Last week I discussed Data Loss Prevention as a solution in search of a problem.
This week I’ll reduce the level of flip and review more detail deliverables of DLP solutions and some DLP vendors.
Data leakage prevention technology tackles both data at rest residing within a network and specifically on disk storage and of course when data is in motion during telecommunications sessions.
Vendors of these technologies vary in what elements of the problem they wish to tackle. Some try to solve all possible problems.
So let’s start with data at rest. Typically a vendor will create a crawler program to comb through files looking for data that matches filters. The client identifies which files are in scope and often have input to the filter configurations.
Filters can be set to look for specific data content such as SIN numbers and credit card numbers. They can be tuned to look for breaches in corporate policy, such as identifying profanities, client names within certain types of files, or image files (which may contain hidden malicious code or pornography).
Some tools are designed to identify data content threats within databases, such as sensitive data residing in areas that are in too low of a security classification. While some technology is designed to simply alert on DLP vulnerabilities within data at rest, others are more pro-active and can block transfer of data deemed sensitive and can similarly lock offending files.
Data in Motion
Monitoring and blocking of sensitive data can take on all forms. Some products log sensitive data moving both in and out of an organization. Others identify, classify by security level and can pro-actively block by client determined policy including whether or not the data is sufficiently encrypted.
Some tools have a fairly narrow scope of telecom vectors they monitor while others can encompass email, instant messaging, file transfer protocols, exporting to external storage, movement to network endpoints such as Wi-Fi, Bluetooth, and firewire and so on.
Similarly you can choose technology to monitor a wide variety of internal communication vectors such as to internal printers, screen captures, burning to USB and hard drive devices, moving data to removable storage devices.
The world of risk signatures for data on the move has grown from anti-virus and anti-spam to include cloud computing threat signatures.
To Connect or to Not Connect
This article would be incomplete without mentioning a class of inspection software that has been around for years which validates any workstation requesting connectivity to a corporate network. It examines compliance with a corporate defined security standard.
Example criteria include an appropriate version of anti-virus running, the status of patch updates, the identification any applications that violates policy, and identifying other communications channels that may be active while the device is connected to the corporate network.
Data Leak Prevention Vendors
Vendors are easily found using keywords such as “data leak prevention”, “data loss prevention” and “data loss prevention companies.” A search on “DLP” leads you into the world of projectors.
Below are a few of the mainstream vendors, some of whose products I’ve found to be most useful.
- WebSense Data Loss Prevention
- Sophos Data Loss Prevention
- RSA Data Loss Prevention Suite
- Safend Data Protection
- Symantec Data Loss Prevention
- Barracuda web filter
- MacAfee Network DLP Manager
Have a secure week.
Ron Lepofsky CISSP, CISM, BA.SC (Mechanical eng) www.ere-security.ca