
	Home > Security Tips > Risk Management Strategies > Data loss prevention (DLP) tools: The new way to prevent identity theft?

Security Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

RISK MANAGEMENT STRATEGIES

Data loss prevention (DLP) tools: The new way to prevent identity theft?

Peter Giannoulis
02.27.2008
Rating: -4.12- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

Data theft incidents dominated the information security scene in 2006 and only increased in 2007. If the trend continues, 2008 should prove to be the worst year yet.

While organizations looking to thwart data theft have spent thousands, if not millions, of dollars implementing the best perimeter security technologies, these efforts have seemingly had little effect; massive breaches of confidential information continue unabated, despite dire consequences for enterprises and their customers. This has driven security professionals toward new tools that can lessen their chances of becoming the next top news story.

Over the past couple of years, vendors like McAfee Inc., Trend Micro Inc. and Symantec Corp. have been among the many information security vendors aggressively pitching a product set that promises to help. This product category, called data loss prevention, or DLP, is drawing so much attention that some antimalware and antispam vendors have even modified their primary focus in order to enter the DLP market. For example, Clearswift Ltd.'s primary focus a few years back was antispam tools. Although the content security vendor's product line continues to include antispam technology, Clearswift now focuses on creating better network-based data prevention products.

Let's look at the key differentiating features of DLP technology as vendors strive to help customers guard data in a way that past security products have not.

Implementing a DLP product into a large corporate network is by no means a walk in the park. Most large organizations have hundreds of servers with thousands of directories and files stored on them. Having

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information (all fields required):

First Name:
Last Name:
Country:
Email Address:

I would like to receive a FREE subscription to Information Security magazine online.
YesNo

Do you manage, evaluate, recommend, implement, support or purchase security products, software or services?
YesNo

Please estimate the yearly security budget for your entire organization including all security products and services.

What is your role in purchasing IT related products and services? (Check all that apply)
Technical decision maker
Financial decision maker
Recommend/Specify
Evaluate products
Implement Products/Services
Determine Needs
Create Security Strategy
None

By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

To read more you must become a member of SearchSecurity.com

As an existing member of the TechTarget network please provide your password to activate your account (Forgot your password?):

Password:

By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

to sort through that much information and decide on what is to be tagged can be a daunting task for any organization. However, tagged data will differ between organizations. The process is simply not a cookie-cutter implementation. For instance, some organizations will choose to tag company financials, trade secrets, etc., while others may not. For a successful DLP implementation, meetings with personnel from all levels of management need to be conducted so that data is properly classified. Such teamwork will ensure that the data tagging strategy is appropriate for the business as a whole.

Key features that should be tested in a DLP evaluation include the ability to block and monitor by system, as well as by user. It is also important to consider the use of host-based and network-based DLP products to ensure that data is protected by systems that are not running a DLP agent.

DLP technology will become the new firewall of the security industry. After all, it's implemented at the next logical layer; where the data is stored. However, before taking the plunge and purchasing DLP technology, it's always best to evaluate a number of vendor products to ensure that the technical ability of the product is not clouded by a fancy marketing campaign.

About the author
Peter Giannoulis, GSEC, GCIH, GCIA, GCFA, GCFW, GREM, GSNA, CISSP, is an information security consultant in Toronto, Ontario. He currently maintains www.theacademy.ca, which provides organizations streaming video on how to configure and troubleshoot many of today's top security products. He also serves as a technical director for the GIAC family of certifications.

Rate this Tip

To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.

BROWSE BY TAG
Risk Management Strategies, Enterprise Data Protection, Enterprise Data Governance, Security Audit, Compliance and Standards, Data Privacy and Protection, Data Loss Prevention, VIEW ALL TAGS

Digg This! StumbleUpon Del.icio.us

RELATED CONTENT

Risk Management Strategies

Cloud computing security: Choosing a VPN type to connect to the cloud

Cloud computing security: Routing and DNS security threats

Cloud computing security model overview: Network infrastructure issues

How to align an information security framework to your business model

When to use open source security tools over commercial products

Vulnerability test methods for application security assessments

Security book chapter: Applied Security Visualization

The 100-day plan: Achieving success as a new security manager

Recovering stolen laptops one step at a time

How to get information security buy-in from the executive team

Enterprise Data Governance

Risk management must include physical-logical security convergence

Simple information security mistakes can cause data loss, says expert

Organizations struggle with data leakage prevention, rights management

Encryption in data management should never be ignored, expert says

Attackers cash in on fundamental data handling mistakes, Verizon finds

Data loss prevention benefits in the real world

Mass., Nev. data protection laws wrong, ineffective

Cybersecurity hearing highlights inadequacy of PCI DSS

Enforcing a vendor risk assessment to avoid outsourcing security risks

How to Secure Cloud Computing

Data Privacy and Protection

How to write a risk methodology that blends business, security needs

PCI compliance requirement 3: Protect data

Mass. Senate seeks to amend, weaken data breach notification law

Bruce Schneier and Marcus Ranum Face-Off: Should We Have an Expectation of Online Privacy?

Kodak CISO on virtualization, compliance

Federal efforts to secure cyberinfrastrucure

Attackers cash in on fundamental data handling mistakes, Verizon finds

RSA panel to discuss surveillance, privacy concerns

Mass. officials explain new data protection regulations

HIPAA changes force healthcare to improve data flow

Data Privacy and Protection Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

cut-and-paste attack (SearchSecurity.com)

data splitting (SearchSecurity.com)

deperimeterization (SearchSecurity.com)

Google hacking (SearchSecurity.com)

masquerade (SearchSecurity.com)

snooping (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy