What is a DLP system? How do active DLP systems work in 2019?
07.11.2019Back to blog list
Although everyone is aware of risks that their data could be stolen, this is only the beginning of the IT risks companies must safeguard themselves from. It happens at the workplace as well as by mistake if an e-mail is sent to the wrong address containing sensitive information. The purpose of data loss prevention (DLP) is to ensure that employees and end users do not send confidential and sensitive information outside the company’s network. Data loss prevention systems (DLP systems) can be designed to help a company enforce those policies.
How Do DLP systems work?
The customer database containing the information to be used, containing social security numbers, addresses, and phone numbers, is run through a cryptographic hash into the data loss prevention system where that hash is stored. This read-hash-store practice for DLP is referred to as “data fingerprinting”, which provides a great deal of protection to the data. How the DLP system works is that if a name is entered along with an SSN into an email, it is desirable that that information is prevented from leaving. For that reason, the entire message along with the contents of its attachments are read by the DLP system software and quarantined. However, in the case that this message is being sent from a known user to a known business partner, the DLP system may simply encrypt it and send it to its destination. If the address is not a desired destination, the message may get blocked with a message to the user asking him not to send it and wait for the message to be reviewed. DLP systems also offer a plethora of features that keep your data safe, such as monitoring your employees’ device, e-mail, and social network communication in addition to monitoring what comes out of your printer, what’s transferred between devices, which documents are stored in violation of security policies, what data are stored on a cloud, what data is sent or received over FTP, what files and messages are transmitted over HTTP/HTTPS protocols, and more.
DLP System Requirements
What is a DLP system that will work for you? That will depend on the nature of your business, with whom you are interacting, what type of information is being handled, and the DLP system cost. There are debates on whether active DLP systems or passive are ideal in minimizing data loss. The amount of control that a company needs over the endpoint as well as the thoroughness of data inspection versus time, effort, and monetary investment in the inspection process will also determine whether Network DLP and Endpoint DLP is more suitable. Any DLP system of security tools should have a proven global scale and architecture, be able to discover and protect confidential information wherever it is stored, automatically enforce the company’s policy, monitor the use of all data and prevent all confidential data from leaving any network gateway or endpoint, be as precise as possible, ensure a great deal of control over encrypted data, and protect employee privacy. DLP system products should enforce regulatory compliance including according to government standards as well as impose remediation with alerts, encryption, and other protective action to prevent accidental or malicious data sharing that could put the organization at risk. DLP software and tools monitor and control endpoint activities as well as providing reporting to ensure adherence to guidelines and identifying weaknesses.