Wikipedia

Data loss prevention software

(Redirected from Data loss prevention)

Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring,[1] detecting and blocking sensitive data while in use (endpoint actions), in motion (network traffic), and at rest (data storage).[2]

The terms "data loss" and "data leak" are related and are often used interchangeably.[3] Data loss incidents turn into data leak incidents when media containing sensitive information are lost and then acquired by an unauthorized party. However, a data leak is possible without losing the data on the originating side. Other terms associated with data leakage prevention include information leak detection and prevention (ILDP), information leak prevention (ILP), content monitoring and filtering (CMF), information protection and control (IPC) and extrusion prevention system (EPS), as opposed to an intrusion prevention system.

Categories

edit

The technological means employed for dealing with data leakage incidents can be divided into categories: standard security measures, advanced/intelligent security measures, access control and encryption, and designated DLP systems, although only the latter category is typically referred to as DLP today.[4] Most DLP systems rely on predefined rules to identify and categorize sensitive information.

Standard measures

edit

Standard security measures such as firewalls, intrusion detection systems (IDSs), and antivirus software are widely used to guard against both outsider and insider attacks.[5] Intrusion detection systems identify unauthorized use, misuse, and abuse of computer systems by monitoring for behavior patterns that differ from legitimate users.[6]

Advanced measures

edit

Advanced security measures employ machine learning, behavioral analytics, honeypots, temporal reasoning, and activity-based verification to detect abnormal or unauthorized data access patterns. Machine learning algorithms enable systems to automatically improve through experience, identifying patterns in large datasets to enhance detection capabilities.[7]

Designated DLP systems

edit

Designated systems detect and prevent unauthorized attempts to copy, transmit, or publish sensitive data. These systems use mechanisms such as exact data matching, structured data fingerprinting, statistical methods, rule-based detection, and contextual analysis.[8]

Types

edit

Network

edit

Network (data in motion) systems operate at egress points and analyze traffic for sensitive information being transmitted in violation of policy.[3] Next-generation firewalls and intrusion detection systems often support DLP-like capabilities.[9][10]

Endpoint

edit

Endpoint (data in use) systems monitor user actions on desktops, servers, and devices, enabling controls such as blocking copying, printing, screen capture, or unauthorized email transmission.[11]

Cloud

edit

Cloud DLP monitors data within cloud services and applies controls to enforce access and usage policies.[12] Cloud computing provides on-demand network access to shared computing resources, enabling scalable and flexible data protection strategies.[13]

Data identification

edit

Data identification techniques classify information as structured or unstructured.[14] Roughly 80% of enterprise data is unstructured.[15]

Recent industry guidance describes data classification and policy alignment as foundational elements of effective DLP programs.[16] Vendors also emphasize the role of integrated DLP, analytics, and automation in modern data protection strategies.[17]

Data loss protection

edit

Data distributors may intentionally or unintentionally share data with third parties, after which it is later found in unauthorized locations. DLP investigations attempt to determine the source.

Data at rest

edit

"Data at rest" refers to stored data. DLP techniques include access controls, encryption, and data retention policies.[3] Data encryption transforms readable information into an unreadable format to protect confidentiality, ensuring only authorized parties with the proper decryption key can access the original data.[18]

Data in use

edit

"Data in use" refers to data currently being accessed. DLP systems may monitor and flag unauthorized manipulation or transfer of such data.[3]

Data in motion

edit

"Data in motion" refers to data traveling across internal or external networks. DLP systems monitor and control this flow.[3]

See also

edit

References

edit
  1. ^ Hayes, Read (2007), "Data Analysis", Retail Security and Loss Prevention, Palgrave Macmillan UK, pp. 137–143, doi:10.1057/9780230598546_9, ISBN 978-1-349-28260-9
  2. ^ "What is Data Loss Prevention (DLP)? A Definition of Data Loss Prevention". Digital Guardian. 2020-10-01. Retrieved 2020-12-05.
  3. ^ a b c d e Asaf Shabtai, Yuval Elovici, Lior Rokach, A Survey of Data Leakage Detection and Prevention Solutions, Springer-Verlag, 2012.
  4. ^ Phua, C., Protecting organisations from personal data breaches, Computer Fraud and Security, 1:13–18, 2009.
  5. ^ BlogPoster (2021-05-13). "Standard vs Advanced Data Loss Prevention (DLP) Measures: What's the Difference". Logix Consulting Managed IT Support Services Seattle. Retrieved 2022-08-28.
  6. ^ Mukherjee, B.; Heberlein, L.T.; Levitt, K.N. (1994). "Network intrusion detection". IEEE Network. 8 (3): 26–41. doi:10.1109/65.283931.
  7. ^ Sammut, Claude; Webb, Geoffrey I. (2010). Encyclopedia of Machine Learning. Springer. doi:10.1007/978-0-387-30164-8. ISBN 978-0-387-30164-8.
  8. ^ Ouellet, E., Magic Quadrant for Content-Aware Data Loss Prevention, Gartner, 2012.
  9. ^ "What Is a Next-Generation Firewall (NGFW)?". Cisco. 2022-01-02. Retrieved 2023-01-02.
  10. ^ "What is Data Loss Prevention (DLP)? [Beginners Guide]". CrowdStrike. 2022-09-27. Retrieved 2023-01-02.
  11. ^ "Group Test: DLP" (PDF). SC Magazine. March 2020. Retrieved 2021-09-07.
  12. ^ Pasquier, Thomas; Bacon, Jean; Singh, Jatinder; Eyers, David (2016-06-06). "Data-Centric Access Control for Cloud Computing". Proceedings of the 21st ACM Symposium on Access Control Models and Technologies. pp. 81–88. doi:10.1145/2914642.2914662.
  13. ^ Murugesan, San; Bojanova, Irena (2016). "Cloud Computing". Encyclopedia of Cloud Computing. Wiley-IEEE Press. ISBN 978-1-118-82197-8.
  14. ^ "PC Mag – Unstructured Data". Computer Language Co. 2024. Retrieved 2024-01-14.
  15. ^ Brian E. Burke, "Information Protection and Control survey," IDC, 2008.
  16. ^ "Market Guide for Data Loss Prevention". Gartner. 2023. Retrieved 2025-02-01.
  17. ^ "What Is Data Loss Prevention?". IBM. Retrieved 2025-02-01.
  18. ^ Li, Ninghui (2009). "Data Encryption". In Liu, Ling; Özsu, M. Tamer (eds.). Encyclopedia of Database Systems. Springer. doi:10.1007/978-0-387-39940-9_98. ISBN 978-0-387-39940-9.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Data_loss_prevention_software&oldid=1327554351"