Installation and maintenance of a single centralized management console are key considerations for successful data loss prevention (DLP) management and deployment.
More on data loss prevention products
Understanding the ins and outs of data loss prevention
Four DLP best practices that lead to success
Most, if not all, DLP products available today support multiple "canned" compliance-focused reports out of the box. These should include PCI-DSS, HIPAA, Sarbanes-Oxley and any state-specific data privacy and protection laws. For many larger and international organizations, European Privacy Directives, BASEL II and III, and other reports will be valuable, too. In addition to the default compliance reports, many organizations will want to clone and modify these or create custom templates for internal policy reporting and aggregate reports. For many, the ease of creation and modification for customized reports should be a key feature when evaluating DLP management.
The variety of data loss prevention products today is steadily increasing. Some larger vendors offer product suites that encompass network and host-based DLP, while other DLP products are specifically focused on email or Web traffic. More are integrating newer capabilities such as encryption and forensic analysis features, and more organizations today are relying on enterprise DLP products as centralized incident detection and reporting consoles that may also integrate with existing event analysis and reporting tools.
Learn more on choosing DLP products in our guide.
About the author
Dave Shackleford is founder and principal consultant with Voodoo Security; a SANS analyst, instructor and course author; as well as a GIAC technical director. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. He is a VMware vExpert, has extensive experience designing and configuring secure virtualized infrastructures, and is the lead author of SANS Virtualization Security Fundamentals course. He has previously worked as chief security officer for Configuresoft; chief technology officer for the Center for Internet Security; and as a security architect, analyst and manager for several Fortune 500 companies. Additionally, Dave is the co-author of Hands-On Information Security from Course Technology.
This was first published in April 2013