Data leakage can be simply defined as the accidental or intentional exposure of sensitive information. To counter this ever-present threat, data loss prevention (DLP) products have become a critical technology to many enterprises. Even though many purchases are driven by regulatory compliance or the desire to avoid negative ramifications associated with a data breach, DLP tools offer undeniable value in helping enterprises develop a deeper understanding of their data.
Organizations typically purchase DLP technology to address three major challenge areas, each with its focus and product options:
- Data in motion. It's a fact of life: Sensitive data traverses every enterprise network. Network-aware data loss prevention tools can "sniff" traffic and are primarily used for detection and prevention.
- Data at rest. Sensitive data can be stored in various file types and databases. Host-based DLP protections address this data, ranging from encryption to localized detection and prevention agents.
- Data in use. For data to provide value, it must be accessible to applications and users. This data may require both host-based and network-based data loss prevention capabilities to properly monitor and protect it.
This guide offers enterprises a primer for choosing a DLP security product, detailing the key capabilities to look for in winning DLP products.
Table of contents:
Effective DLP products start with identifying and monitoring data through the data discovery process. In part one of this series, learn different options for data discovery and steps to take once data has been identified.
Creating policies when evaluating data loss prevention tools will define what data to evaluate, how monitoring should occur, and what enforcement and alerting actions to take. In part two of this series, learn how to define DLP monitoring policies.
When evaluating data loss prevention tools for your organization, it is important to determine alerting and preventive action needs for potential violations and blocking. In part three of this series, explore how best to identify alerting and preventive actions.
Encryption and DLP integration is happening more often and can be used to strengthen security policies for sensitive data, as well as for blocking and enforcement actions. In part four of this series, learn the importance of encryption integration to security, as well as elements to consider.
When it comes to DLP management, installation and maintenance of a single centralized management console to house all rules and alerts are crucial to ensuring security and organization. In the last part of this series, explore options for DLP management.
About the author
Dave Shackleford is founder and principal consultant with Voodoo Security; a SANS analyst, instructor and course author; as well as a GIAC technical director. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. He is a VMware vExpert and has extensive experience designing and configuring secure virtualized infrastructures, and is the lead author of the SANS Virtualization Security Fundamentals course. He has previously worked as chief security officer for Configuresoft; chief technology officer for the Center for Internet Security; and security architect, analyst and manager for several Fortune 500 companies. Additionally, Dave is the co-author of Hands-On Information Security from Course Technology.