Installation and maintenance of a single centralized management console are key considerations for successful data loss prevention (DLP) management and deployment. Many products today leverage a Web-based console, which tends to be simpler to access and maintain. All rules should be easily created and managed within this console, and all alerts should be easily represented and accessible here, as well. Rules should be able to be categorized...
based on data types, users, criticality and sensitivity of data, or system location. Any DLP system should support role-based access for administrators, management, auditors and other users. Integration with Active Directory and other Lightweight Directory Access Protocol user repositories should be considered a standard feature, and many DLP products now offer integration with two-factor authentication products and services. Any quarantined data or forensics traces, as well as incident workflow capabilities, should be easily accessed and configurable within the console interface.
Most, if not all, DLP products available today support multiple "canned" compliance-focused reports out of the box. These should include PCI-DSS, HIPAA, Sarbanes-Oxley and any state-specific data privacy and protection laws. For many larger and international organizations, European Privacy Directives, BASEL II and III, and other reports will be valuable, too. In addition to the default compliance reports, many organizations will want to clone and modify these or create custom templates for internal policy reporting and aggregate reports. For many, the ease of creation and modification for customized reports should be a key feature when evaluating DLP management.
The variety of data loss prevention products today is steadily increasing. Some larger vendors offer product suites that encompass network and host-based DLP, while other DLP products are specifically focused on email or Web traffic. More are integrating newer capabilities such as encryption and forensic analysis features, and more organizations today are relying on enterprise DLP products as centralized incident detection and reporting consoles that may also integrate with existing event analysis and reporting tools.
Learn more on choosing DLP products in our guide.
About the author
Dave Shackleford is founder and principal consultant with Voodoo Security; a SANS analyst, instructor and course author; as well as a GIAC technical director. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. He is a VMware vExpert, has extensive experience designing and configuring secure virtualized infrastructures, and is the lead author of SANS Virtualization Security Fundamentals course. He has previously worked as chief security officer for Configuresoft; chief technology officer for the Center for Internet Security; and as a security architect, analyst and manager for several Fortune 500 companies. Additionally, Dave is the co-author of Hands-On Information Security from Course Technology.