Data Loss Prevention (DLP)
Data Loss Prevention (DLP) is an approach that seeks to improve information security and protect business information from data breaches. It prevents end-users from moving key information outside the network. DLP also enable a network administrator to monitor data accessed and shared by end users.
Once the envelope is opened and the content processed, there are multiple content analysis techniques that can be used to trigger policy violations, including:
Engine analyzing content for specific rules such as 16-digit credit card numbers, 9-digit U.S. social security numbers, etc. This technique is an excellent first-pass filter since the rules can be configured and processed quickly, although they can be prone to high false-positive rates without checksum validation to identify valid patterns.
Also known as Exact Data Matching, this mechanism looks at exact matches from a database dump or live database. Although database dumps or live database connections affect performance, this is an option for structured data from databases.
File contents are not analyzed; however, the hashes of files are matched against exact fingerprints. This provides low false positives, but this approach does not work for files with multiple similar but not identical versions.
Looks for a complete or partial match on specific files such as multiple versions of a form that have been filled out by different users.
Using a combination of dictionaries, rules, etc., these policies can alert on completely unstructured ideas that defy simple categorization. It needs to be customized for the DLP solution provided.
Uses machine learning or other statistical methods such as Bayesian analysis to trigger policy violations in secure content. Requires a large volume of data to scan from (the larger the better) or is else prone to false positives and negatives.
Pre-built categories with rules and dictionaries for common types of sensitive data, such as credit card numbers/PCI protection, HIPAA, etc.
When evaluating DLP solutions, pay close attention to the types of patterns detected by each solution against a real corpus of sensitive data to confirm the accuracy of its content engine.
© All rights reserved to Teach Stations Company.