Static Data Leak Prevention
Introducing a fundamentally new and
complementary DLP Methodology
By Andreas Wiegenstein, Virtual Forge
Data Leaks are a common risk to organizations, especially with regards to
industrial espionage. In the past, companies addressed data leaks by implementing
so called content-aware Data Loss/Data Leak Prevention (DLP) software. Such
software analyzes data moving through an IT landscape and reports unauthorized
transfer of this data, i.e. transfers beyond the company’s network borders. The key
purpose of this methodology is to prevent incidents where critical data is actually
leaving the company without permission.
The paper points out weaknesses in existing DLP methodologies which are
primarily related to unreliable identification of critical business data.
It also introduces a fundamentally new and complementary DLP methodology:
Static Data Leak Prevention. This methodology analyzes source code for practices
that result in data leaks once the source code is compiled and executed. A key
advantage is that critical business data can be precisely identified with this
approach. That way risks can be avoided before an application goes live, which is a
highly effective approach: If critical data is protected against disclosure to
unauthorized employees in the first place, it’s less likely that critical data can be
leaked outside the company’s network borders.
Request the WhitePaper at www.virtualforge.com