The Data Loss Prevention (DLP) technology, as its name would suggest, is geared toward forestalling data leaks. While the essence and purposes of such systems seem self-evident, they have assumed extra conceptual undertones over the years. Besides thwarting deliberate or unintended leaks, modern DLP tools allow organizations to dodge a series of additional security roadblocks.
Any present-day DLP system falls under one of the following categories:
- Classic DLPs that deliver a full range of features to identify and prevent the illicit transfer and analysis of an organization’s proprietary information.
- Solutions with limited functionality that monitor data movements but don’t foil leaks automatically.
- Comprehensive protection systems that come with a DLP component.
The objectives of these different tools overlap partially but aren’t the same. To give you the bigger picture, let’s first cover the stages of DLP evolution.
Driving forces for DLP emergence and advancements
This market niche debuted to fill the void in organizations’ data protection practices in light of increasingly rigid legal regulations. The compliance challenge escalated when lawmakers became highly concerned with data leaks in the enterprise ecosystem and proposed legislation as well as industry standards to safeguard customers’ sensitive information. At that point, providers of cybersecurity services introduced DLP in response to these initiatives.
The second milestone fits the context of securing companies’ trade secrets in addition to the financial details and personally identifiable information (PII) of their clients. This paradigm shift made DLP vendors incorporate extra features for better control over the movements of proprietary commercial data.
The onset of DLP systems that inhibited a wide spectrum of internal threats was another turning point. While averting data leaks as before, these tools facilitate the analysis of security events and help identify incidents. The feature stacks of such systems are typically enhanced by incident management platforms, security operations center (SOC) functions, and other defensive solutions. This form of DLP emerged recently and has yet to mature, with very few security providers offering such extensive real-time data analysis services so far.
As is the case with other InfoSec tools on the market, DLP deployment doesn’t guarantee a quick return on investment. It comes as no surprise that many organizations are skeptical about the efficiency of this move. Under the circumstances, the only way for vendors to stay afloat is to provide functionality beyond data leak prevention alone. As a result, DLP is evolving into an instrument that solves specific business problems and generates nearly instant tangible results, for instance, by exposing insider threats in real time.
The use of next-generation DLP to fend off corporate felonies
When DLP systems became effective enough to pinpoint and impede security incidents, their makers concentrated on thwarting economic crimes and other frauds inherent to the enterprise sector. With that said, the priority vectors of next-gen DLP development boil down to gathering information about users, monitoring employees, and providing a full range of necessary instruments for security professionals. Let’s zoom into the features a system like this should incorporate.
Keeping abreast of files and events
Modern DLPs maintain a comprehensive log of files that are stored and sent, as well as events that can give security teams actionable insights into the current state of their company’s digital health. This functionality underlies a game-changing advantage of these systems over older variants that didn’t log events other than security policy violation instances. The advanced archiving feature helps investigate incidents inside the organization by building a profile of any staff member and scrutinizing their online activities.
Like most other systems, DLP is not foolproof and cannot guarantee 100% protection against data loss. Backing up files is important as it provides a secondary copy of important data, which can be used to restore it in case it is lost due to accidental deletion, corruption, hardware failure, or other causes, regardless of the presence of a DLP solution. Hence, backing up files is a critical component of a comprehensive data protection strategy and is recommended to be used in conjunction with DLP.
System installation and management
Today’s best DLPs boast intuitive controls and excellent flexibility in terms of incident investigation. They come with a web console that allows you to create various reports, from employee dossiers reflecting their relationship with other users to custom reports for senior management.
Although these are firmly established solutions, administering them can be cumbersome, especially if you need to manage several consoles with different configurations for every DLP module. It used to take a lot of time and effort to install such a system and get it up and running, but this is no longer the case. Some providers allocate installation servers that simplify the process of adding group policies and allow clients to complete the entire update and maintenance cycle without relying on tech personnel.
User behavior analytics (UBA)
Nowadays, some DLP tools are equipped with a combination of traditional features for detecting unauthorized data transfers and other effective security mechanisms, such as user behavior analytics. These add-on components build models of normal employee activity and produce alerts whenever deviations are spotted.
The DLP environment isn’t rife with such solutions yet. Most of them are pilot projects. However, the inclusion of this functionality for continuous user surveillance makes a lot of sense, given the growing scourges of insider threats and corporate frauds.
Monitoring employees’ emotional state
The power of DLP systems goes beyond helping enterprises stay on top of user behavior. It also allows them to identify patterns and changes in employees’ emotional conditions. A solution equipped with this feature can analyze messages sent by a user over email, messengers, and social networks. This workflow leverages a dictionary of words and phrases that convey certain emotions in business communication and everyday speech.
The harvested data is then subject to automatic categorization based on the types of emotions, including fear, anger, frustration, surprise, joy, and anticipation. The goal is to determine which team members may be up to something dubious.
IT professionals can’t find common ground on the optimal DLP architecture for maximum protection: one that uses a DLP agent or a DLP gateway. In fact, both types have their pros and cons. The golden middle is to deploy a hybrid solution that merges data monitoring features at the level of endpoints, network gateways, and email with a component that maintains a log of events within the corporate perimeter.
Since every organization has a one-of-a-kind digital infrastructure and a unique set of business workflows, the setup and integration of a DLP system must be built around the idea of flexibility. Vendors can engage modular architecture and incorporate control elements at multiple network tiers to meet this challenge.
Adding cryptography to the mix
With the right security policies in place, the system can enforce the encryption of data transferred to a flash drive or an external SSD. This can pull the plug on data exposure scenarios where users lose storage media. Even if someone picks up or steals a device like that, they can’t “weaponize” it because every bit of information on it is scrambled with a cipher.
Extended activity monitoring features
DLP providers are currently focused on the UBA capabilities of their products and will undoubtedly continue to refine them down the road. The process of gathering user data and putting it through the prism of potentially offensive actions helps security personnel unveil fraud or data exfiltration attempts. This is a hugely important prerequisite for proactive protection against leaks.
The typical employee monitoring techniques include keystroke logging, sound recording with a work computer’s microphone, and taking photos with the camera built into the device. Obviously, these aren’t cutting-edge methods, but they can be extremely helpful for investigating breaches and other impactful incidents.
Detecting a camera in front of a computer display
Some DLP variants catch old-school snoops red-handed by spotting situations where someone is trying to take a picture of the computer screen. This offbeat technology uses image recognition to identify the culprit’s camera, sends an alert to the company’s security team, and saves additional information about this event, including the target workstation and the time this foul play happened. The feature is mainly used by organizations that process a lot of sensitive customer information, such as banks and e-commerce firms.
A multi-faceted security instrument
The effectiveness of traditional, battle-tested DLP functionality peaked years ago, but there is still room for improvement. Security providers are now busy making their solutions easier to use and honing the leak investigation capacity.
Further progress of these systems isn’t only propelled by customer demands. The growth of corporate espionage and other white-collar crimes is pushing vendors to integrate new mechanisms that address emerging risks. As a result, DLPs are turning into one-stop tools combining extensive analytics, incident investigation, and data protection features under the same hood.