This article can also be found in the Premium Editorial Download "Information Security magazine: Does security make the grade in Windows Server 2008?."
Download it now to read this article plus other related content.
The DLP market started with passive network monitoring tools focused on detecting information leakage over communications channels such as email, IM, FTP and HTTP. These simple monitoring and alerting tools evolved into more comprehensive solutions, adding email integration and gateway/proxy integration for Web, FTP and IM. This allows organizations to block traffic before the data escapes, rather than just being alerted when it's already gone. (See "Network Monitoring Tips," below).
Other channels, such as Web, FTP and IM, are more difficult to block since that traffic uses synchronous protocols. By integrating with proxies, a session analysis can be performed to reconstruct and evaluate content before it's released. Few DLP tools provide proxies and instead partner with major gateway/proxy vendors, or use the Internet Content Adaptation Protocol (ICAP). When integrated with a tool that proxies SSL traffic, you gain the ability to sniff encrypted traffic.
DLP for data at rest is often equally if not more valuable than network monitoring. This is called content discovery; these tools scan enterprise repositories and file shares for sensitive content. Imagine knowing the identity of every server storing credit card information, and being alerted to unapproved ones.
Content discovery falls into three categories: network scanning, local agents and application integration. With network scanning, the DLP tool connects to file shares for analysis, which provides wide coverage but limited performance. A local agent may be available on major platforms to scan directly on the server rather than across the network, which is more effective for large repositories but requires more management. Some tools integrate directly with document management systems and other repositories to leverage native features.
This was first published in February 2008