What is Data Leakage Prevention?
Data Leakage Prevention is the category of solutions which help an organization to apply controls for preventing the unwanted accidental or malicious leakage of sensitive information to unauthorized entities in or outside the organization. Here sensitive information may refer to organization’s internal process documents, strategic business plans, intellectual property, financial statements, security policies, network diagrams, blueprints etc.
Data Loss vs. Data Leakage
Data Loss pertains to actual “loss” of information with no trace present in original site while data leakage pertains to the disclosure of information with originating site left unmodified.
Types of DLP systems:
- Information Leak Detection and Prevention (IDLP)
- Information Leak Prevention (ILP)
- Content Monitoring and Filtering (CMF)
- Information Protection and Control (IPC),
- Extrusion Prevention System (EPS)
Generic Data Leakage Prevention
Deploy Security Mechanisms
To protect against inside and outside attacks we can deploy common security mechanisms, such as firewalls, intrusion detection systems (IDSs), and antivirus software. A better design is to place these security mechanisms at appropriate places in the corporate network so that it becomes increasingly “hard” for the attacker to breach the corporate network. A “design in depth” strategy can be helpful to protect the most valuable and business critical assets of the organization. Within the organization, using thin-client architecture (with no sensitive data stored on client machine) can also reduce the data leakage to a great extent.
Advanced security measures
We can install behavior and pattern based monitoring tools to detect and stop the malicious activities before they happen. Care has to be taken that very less false positive alerts are generated and specific log trails with time-stamps are recorded all the time on the monitoring server. These security mechanisms rely on reasoning algorithm to learn and subsequently detect abnormal data access, suspicious mail exchange etc.
A good practice would be to set them in conjunction with honeypots for detecting malicious intent of the individual by gathering as much information about his activities to rule out any possibility of “false positives”. This with combination of log trails can effectively single out the adversary and can help in formation of a strong case in legal proceedings if needed.
Access control and encryption
Device control, access control, and encryption are the basic means by which sensitive information can be protected from malicious outsider and insider attacks. Good practices must include proper log maintenance on every access attempt, and “strong” encryption done for “business critical” data. Encryption keys must be stored in secure separate places.
These security measures ensure you have a smooth DLP implementation in your organization.
For a more comprehensive discussion on DLP, please visit our detailed article here: “Data Leakage Prevention – Implementation and Challenges” or view PDF version article below
Manasdeep currently serves as a Security Analyst in the Technical Assessment team at Network Intelligence India, Mumbai. His work focuses on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients.
He possesses strong analytical skills and likes to keep himself involved in learning new attack vectors, tools and technologies. He has flair in technical writing and shares his thoughts on his blog “Experiencing Computing…” at http://manasdeeps.blogspot.in.