Gartner estimates the size of the data loss prevention (DLP) market grew to $670 million in 2013. This represents a 25% increase since 2012. With many different data loss protection tools providers available, learning about the top offerings in the field is a good starting point. In this post, we define DLP and describe why data loss prevention tools are essential.
In this post:
- What is data loss prevention
- The importance of DLP
- Types of DLP solutions
- Evaluating data loss prevention tools
- Top data loss prevention tools
What is data loss prevention?
Data loss prevention (DLP) protects the information of an organization using DLP tools to ensure the safety of sensitive data. DLP software prevents data loss and misuse by detecting, monitoring, and blocking potential threats, such as an unauthorized user attempting to breach the IT system of your organization. Data leak incidents involving an unauthorized party gaining access to valuable data can have harmful effects on the reputation and revenue of a company.
The importance of DLP
Many companies invest in the gathering and analysis of data for actionable business insights. As a result, organizations are focusing on preserving their data, and this has led to a growth in the use of DLP tools.
Personal information protection and compliance
Organizations that collect and store personally identifiable information (PII), protected health information (PHI), or payment card information (PCI) generally need to comply with regulations such as HIPAA and GDPR. DLP can classify, isolate, and mark sensitive data. It can also keep track of events and activities related to that data. Organizations can also use DLP to provide the details they need for compliance audits.
Organizations that store intellectual property and trade or state secrets need to prevent this information from being lost or stolen by bad actors. DLP solutions can classify intellectual property in both unstructured and structured forms. When your organization puts DLP policies and controls in place, you can help protect against breaches of this data.
An enterprise DLP solution can provide your organization with visibility into data movement, so you can track your data on networks, on endpoints, and in the cloud. You can thus gain insight into how individual users within your organization use data.
Types of DLP solutions
There are three main DLP tools available that protect against different threats:
- Network DLP—provides sensitive data protection within your organization’s network. Network DLP monitors all network activities like email and file transfer protocol (FTP), flagging and alerting you of any suspicious activity within the network.
- Endpoint DLP—monitors access points capable of reaching your sensitive data, such as laptops, USB disks and external hard drives. An agent installed within the endpoint device prevents data leakage and provides users with visibility into endpoint activity.
- Storage DLP—allows you to view sensitive files stored and shared by individuals who have access to your network, including on-premises and cloud-based networks.
Evaluating data loss prevention tools
Learn what your business needs to protect before you start evaluating DLP solutions. Conduct a business impact analysis (BIA) to determine the risk to its data assets. To do this your organization should create an asset inventory, including information regarding its data assets, who has the authorization to use this data, and the legal requirements related to these assets.
Equipped with this information, an organization can understand the risks it faces, as well as the exposure potential of all its assets. This helps your organization see what needs protection, who the potential bad actors are, and the nature of its data loss expectancy. You can develop a targeted DLP policy that outlines a set of controls, rules, and procedures.
Develop a checklist of attributes
Base this checklist on your BIA. Here are the criteria you can use when evaluating DLP solutions:
- The simplicity of use and installation
- The depth of the report—many DLP solutions provide a simple framework for compliance requirements. If your organization needs to adhere to compliance requirements such as SOX or HIPAA, make sure that the DLP solution you choose has compliance mapping abilities.
- The ability to be flexible when setting policies rules—all DLP solutions come prepared with rule sets. Your organization, however, may require different rules for your data security, so the DLP tool you choose needs to be able to accommodate rule changes and accept alterations to rule settings.
- How many devices do you require?—the fewer devices your organization needs for correlation and log collection, the fewer the manageability problems and false alarms.
- The capacity to integrate—your organization may have an existing point DLP solution, so you need to check whether the new DLP solution can be integrated with your current solution.
- Synchronizing logs and offline use of mobile devices—ensure that the DLP solution you chose can protect mobile devices and laptops, particularly when they are outside the network of your organization.
How to Investigate DLP Alerts in Legacy and Next-Gen SIEM
Top data loss prevention tools
Before implementing a specific DLP tool, you should classify your data and its usage patterns. Experiment with different DLP suites in your environment and see which works best before selecting one for your business.
- Symantec’s data loss prevention set provides a scalable platform with tracking tools. Monitor and track suspicious activities within your organization by covering endpoints, storage, network, and the cloud.
- McAfee’s Total Protection DLP toolset is scalable and customizable. McAfee’s software also has autonomous features, meaning the software can learn how to identify sensitive data within your network.
- Digital Guardian Endpoint DLP is a customizable and scalable solution. It supports Windows, Mac, and Linux endpoints. It also supports on-premises, cloud, or hybrid environments.
- SecureTrust’s DLP tool has over 70 predefined policy and risk settings. It has a configurable dashboard so you can track your information and sensitive data and control your protection settings. The system is autonomous and will block malicious attempts independently.
- Check Point’s Data Loss Prevention includes centralized control of security policy via a single console, UserCheck technology which facilitates real-time user remediation, pre-configured policies, and MultiSpect which combines users, content, and process for accuracy.
DLP solutions can dramatically reduce the risk of data loss from accidental employee behavior and disrupted business process, the cause of the vast majority of data loss incidents. Companies can no longer fall back on traditional perimeter security solutions to protect valuable and sensitive data, they must consider DLP strategies that guard data-at-rest, data-in-use, and data-in-motion.
- Data Loss Prevention — Policies, Best Practices, and Evaluating DLP Software
- Data Loss Prevention Policy Template
- The Massive Data Breach – Reducing “Dwell Time” and the Resulting Damage