Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
DATA LOSS PREVENTION ENSURES CRITICAL INFORMATION ARE KEPT SAFELY AT THE CORPORATE NETWORK AND HELPS ADMINISTRATOR CONTROL THE DATA WHAT
END-USERS WISH TO TRANSFER.
DLP (Data Loss Protection) is NOT dead, but needs to be revisited in the context of new methodologies and threats. Here are some practical steps to improve your cybersecurity awareness and response to data loss.
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
DATA LOSS PREVENTION ENSURES CRITICAL INFORMATION ARE KEPT SAFELY AT THE CORPORATE NETWORK AND HELPS ADMINISTRATOR CONTROL THE DATA WHAT
END-USERS WISH TO TRANSFER.
DLP (Data Loss Protection) is NOT dead, but needs to be revisited in the context of new methodologies and threats. Here are some practical steps to improve your cybersecurity awareness and response to data loss.
Symantec Data Loss Prevention 11 simplifies the detection and protection of intellectual property. Symantec’s market-leading data security suite features Vector Machine Learning, which makes it easier to detect hard-to-find intellectual property, and enhancements to Data Insight that streamline remediation, increasing the effectiveness of an organization’s data protection initiatives.
Data Leakage is an important concern for the business organizations in this increasingly networked world these days. Unauthorized disclosure may have serious consequences for an organization in both long term and short term. Risks include losing clients and stakeholder confidence, tarnishing of brand image, landing in unwanted lawsuits, and overall losing goodwill and market share in the industry.
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
DLP is a technology that detects potential data breach incidents in timely manner and prevents them by monitoring data in-use (endpoints), in-motion (network traffic), and at-rest (data storage). It has been driven by regulatory compliances and intellectual property protection. This talk will introduce DLP models that describe the capabilities and scope that a DLP system should cover. A few system categories will be discussed accordingly with high-level system architecture. DLP is an interesting technology in that it provides advanced content inspection techniques. As such, a few content inspection techniques will be proposed and investigated in rigorous terms.
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
Vast amounts of your organization's sensitive data are accessible, stored, and used by authorized employees and partners on a host of devices and servers. Protecting that data where ever it is stored or travels is a top priority.
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems.. which resides in cyber space, there is an increasing number of frauds associated with the technology revolution in the cyberspace.This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.
Symantec Data Loss Prevention. Las tendencias mundiales nos muestran que el mayor porcentaje de perdida y robo de datos responde a la falta de visibilidad y el error en el manejo de los mismos. Conozca como prevenirse.
The presentation explains about Data Security as an industrial concept. It addresses
its concern on Data Loss Prevention in detail, from what it is, its approach, the best practices and
common mistakes people make for the same. The presentation concludes with highlighting
Happiest Minds' expertise in the domain.
Learn more about Happiest Minds Data Security Service Offerings
http://www.happiestminds.com/IT-security-services/data-security-services/
This is Microsoft Azure Information Protection which helps you out to protect your data being accessible to the unauthorized users. This is an overview for the AIP
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Data Loss Prevention - Introduction
- Symantec Data Loss Prevention - Components
- Symantec Data Loss Prevention - Features & Use Cases
- Symantec Data Loss Prevention - System Requirements
- Symantec Data Loss Prevention - Appendix (extra information)
This provides a brief overview of Symantec Data Loss Prevention (DLP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
A 1-day short course developed for visiting guests from Tecsup on network forensics, prepared in a day : ]
The requirements/constraints were 5-7 hours of content and that the target audience had very little forensic or networking knowledge. [For that reason, flow analysis was not included as an exercise, discussion of network monitoring solutions was limited, and the focus was on end-node forensics, not networking devices/appliances themselves]
In this presentation we have covered the topic Data Security from the subject of Information Security. Where Data, Data Security, Security, Security Policy, Tools to secure data, Security Overview (Availability, Integrity, Authenticity, Confidentiality), Some myths and Dimensions of System Security and Security Issues are discussed.
