Data Loss Prevention (DLP) is a computer security term referring to systems that enable organizations to reduce the corporate risk of the unintentional disclosure (or data loss) of confidential information.
How Does Data Loss Happen?
Data loss happens when security is compromised and corporate sensitive data is accessed. Technically, this can be termed as the unauthorized, intentional or unintentional exfiltration of confidential information from a secure network. Other terms for this include unintentional information disclosure, data leak, and also data spill.
We can classify secure data into 3 main categories:
Data in Motion (DiM) – Any data that is moving through the network to the outside via the Internet
Data at Rest (DaR) – Data that resides in files systems, databases and other storage methods
Data at the Endpoint/Data in Use (DiU) – Data at the endpoints of the network (e .g . data on USB devices, external drives, MP3 players, laptops, and other highly-mobile devices)
Loss or leakage of any of this data can be termed as data loss. This can happen due to illegal cyber-crime practices such as hacking, malware induction, physical attacks, and even including employee privilege misuse.
Data Loss Prevention (DLP)
Organizations are fighting hard to protect data from breach and leakage at all stages, whether it be in motion, at rest, or in use. Fortunately, DLP has evolved to address data protection at each one of these stages.
Network DLP (for DiM): At this stage a DLP tool that’s installed at network egress points analyzes network traffic to detect sensitive data that is being sent in violation of information security policies.
File-Level DLP (for DaR): At this stage DLP software identifies the sensitive files and then embeds the information security policy within the file, so that it travels with it whether the whole file or only part of it is sent, copied or downloaded.
Endpoint DLP (for DiU): At this stage a DLP system runs on end-user workstations or servers in the organization, and is used prevent unauthorized access to the data stored on hard drives, USBs and external mass storage devices.
IT Security Survey: 2013
In an IT security survey conducted by SolarWinds earlier in 2013, we found that data loss was the major priority for IT security teams. More details on the survey can be found below.
Security Information & Event Management (SIEM) systems are a good solution to detect, block and prevent data loss from happening in your network. SIEM tools capture log data from different disparate sources across the IT infrastructure and correlate them for meaningful insight and data loss intelligence.
SolarWinds Log & Event Manager (LEM) is a full-function SIEM solution that automates real-time preventive mechanism to counter data loss, and also alerts on suspicious network and user behavior patterns.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.