August 27, 2010, 7:11 PM — Data loss prevention (DLP) is an emerging field with a lot of different products and players. The idea is to stop information from leaving your internal networks in close to real time, so you can identify the leaker or thief before too much damage (and ensuring lawsuits) happen.
A recent study by DLP vendor Proofpoint found that more than third of the respondents had an incident in the last year, and a quarter of them had investigated leaked information as a result of a blog post.
There are more than a dozen different DLP vendors. We show you three typical products, how they work, and what kinds of information they track.
- Global Velocity's GV-2010 security appliance,
- BlueCoat Networks DLP appliance, and
- Sendmail's Sentrion email server.
Each is designed for somewhat different situations, which is why we have collected them together. Before you dive into these products, you might want to address the following questions:
- Who will own the DLP process in your organization: Will it be the general IT staff, the infrastructure management group, the desktop security group, or some other combination? Depending on this ownership might compel a particular collection of DLP products.
- Where does DLP presently touch your existing IT security infrastructure? Most firewalls and email servers have some DLP capabilities; the tricky part is being consistent across your enterprise and getting a specialized DLP product that can complement and in some cases work with these legacy devices.
- Are you looking at total DLP protection, for endpoints, data in motion and file server data? No single product can handle all of these situations; so how each vendor partners and integrates with others for complete coverage is critical.
- Do you want something to decrypt emails and https traffic? Not all products can see inside these protocols without some additional work.
All three products have the ability to scan for particular character strings (like a Social Security or credit card pattern) and also upload sensitive documents into their protective scanning engines to ensure that this specific unstructured information is also protected. Another typical situation is where a rogue employee will send a customer database list to their personal Gmail or Yahoo mail account, and then downloads or forwards this information once they get home. Each product has a variety of reports to show you incidents flagged by the protective policies and what information was leaked.