Data Loss Prevention (DLP) is a computer security term referring to systems that enable organizations to reduce the corporate risk of the unintentional disclosure (or data loss) of confidential information.
How Does Data Loss Happen?
Data loss happens when security is compromised and corporate sensitive data is accessed. Technically, this can be termed as the unauthorized, intentional or unintentional exfiltration of confidential information from a secure network. Other terms for this include unintentional information disclosure, data leak, and also data spill.
We can classify secure data into 3 main categories:
- Data in Motion (DiM)– Any data that is moving through the network to the outside via the Internet
- Data at Rest (DaR)– Data that resides in files systems, databases and other storage methods
- Data at the Endpoint/Data in Use (DiU)– Data at the endpoints of the network (e .g . data on USB devices, external drives, MP3 players, laptops, and other highly-mobile devices)
Loss or leakage of any of this data can be termed as data loss. This can happen due to illegal cyber-crime practices such as hacking, malware induction, physical attacks, and even including employee privilege misuse.
Data Loss Prevention (DLP)
Organizations are fighting hard to protect data from breach and leakage at all stages, whether it be in motion, at rest, or in use. Fortunately, DLP has evolved to address data protection at each one of these stages.
- Network DLP (for DiM): At this stage a DLP tool that’s installed at network egress points analyzes network traffic to detect sensitive data that is being sent in violation of information security policies.
- File-Level DLP (for DaR): At this stage DLP software identifies the sensitive files and then embeds the information security policy within the file, so that it travels with it whether the whole file or only part of it is sent, copied or downloaded.
- Endpoint DLP (for DiU): At this stage a DLP system runs on end-user workstations or servers in the organization, and is used prevent unauthorized access to the data stored on hard drives, USBs and external mass storage devices.
IT Security Survey: 2013
In an IT security survey conducted by SolarWinds earlier in 2013, we found that data loss was the major priority for IT security teams. More details on the survey can be found below.
SIEM the Seer
Security Information & Event Management (SIEM) systems are a good solution to detect, block and prevent data loss from happening in your network. SIEM tools capture log data from different disparate sources across the IT infrastructure and correlate them for meaningful insight and data loss intelligence.
SolarWinds Log & Event Manager (LEM) is a full-function SIEM solution that automates real-time preventive mechanism to counter data loss, and also alerts on suspicious network and user behavior patterns.
With LEM, you can:
- Detect and disable unauthorized USB device connections on endpoints and prevent data loss
- Be alerted on unauthorized system log on attempts and unscheduled reboots of servers, as these may be symptoms of malware attacks
- Shut down and even disconnect infected computers from the network and avoid bot attacks
SolarWinds is going to BSides:
Don’t forget to visit SolarWinds at BSides Las Vegas 2013: July 31st to August 1st! We will have a table in the main chill-out space. See you there!