Symantec Data Loss Prevention 11 simplifies the detection and protection of intellectual property. Symantec’s market-leading data security suite features Vector Machine Learning, which makes it easier to detect hard-to-find intellectual property, and enhancements to Data Insight that streamline remediation, increasing the effectiveness of an organization’s data protection initiatives.
Data Leakage is an important concern for the business organizations in this increasingly networked world these days. Unauthorized disclosure may have serious consequences for an organization in both long term and short term. Risks include losing clients and stakeholder confidence, tarnishing of brand image, landing in unwanted lawsuits, and overall losing goodwill and market share in the industry.
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
DLP is a technology that detects potential data breach incidents in timely manner and prevents them by monitoring data in-use (endpoints), in-motion (network traffic), and at-rest (data storage). It has been driven by regulatory compliances and intellectual property protection. This talk will introduce DLP models that describe the capabilities and scope that a DLP system should cover. A few system categories will be discussed accordingly with high-level system architecture. DLP is an interesting technology in that it provides advanced content inspection techniques. As such, a few content inspection techniques will be proposed and investigated in rigorous terms.
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
Vast amounts of your organization's sensitive data are accessible, stored, and used by authorized employees and partners on a host of devices and servers. Protecting that data where ever it is stored or travels is a top priority.
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems.. which resides in cyber space, there is an increasing number of frauds associated with the technology revolution in the cyberspace.This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.
Symantec Data Loss Prevention. Las tendencias mundiales nos muestran que el mayor porcentaje de perdida y robo de datos responde a la falta de visibilidad y el error en el manejo de los mismos. Conozca como prevenirse.
The presentation explains about Data Security as an industrial concept. It addresses
its concern on Data Loss Prevention in detail, from what it is, its approach, the best practices and
common mistakes people make for the same. The presentation concludes with highlighting
Happiest Minds' expertise in the domain.
Learn more about Happiest Minds Data Security Service Offerings
http://www.happiestminds.com/IT-security-services/data-security-services/
This is Microsoft Azure Information Protection which helps you out to protect your data being accessible to the unauthorized users. This is an overview for the AIP
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Data Loss Prevention - Introduction
- Symantec Data Loss Prevention - Components
- Symantec Data Loss Prevention - Features & Use Cases
- Symantec Data Loss Prevention - System Requirements
- Symantec Data Loss Prevention - Appendix (extra information)
This provides a brief overview of Symantec Data Loss Prevention (DLP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
A 1-day short course developed for visiting guests from Tecsup on network forensics, prepared in a day : ]
The requirements/constraints were 5-7 hours of content and that the target audience had very little forensic or networking knowledge. [For that reason, flow analysis was not included as an exercise, discussion of network monitoring solutions was limited, and the focus was on end-node forensics, not networking devices/appliances themselves]
In this presentation we have covered the topic Data Security from the subject of Information Security. Where Data, Data Security, Security, Security Policy, Tools to secure data, Security Overview (Availability, Integrity, Authenticity, Confidentiality), Some myths and Dimensions of System Security and Security Issues are discussed.
Assessing the risk of a data breach is the first step toward preparing your defensive strategy. Learn what factors affect the cost of a data breach and what you can do to mitigate the damage. IT teams can make a significant impact in lowering the cost of security breaches by improving their ability to prevent, detect, and respond. Learn more about information security with CBT Nuggets. http://bit.ly/2a6cNwm
Dealing Data Leaks: Creating Your Data Breach Response Planbenefitexpress
Learn what steps an employer must take after their IT systems are breached. Covers both state and federal rules regarding employer data breach responses.
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
While the current threat landscape is full of sophisticated and well-resourced adversaries, one of the most dangerous is the insider because they already have access to the sensitive data on your network.
According to a report from Forrester Research, nearly half of technology decision makers who experienced a data breach in the year studied reported that an internal incident was the source of their compromise.
Since firewalls and perimeter defenses are largely incapable of addressing insider threats, organizations must turn to internal network monitoring and analytics to identify threats based on their behavior.
