DLP systems

As of today, the market of DLP systems is one of the fastest growing among all markets of information security tools.

What a DLP is and how it works

Before speaking about the DLP market, it is necessary to clarify what is meant by such solutions. By DLP systems, we usually mean software products that protect companies from leaks of sensitive data. The abbreviation DLP stands for Data Leak Prevention.

Such systems build a digital security perimeter around companies and analyze all outgoing and sometimes incoming information. The control should encompass not only Internet traffic, but also a number of other information flows: documents on external devices outside the protected security circuit, documents that are printed out or sent to mobile devices via Bluetooth, etc.

As DLP systems prevent leaks of confidential information, they must have built-in mechanisms for determining the confidentiality level of the document detected in the captured traffic. As a rule, there are two most common methods: by analyzing the special document markers and by analyzing the content of a document. Currently, the second option is more common as it is resistant to changes made to the document before its sending and allows easily expanding the number of confidential documents that the system can work with.

Side DLP tasks

In addition to the main task of preventing information leaks, DLP systems can also solve a number of other tasks related to the control of employee activities. Most often DLP systems solve the following non-main tasks:

  • Control how employees use working time and resources
  • Control employee communication for identifying "undercover" struggle which can harm companies
  • Control employee actions from the legal point of view (prevent the printing of forged documents, etc.)
  • Detect employees who send out CVs to find new job

Since companies consider a number of these tasks (especially the control over the use of working time) to be of more priority than the protection against data leaks, there exist a number of programs developed specifically for this purpose. In some cases, they can protect companies from leaks too. Unlike the full-fledged DLP systems, these programs do not feature advanced tools for analyzing captured data. This must be done by an IS expert manually which is suitable only for small companies (up to ten supervised employees).

Classification of DLP systems

According to a number of characteristics, all DLP systems can be divided into several main classes. Regarding the capability to block information identified as confidential, there are systems with active and passive control of user actions.

Active systems can block transferred information. On the contrary, passive DLP systems do not have this feature. The former systems tackle random data leaks much better, but they can accidentally suspend business processes. The latter are safe for business operation, but they are only suitable for preventing systematic leaks.

Another classification of DLP systems is based on their network architecture. Gateway DLP systems work on intermediate servers, while host systems use agents that work directly on the employee workstations. Today, the most common option is using shared gateway and host components.

Global DLP market

Currently, the main players on the DLP world market are the companies that are widely known for their other information security products. These are Symantec, MacAfee, TrendMicro, WebSense. The total volume of the global DLP market is estimated at $400 million which is low compared to the antivirus solutions market. Nevertheless, the DLP market demonstrates rapid growth: in 2009, it was estimated at just over 200 million.

Prospects and trends

Experts say the main trend is the transition from "patched" systems, consisting of the components from different manufacturers and solving separate tasks, to single integrated software suites. The reason is obvious: complex integrated systems relieve information security professionals from the need to solve the compatibility problems of various components of the "patched" system. Such systems also enable IS experts to conveniently change the settings on a large number of client workstations and streamline the transfer of data from one component of a single integrated system to another. Developers are also moving to integrated systems due to the specifics of information security tasks. If you leave at least one leakage channel uncontrolled, you cannot talk about corporate security.

Another important trend in the InfoSec sphere is the gradual transition to a modular structure. It means that a customer can independently choose the needed components (for example, if the external devices support is disabled at the operating system level, the customer doesn’t need to overpay for their control). The industry specificity will also play a significant role in the development of DLP systems. For example, we can expect the release of special versions developed specifically for banking sphere, state institutions, etc., which meet the requests of organizations.