The downside of this method is that it requires creating a data dump or accessing live databases, which can affect performance. Exact file matching — creates a hash of the entire file, and looks for files that match this hash. This technique is very accurate, but cannot be used for files with multiple versions.
Partial document match — can identify files where part of the content is a match, for example, the same form filled out by different users. Statistical analysis — can use machine learning algorithms for Bayesian analysis to identify content that violates a policy, or which contains sensitive data. These techniques become more effective the more labelled data you can feed to the algorithm for training.
DLP use cases DLP solutions can be helpful in a variety of use cases, including: Ensuring compliance for personal information — if your organization needs to comply with regulations like GDPR or HIPAA, DlP can help identify and classify sensitive information, add required security controls, and help you set up monitoring and reporting to protect the data.
Data leakage prevention on user endpoints — DLP solutions can protect data stored on mobile devices and laptops, which are at high risk because they connect to unsecured networks, and may be lost or stolen. DLP can identify suspicious events on a device and alert security teams that there is a risk of data loss.
It can also provide visibility into who is using the data and what actions they are performing. Prevent data exfiltration — sophisticated attackers carry out targeted cyber attacks, usually with the aim of stealing sensitive data.
In the event of a breach, DLP solutions can prevent data exfiltration, by identifying a suspicious data transfer, blocking it, and alerting security teams. Central management of sensitive data — DLP solutions provide central control over all sensitive data assets, making it possible to set policies, grant or revoke access, and generate compliance reports. DLP policies can help comply with these new regulations.
There are more places to protect your data — businesses today use tools that are difficult to monitor, such as supply chain networks and cloud storage. This makes data protection more difficult. Knowing exactly which data crosses organizational boundaries is critical to preventing misuse.
Data exfiltration is a growing risk — sensitive data is an attractive target for attackers. The number of attempted and successful breaches at organizations of all sizes is rapidly growing. Insider threats — data loss is increasingly caused by malicious insiders, compromised privileged accounts or accidental data sharing.
Stolen data is worth more — the dark web allows adversaries to buy and sell stolen information. Data theft is a profitable business. More data to steal — the scope and definition of sensitive data has grown over time. Sensitive data now covers intangible assets, for example business methodologies and pricing models. Security talent shortage — many businesses are finding it difficult to fill security-related roles.
This makes automated tools like DLP more attractive. Building your data loss prevention policy Individuals in organizations are privy to company information and can share this information, which can lead to accidental or intentional data loss.
Intellectual property and intangible assets An organization may have trade secrets, other strategic proprietary information, or intangible assets such as customer lists, business strategies, and so on. Data visibility Implementing a DLP policy can provide insight into how stakeholders use data. Tips for creating a successful DLP policy Classifying and interpreting data — Identify which information needs to be protected, by evaluating risk factors and how vulnerable it is.
Invest in classifying and interpreting data, because this is the basis for implementing a suitable data protection policy.
Allocate roles — clearly define the role of each individual involved in the data loss prevention strategy. Begin by securing the most sensitive data — start by selecting a specific kind of information to protect, which represents the biggest risk to the business. Manual DLP processes are inherently limited in their scope and the amount of data they can cover.
Use anomaly detection — some modern DLP tools use machine learning and behavioral analytics, instead of simple statistical analysis and correlation rules, to identify abnormal user behavior. Each user and group of users is modeled with a behavioral baseline, allowing accurate detection of data actions that might represent malicious intent. Involve leaders in the organization — management is key to making DLP work, because policies are worthless if they cannot be enforced at the organizational level.
Educate stakeholders — putting a DLP policy in place is not enough. Invest in making stakeholders and users of data aware of the policy, its significance and what they need to do to safeguard organizational data. It also provides clarity, both at the individual and organizational level, as to what is required and how the policy is enforced. Data Security. Bruce Lynch. Data Security Industry Perspective. Pamela Weaver. Research Labs. Elad Erez. Research Labs Ofir Shaty.
Application Security Application Delivery Data Security. The proliferation of business communications has given many more people access to corporate data. Some of these users can be negligent or malicious. The result: a multitude of insider threats that can expose confidential data with a single click. Many government and industry regulations have made DLP a requirement. Learn more.
One class of DLP technologies secures data in use, defined as data that is being actively processed by an application or an endpoint. These safeguards usually involve authenticating users and controlling their access to resources. When confidential data is in transit across a network, DLP technologies are needed to make sure it is not routed outside the organization or to insecure storage areas. Encryption plays a large role in this step.
Compliance regulations: Standards to protect data change as the cybersecurity landscape changes, and a DLP solution is adopted to help bring data protection to standards. Additional endpoints: Data in the cloud and on user devices adds risk to the environment, but a DLP solution will monitor the potentially thousands of endpoints across the cloud and internally to ensure data is protected.
Before deploying your DLP solution, here are a few tips to consider: Define business requirements: Before deploying a solution, you should define the business requirements behind the deployment strategy. The business requirements will help start a plan that will create a smoother deployment process. Define security requirements: Compliance and other cybersecurity standards will also define the way DLP solutions are deployed.
Use these standards to determine the ways data should be monitored and protected. DLP solutions protect data at-rest and in-transit, so this planning step will discover endpoints and data storage points. Determine responsibilities: Every IT staff member must be involved in deployments so that they understand changes and can support customer questions.
It also helps with remediation of bugs. Communicate with documentation: Document changes to the environment and any procedures that should be followed.
Documentation avoids mistakes when staff do not know what changes were made to the environment and the way DLP works to monitor data. DLP Tools and Technology Before choosing a DLP provider, you need to find one that has the tools and technology necessary for efficient tracking, detection, and remediation. To find the right vendor, ask the following questions: Does the vendor support the operating systems installed on your systems?
Do they have the deployment options necessary for reduced downtime? Does the provider defend against internal and external threats? Is classification of data done by the provider or do users classify documents? Is your data mainly structured or unstructured? Do you need protection for data at-rest and in-transit? What compliance regulations does the vendor support? What technologies must the DLP solution integrate with? What is your timeline for DLP deployment? Will you need to hire additional staff to support the DLP integration?
The Proofpoint in-place DLP solution, Content Control, helps organizations: Easily locate sensitive data, wherever it resides in the enterprise. The simplified discovery process enables IS and IT teams to be aware of issues without dealing with a complex DLP solution or using a lock-it-all-down approach.
Quarantine, move or delete any violations to avoid being adversely affected by wrong material. Evaluate the metadata and the full text within a file. This enables IT security departments to identify credit cards, personal identification, license numbers, medical information and more.
0コメント