Data loss prevention software

From Wikipedia, the free encyclopedia
(Redirected from Data Leak Prevention)
Jump to navigation Jump to search

Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring,[1] detecting and blocking sensitive data while in use (endpoint actions), in motion (network traffic), and at rest (data storage).[2]

The terms "data loss" and "data leak" are related and are often used interchangeably.[3] Data loss incidents turn into data leak incidents when media containing sensitive information are lost and then acquired by an unauthorized party. However, a data leak is possible without losing the data on the originating side. Other terms associated with data leakage prevention include information leak detection and prevention (ILDP), information leak prevention (ILP), content monitoring and filtering (CMF), information protection and control (IPC) and extrusion prevention system (EPS), as opposed to an intrusion prevention system.

Categories

[edit | edit source]

The technological means employed for dealing with data leakage incidents can be divided into categories: standard security measures, advanced/intelligent security measures, access control and encryption, and designated DLP systems, although only the latter category is typically referred to as DLP today.[4] Most DLP systems rely on predefined rules to identify and categorize sensitive information.

Standard measures

[edit | edit source]

Standard security measures such as firewalls, intrusion detection systems (IDSs), and antivirus software are widely used to guard against both outsider and insider attacks.[5] Intrusion detection systems identify unauthorized use, misuse, and abuse of computer systems by monitoring for behavior patterns that differ from legitimate users.[6]

Advanced measures

[edit | edit source]

Advanced security measures employ machine learning, behavioral analytics, honeypots, temporal reasoning, and activity-based verification to detect abnormal or unauthorized data access patterns. Machine learning algorithms enable systems to automatically improve through experience, identifying patterns in large datasets to enhance detection capabilities.[7]

Designated DLP systems

[edit | edit source]

Designated systems detect and prevent unauthorized attempts to copy, transmit, or publish sensitive data. These systems use mechanisms such as exact data matching, structured data fingerprinting, statistical methods, rule-based detection, and contextual analysis.[8]

Types

[edit | edit source]

Network

[edit | edit source]

Network (data in motion) systems operate at egress points and analyze traffic for sensitive information being transmitted in violation of policy.[3] Next-generation firewalls and intrusion detection systems often support DLP-like capabilities.[9][10]

Endpoint

[edit | edit source]

Endpoint (data in use) systems monitor user actions on desktops, servers, and devices, enabling controls such as blocking copying, printing, screen capture, or unauthorized email transmission.[11]

Cloud

[edit | edit source]

Cloud DLP monitors data within cloud services and applies controls to enforce access and usage policies.[12] Cloud computing provides on-demand network access to shared computing resources, enabling scalable and flexible data protection strategies.[13]

Data identification

[edit | edit source]

Data identification techniques classify information as structured or unstructured.[14] Roughly 80% of enterprise data is unstructured.[15]

Recent industry guidance describes data classification and policy alignment as foundational elements of effective DLP programs.[16] Vendors also emphasize the role of integrated DLP, analytics, and automation in modern data protection strategies.[17]

Data loss protection

[edit | edit source]

Data distributors may intentionally or unintentionally share data with third parties, after which it is later found in unauthorized locations. DLP investigations attempt to determine the source.

Data at rest

[edit | edit source]

"Data at rest" refers to stored data. DLP techniques include access controls, encryption, and data retention policies.[3] Data encryption transforms readable information into an unreadable format to protect confidentiality, ensuring only authorized parties with the proper decryption key can access the original data.[18]

Data in use

[edit | edit source]

"Data in use" refers to data currently being accessed. DLP systems may monitor and flag unauthorized manipulation or transfer of such data.[3]

Data in motion

[edit | edit source]

"Data in motion" refers to data traveling across internal or external networks. DLP systems monitor and control this flow.[3]

See also

[edit | edit source]

References

[edit | edit source]
  1. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  2. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  3. ^ a b c d e Asaf Shabtai, Yuval Elovici, Lior Rokach, A Survey of Data Leakage Detection and Prevention Solutions, Springer-Verlag, 2012.
  4. ^ Phua, C., Protecting organisations from personal data breaches, Computer Fraud and Security, 1:13–18, 2009.
  5. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  6. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  7. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  8. ^ Ouellet, E., Magic Quadrant for Content-Aware Data Loss Prevention, Gartner, 2012.
  9. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  10. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  11. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  12. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  13. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  14. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  15. ^ Brian E. Burke, "Information Protection and Control survey," IDC, 2008.
  16. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  17. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  18. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
Retrieved from "http://70.231.62.181/index.php?title=Data_loss_prevention_software&oldid=7811722"