Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


What You Really Need To Know About Data Loss Prevention

A short explanation of what DLP is -- and what it isn't

First in a series of 500-word primers on security for readers with short attention spans -- and the IT people who need to get through to them

The first thing you should know about data loss prevention (DLP) technology is that it doesn't actually prevent data losses. The presence of DLP in your organization will not stop a determined employee from photocopying your customer lists or taking a picture of your secret product plans. However, if you're worried about sensitive data leaving your corporate networks or computer systems, DLP can help.

In a nutshell, DLP is a type of software that is designed to seek out sensitive data -- either traversing the network or sitting idle on your computer systems -- and enforce policies for handling it. If a user attempts to send out sensitive data via email, post it to a Website, or copy it to a USB storage drive, DLP technology can identify that activity and record it.

More important, most DLP applications are also designed to prevent the user from executing tasks that might compromise the data or cause it to leak out to unauthorized sources. The DLP software might turn off the "write" capability that would allow a PC to copy certain data to an external storage device, or it might disallow an email user from sending the data to another user.

In addition, most DLP systems will also notify the appropriate parties about activity surrounding sensitive data. It may inform the user that his attempted actions are illegal, and it may inform management or IT security personnel that the action occurred so that the user can be corrected or smacked upside the head.

Most DLP technology works via "deep content inspection," which means it can read data to identify specific words, terms, or characteristics that indicate sensitivity. For example, most DLP tools can recognize Social Security numbers, phone numbers, or other data formats that might suggest the presence of private information that shouldn't be shared. Even better, DLP tools can be "taught" to recognize words, phrases, and data formats that might indicate the presence of company-specific information, such as customer numbers, manufacturing designs, or even words and phrases that might relate to intellectual property or business plans.

Some DLP products analyze data only while it is in motion -- usually as it travels across the network -- while others focus more on discovering data at rest, sitting on servers or clients. Some can only prevent specific types of transmission, such as email, while others have a broader range of capabilities. However, most experts agree that the most important element of a DLP tool is its ability to do discovery of sensitive data. If it finds too many false positives -- data that is identified as sensitive but isn't -- or false negatives, a DLP tool won't be very effective in preventing data loss.

If your organization hasn't implemented DLP yet, not to worry; you're not behind. Most reports indicate that fewer than half of large enterprises have DLP in place, and some say that figure is not even 25 percent. However, most reports also say that a majority of companies, including some 68 percent of companies in the U.S., plan to have DLP technology implementations in place by the end of 2009.

For more information, read:

  • "Data Loss Prevention: Where Do We Go From Here?
  • "Why Your Organization Needs To Implement DLP."

    Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    When It Comes To Security Tools, More Isn't More
    Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
    US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
    Seth Rosenblatt, Contributing Writer,  1/11/2021
    IoT Vendor Ubiquiti Suffers Data Breach
    Dark Reading Staff 1/11/2021
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    2020: The Year in Security
    Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
    Flash Poll
    Assessing Cybersecurity Risk in Today's Enterprises
    Assessing Cybersecurity Risk in Today's Enterprises
    COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2021-01-17
    Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
    PUBLISHED: 2021-01-15
    An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
    PUBLISHED: 2021-01-15
    Docker Desktop Community before on macOS mishandles certificate checking, leading to local privilege escalation.
    PUBLISHED: 2021-01-15
    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
    PUBLISHED: 2021-01-15
    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...