Data loss prevention software

Data loss prevention software Detects potential data Breaches / data ex-filtration transmissions and Prevents Them by monitoring, Detecting and sensitive blocking data while in-use (endpoint shares), in-motion (network traffic), and at-rest (data storage) . In data leakage incidents, sensitive data is disclosed to unauthorized parts by either malicious intent or an inadvertent mistake. Sensitive data includes private or company information, intellectual property (IP), or patient financial information, credit-card data and other information.

The terms “data loss” and “data leak” are interchangeably. [1] [1] Data loss incidents in which the information is lost and subsequently acquired by an unauthorized party. However, a data leak is possible without losing the data on the originating side. (IPP), information protection and control (IPC), information leak prevention (ILP), information leak prevention and prevention (ILP), as opposed to Intrusion prevention system .

tegories

The technological means clustering employed for dealing with data leakage incidents can be divided into categories: standard security Measures, advanced / smart security Measures, access control and encryption and DLP systems designated. [2]

Standard measures

Standard security measures, such as firewalls, intrusion detection systems (IDSs) and antivirus software , are commonly available products that guard computers against outsiders and insider attacks. The use of a firewall, for example, prevents the access to the internal network and an intrusion detection system intrusion attempts by outsiders. Inside attacks can be averted through antivirus scans that detect Trojan horses that send confidential information, and by the use of thin clients that operate in a client-server .

Advanced measures

Advanced security Measures employee machine learning and temporal reasoning algorithms for Detecting abnormal access to data (eg, databases or information retrieval systems) or abnormal email exchange, honeypots for Detecting authorized staff with malicious intentions and activity-based verification (eg, recognition of keystroke dynamics ) And user activity monitoring for detecting abnormal data access.

Designated systems

Designated systems to detect and prevent unauthorized attempts to copy or send sensitive data, intentionally or unintentionally. In order to classify certain information as sensitive, these use mechanisms, such as exact data matching, structured data fingerprinting , statistical methods, rule and regular expression matching, published lexicons, conceptual definitions and keywords. [3]

Types

Network

Network (data in motion) technology is typically installed at network egress points near the perimeter. It analyzes network traffic to detect sensitive data that is being sent in violation of information security policies. Multiple security control points can be analyzed by a central management server. [1]

Endpoint

Endpoint (data in use) systems run on internal end-user workstations or servers. Like network-based systems. It can be used to control information flows between groups or types of users (eg ‘ Chinese walls ‘). They can also control email and Instant Messaging communications before they reach the corporate archive, such that a blocked communication (ie, one that is never felt, and therefore not subject to retention rules) will not be identified in a subsequent legal discovery situation. Endpoint systems have the advantage that they can monitor and control access to physical devices and in some cases can access information before it is encrypted. Some endpoint-based systems provide application controls to block attempted transmissions of confidential information and provide immediate feedback. They can not be used on mobile devices (eg, cell phones and PDAs) or where they can not be practically installed (for example on a workstation in an internet cafe ).

Data identification

DLP includes techniques for identifying confidential information. Sometimes confused with discovery, data identification is a process by which organizations use a DLP technology to determine what to look for.

Data is classified as structured or unstructured. Structured data resides in fixed fields within a file such as a spreadsheet, while unstructured data refers to free-form documents or PDF as files. [4] An estimated 80% of all data is unstructured and 20% structured. [5] The results of this study are summarized in the following table. [6]

Methods for describing sensitive content are abundant. They can be divided into precise and imprecise methods. Precise methods involve content and trigger almost zero false positive incidents. All other methods are as follows: keywords, lexicons, regular expressions, extended regular expressions, meta data tags, bayesian analysis and statistical analysis

The strength of the analysis is directly related to its accuracy. The accuracy of DLP identification is important to lowering / avoiding false positive and negative . Accuracy can depend on many variables, some of which may be situational or technological. Testing for accuracy is recommended to ensure virtually zero false positive / negative. High false positive rates due to DLD not DLP.

Data leak detection

Sometimes a data distributor gives sensitive data to one or more third parties. Some time later, some of the data is found in an unauthorized place (eg, on the web or on a laptop). The distributor must then investigate the source of the leak. [7]

Data at-rest

“Data at rest” specifically refers to old archived information. This information is of great interest to businesses and government institutions. [8] Protecting such data from data encryption and data retention policies. [1]

Data in-use

“Data in use” refers to data that the user is currently interacting with. DLP systems that protect data in-use monitor and flag unauthorized activities. [1] These activities include screen capture, copy / paste, print and fax operations. It can be intentional or unintentional attempts to transmit sensitive data over communication channels. [9]

Data in-motion

“Data in motion” is data that is crossing through a network to an endpoint destination. Networks can be internal or external. DLP systems that protect data in-motion. [1]

See also

  • List of backup software
  • Metadata removal tool

References

  1. ^ Jump up to:a b c d e Asaf Shabtai Yuval Elovici, Lior Rokach, A Survey of Data Leakage Detection and Prevention Solutions , Springer-Verlag New York Incorporated, 2012
  2. Jump up^ Phua, C.,Protecting organizations from personal data breaches, Computer Fraud and Security, 1: 13-18, 2009
  3. Jump up^ Ouellet, E., Magic Quadrant for Content-Aware Data Loss Prevention, Technical Report, RA4 06242010, Gartner RAS Core Research, 2012
  4. Jump up^ “unstructured data Definition from PC Magazine Encyclopedia” .
  5. Jump up^ Brian E. Burke, “Information Protection and Control Survey: Data Loss Prevention and Encryption Trends,” IDC, May 2008
  6. Jump up^ “Understanding and Selecting a Data Loss Prevention Solution” (PDF) . Securosis, LLC . Retrieved January 13, 2017 .
  7. Jump up^ Panagiotis Papadimitriou, Hector Garcia-Molina (January 2011), Data Leakage Detection (PDF) , IEEE Transactions on Knowledge and Data Engineering , 23 (1): 51-63, doi : 10.1109 / TKDE.2010.100
  8. Jump up^ Costante, E., Vavilis, S., Etalle, S., Petkovic, M., & Zannone, N.Database Anomalous Activities: Detection and Quantification.SECRYPT 2013
  9. Jump up^ Gugelmann, D .; Studerus, P .; Lenders, V .; Ager, B. (2015-07-01). “Can Content-Based Data Loss Prevention Solutions Prevent Data Leakage in Web Traffic?” . IEEE Security Privacy . 13 (4): 52-59. ISSN  1540-7993 . Doi : 10.1109 / MSP.2015.88 .

Leave a Comment

Your email address will not be published. Required fields are marked *