Join us for a free webinar on the Five Signs You Have an Insider Threat to learn what to look for to protect your organization from this challenging attack type. The webinar will cover topics including:
- Insider threat prevalence
- Major signs of insider threat activity
- How to detect these signs
- How to identify an insider threat before they impact your organization
ISSA DLP Presentation - Oxford Consulting Groupaengelbert
For many organizations, there is an unsettling reality that they do not have the adequate visibility over critical data assets within their environment. This is one of many factors that are driving companies to consider Data Loss Prevention (DLP) technologies. In this session, we’ll remove the typical fear, uncertainty and doubt spin surrounding this technology and focus on a holistic solution that leverages this technology to enable your business.
Let us understand some of the infrastructural and
security challenges that every organization faces today
before delving into the concept of securing the cloud
data lake platform. Though Data lakes provide scalability,
agility, and cost-effective features, it possesses a unique
infrastructure and security challenges.
This presentation was delivered at the 2nd International Conference on Recent Trends in Information Technology and Computer Science in Mumbai. The paper deals with security issues in Cloud Computing, its mitigation and proposes a secure cloud mechanism with an implementation of the single-sign on mechanism on the Ubuntu Enterprise Cloud
Research Report on Preserving Data Confidentiality & Data Integrity in ...Manish Sahani
ABSTRACT : Currently, cloud-based application is so very famous, but preserving the confidentiality of the user’s data is a huge task to accomplish. Keeping this need in mind, here a solution is proposed which will preserve the data confidentiality & integrity in cloud environment. For providing data confidentiality we will use AES algorithms, by virtue of which the secret data will be converted to cipher text and it becomes very difficult for the user to get the meaningful plain text. Here the basic emphasis is also on the data integrity so that the user’s data can’t be duplicated or copied.Keywords:Data Confidentiality, Data Integrity, AES algorithm
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
How world-class product teams are winning in the AI era by CEO and Founder, P...
DLP Executive Overview
1. THE EXECUTIVE GUIDE TO
DATA LOSS PREVENTION
Technology Overview, Business Justification, and Resource Requirements
2. Introduction to Data Loss Prevention
Intelligent Protection for Digital Assets
Although we’ve long recognized the importance of
our digital assets, in recent years it has become in-
creasingly difficult to effectively protect them. We
can’t simply lock the data away behind walls and
guards — much of its value is directly tied to our
ability to easily and seamlessly use it throughout our
organizations, and any security that interferes with
business process is likely as damaging as the loss it’s
intended to prevent.
In the information age, “loss prevention” is no longer To meet these challenges we have seen the emergence
limited to reducing theft along the supply chain and of a new technology: Data Loss Prevention. DLP is
in retail or office locations. Our most sensitive as- designed to protect information assets with minimal
sets are more likely to be found in databases, email, interference in business processes. It provides new
and files — rather than in boxes, filing cabinets, and insights into how information is used, and enforces
warehouses. From customer lists, payment informa- protective controls to prevent unwanted incidents.
tion, and corporate financials, to product and engi- It’s not perfect, and no technology can completely
neering plans — the lifeblood of any enterprise is eliminate information loss, but in combination with
found as much in electronic bits on networks and appropriate security processes DLP can reduce risk,
laptops as in offices, retail stores, manufacturing improve data management practices, and even lower
plants, and shipments. certain compliance costs.
