Data loss prevention products

Data loss prevention products

Data Loss Prevention (DLP) is a computer security term referring to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders. It is also referred to by various vendors as Data Leak Prevention, Information Leak Detection and Prevention (ILDP), Information Leak Prevention (ILP), Content Monitoring and Filtering (CMF) or Extrusion Prevention System by analogy to Intrusion-prevention system.

Background

Organizations process information that can be often classified as sensitive, either from a business or legal point of view. In addition to risk of intrusion and gaining access to sensitive information by unauthorized persons, there's also risk of intentional or spontaneous transmission of the information to the outside of organization.

; Regulatory compliance: Many large companies now fall under oversight of government of commercial regulations that mandate controls over information, including HIPAA in health and benefits, GLBA and BASEL II in finance, and Payment Card Industry DSS standards. Some of these regulations stipulate a regular information technology audit, or commonly known as IT audit, which organizations can fail if they lack suitable IT security controls and due-care (processes) standards. Companies with enterprise resource planning erp software (e.g., SAP and Oracle Corporation find compliance especially challenging (see erm or enterprise risk management. Others mandate significant penalties in the event of a breach.; New costs arising from breaches: Loss of large volumes of protected information has become a regular headline event, forcing companies to re-issue cards, notify customers, and mitigate loss of goodwill from negative publicity.

Government and industry regulations are arguably the biggest influencers. Besides HIPAA, GLBA, and Sarbanes-Oxley, more than 25 states have passed data privacy or breach notification laws that require organizations to notify consumers when their information may have been exposed. One high-profile example is California SB 1386. The state of Tennessee has also passed the "Credit Security Act of 2007," which will result in a Class B misdemeanor for any use of a person's SSN in "direct mailings" or over the Internet.

Types of DLP systems

Network DLP

Also referred to as gateway-based systems. These are usually dedicated hardware/software platforms, typically installed on the organization's internet network connection, that analyze network traffic to search for unauthorized information transmissions. They have the advantage that they are simple to install, and provide a relatively low cost of ownership. Because decoding network traffic at high speed is extremely complex and difficult (transmitted objects are broken into small parts, often encoded, and then mixed with other traffic), Network based systems typically integrate with or include technologies to discover information 'at rest' while it is stored in file systems and databases. Discovering sensitive data at rest is far simpler and less time critical, thereby allowing greater levels of accuracy. Taking 'signatures' of data identified at rest, and then looking for such signatures as data passes over the network boundary, is a technique favored by virtually all Network system vendors to improve accuracy, and to identify sensitive data that would otherwise be missed. [ [http://secude.com/htm/823/en/White_Paper%3A_Secure_Single_Sign-on_for_SAP.htm Digital Signature Using SAP NetWeaver] ]

Host-based DLP systems

Such systems run on end-user workstations or servers in the organization. Like network-based systems, host-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users (eg 'Chinese walls'). They can also control email and Instant Messaging communications before they are stored in the corporate archive, such that a blocked communication (ie one which was never sent, and therefore not subject to retention rules) will not be identifed in a subsequent legal discovery situation.

Host systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities) and in some cases can access information before it has been encrypted. Some host based systems can also provide application controls to block attempted transmissions of confidential information, and provide immediate feedback to the user. They have the disadvantage that they need to be installed on every workstation in the network, cannot be used on mobile devices, or where they cannot be practically installed (for example on a workstation in an internet café).

Some intrusion prevention systems utilize "pattern matching" rules, while others utilize "exact copies" of sensitive data and/or text in order to determine when a potential breach is occurring.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Arc Flash Loss Prevention — AFLP Arc Flash Loss Prevention is a six step program designed to help businesses and organizations comply with Occupational Safety and Health Administration (OSHA) and National Fire Protection Association (NFPA) requirements for protecting… …   Wikipedia

  • Data center — An operation engineer overseeing a Network Operations Control Room of a data center. A data center (or data centre or datacentre or datacenter) is a facility used to house computer systems and associated components, such as telecommunications and …   Wikipedia

  • Data Protection Act 1998 — The Data Protection Act 1998 is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although… …   Wikipedia

  • Consumer Data Industry Association — The Consumer Data Industry Association is the trade association for the various consumer reporting companies in the USA. It represents around 200 consumer data companies that provide fraud prevention and risk management products, credit and… …   Wikipedia

  • Computer security — This article is about computer security through design and engineering. For computer security exploits and defenses, see computer insecurity. Computer security Secure operating systems Security architecture Security by design Secure coding …   Wikipedia

  • Proofpoint, Inc. — History = Infobox Company name = Proofpoint, Inc. type = Private genre = foundation = 2002 founder = location city = Sunnyvale, California location country = United States location = locations = area served = key people = Chairman: Eric Hahn CEO …   Wikipedia

  • Spyware — is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically,… …   Wikipedia

  • Check Point — For other uses, see Checkpoint (disambiguation). Check Point Software Technologies Ltd. Type Public NASDAQ 100 component Traded as NASDAQ:  …   Wikipedia

  • Symantec — Corporation Type Public (NASDAQ: SYMC) Industry Computer software …   Wikipedia

  • McAfee — This article is about the computer security company McAfee, Inc.. For other uses, see McAfee (disambiguation). McAfee, Inc. Type Wholly owned subsidiary Industry Computer software Computer securit …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”