Data Loss Prevention Systems

In the past, the data loss or data leakage was a big concern for big or medium companies but nowadays when we are witnessing an exponential growth of commercial espionage and the fight for “the market” become so intense between competitors, the data loss prevention is of utmost importance for absolutely all the companies, bigger or smaller. A  data leakage from within the company has direct and indirect consequences, direct as  data usage by your competitors and indirect as loss of the credibility with your customers. Nobody wants their personal data as addresses, phone numbers, Social Security number or credit card details being compromised by a company with neglectful employees or with an unsafe work environment. Once the confidential data as customers credit cards details stored or manipulated by a company  are compromised, that company can be audited for compliance with Payment Card Industry Data Standard (PCI DSS) and the implementation of this standard it’s rather expensive for a small or medium budget company. In fact, the new regulations request from all the organizations that manipulate payment cards data or identity informations to implement technical controls in order to avoid data loss (data leakage).

There are many ways how he confidential data can be lost or undesirable shared with a third party for example :

  • a frustrated employee or a greedy one can transfer the data on a little USB thumb and further sell it to the competitors;
  • a neglectful employee can send involuntary sensitive data to a wrong email address;
  • a laptop or an USB thumb drive  can be stolen;
  • an unexperienced server administrator can store unsafe the data – there were cases when Google was accepted to crawl confidential data from a server;
  • an inadequate network protection can lead to hacking or better said stealing of data from within using hacking methods or malware trojans;

The examples can continue because there is countless ways how a data leak can occur. On the other hand, there is not a 100% bulletproof system for  data loss preventing, but approaching the problem in the right way, the risks of a leakage will be  considerable minimized.

One of the first rules you must comply in order to prevent a data loss, is a common sense one : hold your sensitive data in a clearly outlined environment where you have a better control. In a small and well-defined environment, it is much easier to monitor, control and log all the actions on data. Remember your partners even trusted, are out of your control so never share data with them more than what is absolutely necessary.

A better practice than dealing directly with sensitive data (identities informations, credit card details, social security numbers) is to implement your own IDs system. In this way, only a few allowed employees will have  access to the real data. The fewer, the better. And because we talk about employees, they must be well trained to work with secret data, they must understand their responsibility and act in consequence; they must be educated to recognize what is a trade secret and what can lead to a trade secret exposure. Not the last, their own account details for a private company network is a trade secret, so using strong passwords and keeping them private is a must.

To define what is a trade secret or confidential information, a network content inventory is required and the data must be evaluated. That’s how a Data Loss Prevention program start and based on this analysis the policies can be implemented.

The data, including confidential data can exist in three stages : “stored”, “in movement” and “in use”.

The stored data can be secured by restricting access to it and encrypting it.

For any mobile storage device containing sensitive informations, laptops, USB sticks or other, encryption is compulsory. There is some good open source encryption programs :

- It encrypts an entire partition or storage device such as USB flash drive or hard drive or drive where Windows is installed in real-time, on-the-fly;

-Can hide a volume or an entire operating system;

-Supports: Windows 7/Vista/XP, Mac OS X, and Linux

-It works on PCs and PDAs and is based on powerful encryption algorithms as AES, Twofish and Serpent, 256 and 448 bits.

-No need to install, very easy to use, can run without problems on USB thumbs.

-It can create one or more hidden “virtual disks” on your PC/PDA.

-On-the-fly encryption.

Monitoring network traffic, IM messages, emails and is another Data Loss Prevention characteristic for data in movement and data in use. Port blocking tools and Firewalls (software and hardware) must be taken in calculation. There is also mechanisms used for network traffic encryption as IPSec or SSL (Secure Socket Layer) adding another layer of protection. However the most used as secured connections are the Virtual Private Networks, VPNs shortly and the Tunnel connections.

In conclusion, a Data Loss Prevention System(Data Leak Prevention, Content Monitoring and Filtering,  Information Protection and Control are synonyms) is a set of modules capable to monitor, filter and protect the sensitive data, based on a central policy. It also must provide an incident handling management.

Let’s count some Data Loss Prevention products :

This protection works across networks, through applications, and via removable storage devices.

-Restriction of data transfer
Monitor and control the transfer of sensitive information to removable storage devices, via email and IM, and through other communication channels—even when data is disguised.
-Centralized and simplified security management
Streamline management of your entire security risk management portfolio, including McAfee Host Data Loss Prevention, via the centralized McAfee ePolicy Orchestrator 4.5 console.
-Data inventory
Scan endpoints and discover what data resides on them. Use this information to mitigate risk, build an understanding of how your data is used, or simply compile and inventory data for use in cases such as legal discovery.