Defining Data Loss Prevention
(DLP) suites combine an array of technologies to pro- In practice you define what information you want to This definition encapsulates the core components
tect information throughout its lifecycle, with mini- find or protect, then use DLP to automatically locate of a DLP solution: centralized management, iden-
mal impact on business process. They accomplish where it’s stored, where it’s being communicated, tification of defined information, monitoring of us-
this by ‘understanding’ both the content and context and where it’s being moved (e.g., to laptops or USB age, and protection from policy violations. A DLP
of information, matching them against central poli- sticks). You can merely audit and alert if something solution does this in storage, on networks, and on
cies, and enforcing business rules. At the core, DLP violates policy, or implement a variety of protective employee computers, using advanced analysis tech-
uses deep content analysis to peer inside files and actions. niques. While there are tools that just solve parts of
network communications to identify sensitive con- the problem (such as endpoint-only tools) we gener-
tent, rather than relying on manual processes such We define DLP as: ally recommend full suites which include all the ma-
as tagging, watermarking, and hand-classification. jor components, since they provide better protection
In other words, DLP actually recognizes the infor- Products that, based on central poli- and are more cost effective in the long term. We’ll
mation it is looking at (within limits), and matches it cies, identify, monitor, and protect data describe how it all works later in this report, after
to policies set for acceptable use of the content. at rest, in motion, and in use through we outline the business justifications for investing
deep content analysis. in DLP.
Licensed by Websense — www.websense.com Securosis, L.L.C. — www.securosis.com
3. Reasons to Invest in Data Loss Prevention
Example Use Cases for DLP
• A retailer uses DLP to inventory their entire
storage infrastructure and employee laptops
to identify unencrypted credit card numbers
which could be in violation of the Payment
Card Industry (PCI) Data Security Standard.
These reports are first used to remove as much
of the data as possible, and then provided to PCI
auditors to demonstrate compliance. This cut 3
months off their compliance cycle and reduced
PCI audit costs by 20%.
• A financial institution uses a full-suite
DLP deployment to protect customer financial
information. They link the DLP system to their
primary customer database, and then monitor
network communications and generate alerts
if customer records are transmitted without
encryption. They use data-at-rest scanning to
make sure customer records aren’t stored on
employee laptops or on servers except where
explicitly permitted, and block the transfer of
files with customer records to portable storage
Data Loss Prevention is Typically Justified Using Five Drivers: (USB thumb drives). They also allow employees
to use personal email, like Hotmail, but block
outbound messages with customer records. Since
• Risk Reduction: By knowing where your data • Policy Enforcement: Many data management implementation, they’ve seen an 80% reduction
is stored and how it’s being used, you can reduce policies in enterprises are difficult or impossible in data misuse and prevented 2 potential data
your overall exposure to potential loss. to enforce. DLP supports enforcement of accept- breaches.
able use of information, not just security con-
• Cost Savings: DLP may help reduce other trols. • An engineering firm uses DLP to track the
costs associated with data management and se- movement of sensitive engineering plans for new
curity. • Data Security and Threat Management: While products. The plans are normally stored on a central
no security tool stops all threats, DLP reduces the server, so the DLP solution monitors that server
• Compliance Support: DLP helps reduce the risk of certain malicious activity. and identifies any of those documents, or parts of
direct costs associated with some regulatory com- them, being sent outside the organization.
pliance, can ease audits, and reduces the risks of
certain compliance-related incidents.
4. How DLP Works
A Non-Technical Overview Data-In-Motion
Rather than talking about specific technology com- When discussing DLP, we use data-in-motion to offers additional options for protection — such
ponents, we categorize DLP architectures based on describe content moving around our networks, as automatically routing emails with sensitive
where they protect information: data-in-motion for including email, web traffic, instant messaging, and data to a manager for approval before letting
email and other network communications, data-at- other communications. We use three components to them out. To achieve this, we just pass email
rest for stored data, and data-in-use as for interac- monitor and protect data in motion: traffic through a DLP email component.
tions with the data on computers, such as copying
it to USB drives. Behind all this is the central man- • Network Monitor: An appliance or server that • Endpoint Software Agent: All organizations
agement server where we define polices and manage sniffs your network to identify and monitor your have mobile workers who connect to the
incidents. data. Typically these are used in a passive mode, Internet from outside the corporate network,
where they just scan all data passing by, but some such as remote workers at home and sales staff
As we outline the architecture, keep in mind that tools also proxy traffic to directly block policy at wireless-enabled coffee houses. A software
we’re showing you every possible DLP component. violations. Many DLP tools can also work with agent on their computers can monitor and
You won’t always need every piece, and in practice existing web gateways to block unacceptable control their network traffic.
some pieces are commonly combined together. traffic (including some encrypted traffic), such
as someone trying to send a customer list to In practice, the network monitor and email agent are
their personal site. usually combined on the central management server,
but can be split out for distributed organizations and
• Email: Email is a bit different than other network larger businesses. The software agents on laptops
traffic, and the most important channel for protect both data-at-rest and data-in-use, so they
protecting information. The way email works don’t require multiple packages.
