Security

Guide to Data Leak Protection

Data-leak protection tools work to contain sensitive information

By Cara Garretson

Data-leak protection tools aim to monitor, and often block, sensitive information from leaving the corporate network without proper authorization. In doing so, they also give administrators a detailed view into what type of data is leaving the network and how.

The components include server software that matches the data contained in a user-initiated transfer – such as sending an e-mail or instant message, copying a file to removable media, or even printing – with a list of predefined terms that dictate what is considered sensitive. Most tools not only monitor such policy breaches but can also block them or quarantine them.

In addition to the server-side software, which sometimes comes preconfigured on a gateway appliance, many companies also supply client agent software. These agents ensure that at the PC or notebook level the policies regarding sensitive data are enforced. Users don't have to be connected to the network to have these agents be effective, since they operate on their own and update their rule sets once the user reconnects.

DLP tools catch sensitive data in a number of ways. The simpler methods employ a dictionary of preset terms – including Social Security and credit card number formats, as well as regulatory terms related to sensitive data – and then scan user activity for these terms. More complicated systems offer language analytics for determining whether data should be considered sensitive or not. This is often achieved by capturing all the data moving around a company, indexing it and recommending what should be protected. These approaches can be helpful for classifying information that isn't easily identified as sensitive, such as intellectual property that could be contained in an e-mail text or as part of a PowerPoint slide.

Tools generally offer policy-creation capabilities to help establish rules regarding what data can and cannot leave the corporate network. Many offer some sort of log or audit capability, allowing administrators to review user behavior and better understand the conditions surrounding policy violations.

More DLP vendors are integrating their tools with other technologies, such as encryption engines, to automatically trigger the encryption of sensitive information as it leaves the network. They're also partnering with enterprise-rights management vendors, e-mail and Web security providers, and others to integrate knowledge about sensitive information with these products.

Subscribe to the Security Watch Newsletter

Comments