP solutions include a number of techniques for identifying confidential or sensitive information. Sometimes confused with discovery, data identification is a process by which organizations use a DLP technology to determine what to look for (in motion, at rest, or in use). DLP solutions use multiple methods for deep content analysis, ranging from keywords, dictionaries, and regular expressions to partial document matching and fingerprinting. The strength of the analysis engine directly correlates to its accuracy. The accuracy of DLP identification is important to lowering/avoiding false positives and negatives. Accuracy can depend on many variables, some of which may be situational or technological. Testing for accuracy is recommended to ensure a solution has virtually zero false positives/negatives.

Data leakage detection

Sometimes a data distributor gives sensitive data to a set of third parties. Some time later, some of the data is found in an unauthorized place (e.g., on the web or on a user's laptop). The distributor must then investigate if data leaked from one or more of the third parties, or if it was independently gathered by other means.[1]

Data at Rest

"Data at rest" specifically refers to old archived information that is stored on either a client PC hard drive, on a network storage drive or remote file server, or even data stored on a backup system, such as a tape or CD media. This information is of great concern to businesses and government institutions simply because the longer data is left unused in storage, the more likely it might be retrieved by unauthorized individuals outside the network.

See also


  1. ^ Panagiotis Papadimitriou, Hector Garcia-Molina (January 2011), "Data Leakage Detection", IEEE Transactions on Knowledge and Data Engineering 23 (1): 51–63, doi:10.1109/TKDE.2010.100, 

External links

Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Data Loss Prevention — (DLP) ist ein einprägsamer Marketingbegriff aus dem Bereich der Informationssicherheit. Auch Data Leak / Leakage Prevention genannt, ist DLP aus der „Extrusion Prevention“ Technik hervorgegangen. Klassisch gesehen gehört DLP zu den… …   Deutsch Wikipedia

  • Data loss prevention products — Data Loss Prevention (DLP) is a computer security term referring to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders. It is also referred to by various… …   Wikipedia

  • Data loss — is an error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing. Information systems implement backup and disaster recovery equipment and processes to prevent data loss …   Wikipedia

  • Antivirus software — Antivirus redirects here. For antiviral medication, see Antiviral drug. Antivirus or anti virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and… …   Wikipedia

  • List of free and open source software packages — This article is about software free to be modified and distributed. For examples of software free in the monetary sense, see List of freeware. This is a list of free and open source software packages: computer software licensed under free… …   Wikipedia

  • Endpoint Data Protection — ist eine gängige Maßnahme zum Überwachen und Kontrollieren von Datenübertragungen eines Netzwerkes nach innen und Außen. Diese Maßnahme wird in Unternehmen und Behörden getroffen, um den ungewollten Datenabfluss zu verhindern und sich somit gegen …   Deutsch Wikipedia

  • Norman (Software) — Norman Rechtsform Aktiengesellschaft Gründung 2. Oktober 1984 Sitz …   Deutsch Wikipedia

  • Software bug — To report a MediaWiki error on Wikipedia, see Wikipedia:Bug reports. A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or …   Wikipedia

  • Data center — An operation engineer overseeing a Network Operations Control Room of a data center. A data center (or data centre or datacentre or datacenter) is a facility used to house computer systems and associated components, such as telecommunications and …   Wikipedia

  • Paint (software) — Paint A component of Microsoft Windows Paint on Windows 7, outlining the ribbon interface …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”