Data-At-Rest
One of the most valuable capabilities of a DLP so- Agents are also the best option for monitoring and
lution is its ability to search deep into stored data to protecting files on employee laptops and desktops.
identify sensitive information. Consider the value of 3. Application Integration: Some enterprises use
knowing every location where customer records are document management solutions such as Microsoft
stored, even if someone’s moved them onto a laptop SharePoint and EMC Documentum. DLP solutions
or an unapproved server. We use three components integrate directly with these tools to take advantage
for data-at-rest: of their capabilities.
1. Remote Scanning: The DLP solution connects to Just as we can block network traffic to protect the
the storage repository, just like a user looking for a data, we have enforcement options for data-at-rest.
file. It then scans all files for sensitive data. We can automatically move files to a protected
2. Local Software Agent: Remote scanning uses server to quarantine them, delete them, or some-
network bandwidth, so while it can reach anywhere times even encrypt them.
users can, it isn’t always the most efficient method.
For major repositories, we can install a more effi-
cient software agent to scan information locally and
then send results back to the management server.
5. How DLP Works
Data-In-Use Understanding Content Analysis
As we’ve already discussed, we use software agents Deep content analysis is the distinguishing and • Database Matching: The DLP solution connects
on employee systems to identify, monitor, and pro- most important feature of Data Loss Prevention. to a database, and only looks for content from that
tect data-in-motion and data-at-rest. These same It’s how the DLP solution identifies sensitive database, such as customer records.
agents can also protect data-in-use, such as employ- information, which it then matches against policies
ees trying to move files to portable storage drives, for enforcement. Two steps occur in content analysis • Statistical: A large volume of documents is
using sensitive data in unapproved applications, or — breaking apart files to get to the information, loaded into the system, and the DLP solution
even printing the data to take it home. and then the analysis itself. There are six main uses statistical analysis to identify new content
content analysis techniques in use, although their that resembles the sources. This is much more
Since laptops and desktops aren’t as powerful as availability and effectiveness vary greatly across prone to false positives, but may allow you to
servers, and we use them differently, we can’t al- different products. protect new content automatically, instead of
ways enforce all the same DLP policies on our end- relying on direct matching.
points, and not all endpoint DLP tools provide the • Rules/Expressions: The DLP solution looks
same features. Usually we need to make trade-offs for information that matches a defined pattern, • Conceptual: The system uses predefined
in the kinds of policies we enforce due to content such as the structure of a credit card or Social dictionaries and rules to find content that matches
analysis limitations. Some DLP solutions improve Security Number. an “idea” — such as sexual harassment, job
security and performance by using different policies seeking, or industrial espionage.
if the endpoint is on the corporate network versus • Partial Document Matching: Documents are
remote. submitted to the DLP solution, which then looks • Categories: Pre-defined categories for
for complete or partial matches. For example, common types of sensitive data, such as financial
Central Management partial document matching can identify a single records or health care information. Often kept
paragraph from a protected document pasted up-to-date with current regulatory requirements
The central management server is the brains of the into an email, and is very effective for protecting via subscription.
DLP solution; it’s where we define policies and man- intellectual property.
age workflow, and in many cases it performs some Most DLP solutions allow you to combine different
or most of the monitoring and protection functions. analysis techniques into a single policy.