-RSA DLP Datacenter;

-RSA DLP Network;

-RSA DLP Endpoint;

The RSA Data Loss Prevention (DLP) Suite enables organizations to discover and classify their sensitive data, educate end users and ensure data is handled appropriately, and report on risk reduction and progress towards policy goals.

-Discover where confidential data is stored.
-Monitor how confidential data is being used.
-Protect Protect and prevent confidential data loss.
-Manage Manage and enforce unified data security policies.

OpenDLP is a free and open source, agent-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows domain credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems from a centralized web application.

Websense Data Security Suite includes the four integrated modules, managed under a single policy framework. Websense Data Security Suite offers visibility and control over network and endpoint data loss as well as comprehensive data discovery across organizations’ storage systems.

The modules included are :

-Websense Data Monitor;
-Websense Data Protect;
-Websense Data Endpoint;
-Websense Data Discover;

Analyze content while leveraging identity to discover, protect and control your sensitive data across the entire enterprise. By improving data loss prevention, you can avoid costly and embarrassing events while securing your customer’s trust. Achieve all of this while meeting the many regulatory and corporate security mandates defined by the security, legal, compliance and risk organizations within your firm.

CA DLP is designed to dynamically monitor a range of data activities while providing a range of response actions to help the organization achieve the proper mix of business continuity and risk remediation. It provides a configurable level of control to critical areas throughout the enterprise — at the endpoint, on the network, on the message server and for stored data. CA DLP helps organizations realize quick time-to-value by leveraging a single set of policies, a unified platform and a rapid implementation service program.

Trend Micro DLP for Endpoint helps you comply with industry regulations by securing employee and customer data. It also offers highly accurate DataDNA™ fingerprinting technology to secure unstructured data and intellectual property.

Trend Micro DLP for Network monitors your network 24×7 to identify and document data loss across a variety of threat vectors.

Check Point revolutionizes DLP by combining technology and processes to move businesses from passive detection to active Data Loss Prevention. Innovative MultiSpect™ data classification combines user, content and process information to make accurate decisions, while new UserCheck™ technology empowers users to remediate incidents in real time. Check Point’s self-educating network-based DLP solution frees IT/security personnel from incident handling and educates users on proper data handling policies – protecting sensitive corporate information from both intentional and unintentional loss.

Sophos takes a unique and simple approach to data loss prevention by integrating the scanning for sensitive information into the anti-virus engine on both the endpoint and email appliances. This makes it easier for you to configure, deploy and manage, as well as removing the need for separate DLP solutions to be deployed on both the endpoints and mail gateway.

Verdasys Digital Guardian is a comprehensive and proven Enterprise Information Protection platform. Digital Guardian serves as the cornerstone for policy driven, data-centric security by enabling organizations to solve the information risk challenges that exist in today’s highly collaborative and mobile business environment in an effective, flexible and economical fashion.

The Blue Coat Data Loss Prevention appliance enables organizations to begin detecting and blocking potential data leaks quickly and accurately. Achieve industry and regulatory compliance and risk mitigation objectives after a short deployment cycle, and maintain comprehensive security policies with minimal management overhead. And leverage powerful discovery capabilities to identify sensitive information scattered throughout the network even before it can be accessed in error.

It combines advanced tools of encryption software and privacy software in a single product and provides other tools for data loss prevention. With Safetica solution of data protection you will not have to worry that a data loss will threaten your privacy or business.

Safetica will easily secure your hard drives. Providing data protection, activity monitor and data loss prevention on notebooks and portable media goes without saying. Safetica privacy software tools will prevent theft of your identity.

Cisco IronPort Data Loss Prevention for email and web are high-performance, comprehensive security solutions for data in motion. These solutions provide content, context, and destination knowledge. This empowers enterprises to control who can send what information, where, and how – preventing accidental or malicious data loss. Cisco IronPort Data Loss Prevention also offers advanced risk management and data security. Integrated views across email and web provide centralized DLP visibility. Simple policies help enable a quick setup, while advanced scanning and extended protection provides more feasible intelligence and security.

With so many Data Loss Prevention systems vendors you must think twice what system you will adopt for your business and make a deep analysis of what each system offer and what it is lacking.

Posted in Tools & Reviews. Tagged with , , , .

One Response

Leave a Reply