Since DLP is focused on a business problem (pro-
tecting sensitive information) as opposed to a techni- The Data Loss Prevention Cycle
cal problem (network attacks) it’s important for DLP All these features are tied together in the Data Loss Prevention Cycle:
products to support both non-technical and technical
users. Policy creation shouldn’t demand a degree in
computer science, and incident management should
be an activity a compliance, risk, or even human re- 1. Define: Build a policy that de- 3. Monitor: Track usage of the
sources manager can perform. fines the information to protect, defined information at rest, in
and how to protect it. motion, and in use. Generate
Other key features include robust reporting; inte- 2. Discover: Use the DLP solu- alerts on policy violations.
gration with user directories to tie policies to users tion to find the defined informa- 4. Protect: Quarantine emails,
and groups; hierarchical management for multiple tion throughout the organization. relocate files, block copies to
systems in large environments; and standard perfor- Relocate or remove information portable storage, and other en-
mance, reliability, and management features com- where it shouldn’t be. forcement actions.
mon to most security tools.
6. Pricing Models and Resource Expectations
DLP Pricing Resource Expectations
Data Loss Prevention solution pricing varies by ven- As with pricing, resource requirements vary greatly based on the nature and scale of deployment.
dor, but tends to fall into one of a few models. Most
DLP solutions are priced as per-user annual sub- • Initial Deployment: Network monitoring and • Ongoing Management: A mid-sized organi-
scriptions, with a flat rate for the initial hardware/ remote scanning (for data-at-rest) deploy very zation with a basic deployment typically requires
software tiered based on performance. Many DLP rapidly, typically in a matter of hours for small- only 1-2 FTEs for ongoing system management,
providers offer perpetual licensing for the equivalent er deployments, and no more than a few days policy creation, and incident handling. This is
of a 3-year subscription. Support and maintenance or weeks for larger deployments with multiple often split across a group of employees working
fees are normally calculated at 10-20% of overall monitors, using 1-3 Full Time Equivalent (FTE) part time with the system, with one person han-
contract value per year, depending on the level of employees. Very complex networks with addi- dling system management and policy creation,
support desired. Some vendors split pricing based tional integration requirements require addition- and a group of security, compliance, risk, legal,
on which DLP components are deployed (network, al time. Endpoint agent deployment on employee and/or human resources employees dealing with
endpoint, and discovery) for organizations which systems and servers varies more, depending on incidents. As deployments scale, we typically
wish to phase in their deployments. All vendors of- existing system infrastructure and management. see .25-1 FTE per 10,000 employees, again de-
fer volume discounts. This typically demands no more effort than any pending on the number and nature of policies de-
other piece of software, with little initial config- ployed. Some mid-sized organizations find they
Street pricing varies widely, and the following ex- uration, since tuning occurs later on the central use considerably less than a single FTE.
amples are just rough estimates to give you an idea management server.
of what to expect. For a mid-sized organization of
5,000 employees, pricing for only network monitor- • Initial Configuration: This includes develop-
ing usually costs in the neighborhood of $100,000, ment of initial policies, integration of the system
while a full-suite deployment (with endpoint, dis- with existing infrastructure such as user directo-
covery, multiple systems, and infrastructure inte- ries, and testing and deployment of initial poli-
gration) can grow to $300,000-$500,000. Larger cies. Although basic policies can be deployed in
organizations can expect the customary significant days, expect to spend 3-6 months tuning the
volume discounts. initial set, defining workflow, and building pro-
cesses to manage incidents. Mid-size organiza-
tions typically require a single FTE to manage
the system and develop policies, with additional
part-time FTEs to manage incidents.
Summary
Data Loss Prevention is a powerful tool for pro- and desktops through deep content analysis, which
tecting information assets. DLP identifies sensitive allows you to define what information to protect and
information, monitors its use, and protects it from how to protect it. DLP isn’t perfect, and can’t stop all
abuse. DLP tools accomplish this by monitoring misuse of information or malicious attacks, but is a
your network, scanning your storage infrastructure, powerful tool for reducing compliance costs and the
and tracking data use on endpoints such as laptops risks of information loss and data breaches.