Solved

Data Loss Prevention

Posted on 2013-12-12
5
593 Views
Last Modified: 2013-12-16
What is DLP and how do you go about implementing it?
0
Comment
Question by:SydNal2009
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 24

Assisted Solution

by:aadih
aadih earned 25 total points
ID: 39714755
The following article provides a good overview of Data Loss Prevention (DLP):

http://en.wikipedia.org/wiki/Data_loss_prevention_software >
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 192 total points
ID: 39714843
DLP is used to monitor, identify and protect sensitive data by using the following products:

SonicWall      www.sonicwall.com
Juniper       www.juniper.net
Cisco       www.cisco.com
WatchGate      www.watchguard.com
CheckPoint      www.checkpoint.com
Fortinet      www.fortinet.com
Cyberroam      www.cyberoam.com
SmoothWall      www.smoothwall.net
zyWALL      www.zyxel.com
Untangle       www.untangle.com
astaro   www.astaro.com
ClearOS www.clearfoundation.com
PF www.pfsense.org
WALL m0n0.ch/wall
IPCop ipcop.org

Be aware, don't assume that technology will solve all known threats around data loss, because it wont. Technology solutions are only part of the story of DLP, IT Staff and CTO's are required that they understand the threats and how they work.


Read:
http://searchsecurity.techtarget.com/search/query?start=0&filter=1&q=DLP
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 283 total points
ID: 39715512
DLP 3.0
The History of Data Threats and Technology

DLP 1.0
First generation DLP focused on compliance and protecting clients PII and PHI data.  First generation DLP was and still is primarily focused on the financial services, insurance and health care industries being driven by PCI standards as well as HIPAA, GLBA and many state privacy laws.  In truth, first generation DLP is more concerned with meeting audit regulations than it is in protecting data.  Even worse, the fast changing landscape of technology and threats has made many of these regulations outdated and detrimental to actually protecting data. Yet these systems still represent a majority of DLP technologies deployed in the market and companies are trying hard, and often failing to make them useful beyond DLP 1.0.

DLP 2.0
The second generation of DLP focuses on the insider threat and moves beyond PII and PHI data to include intellectual property, trade secrets, critical business plans and classified information.  Defined publicly by the infamous Bradley Manning WikiLeaks case, insider threat had been an ongoing problem for many years but has exploded as a risk with the advent of multi gigabyte storage devices and cloud file sharing.  Second generation DLP products extend from the network to host-based sensors and agents for desktops, laptops and servers.  In DLP 2.0, all sensors (network and endpoint) must capture data events across the enterprise and aggregate this data to show risks in the forms of types and amounts of data moving across and off the enterprise, as well as trends of data usage by employees.  The goal being the ability to recognize risk events and take action to prevent them without the initial understanding of what a "risk event" maybe.

DLP 3.0
DLP 3.0 adds the latest and fastest growing threat to critical business information, cyber attack.  Defined as an initial outside attack most often through phishing, spear phishing or zero day exploits, these attacks succeed in penetrating a company's perimeter defenses and stealing the credentials of insiders and then finding and exfiltrating targeted data.  Cyber attack is the fastest growing threat to all companies big and small and a major focus of awareness programs by the US Congress, FBI and Department of Defense.  The cyber attack threat is massive because of who the attackers are and how well trained and funded they are.  Although cyber attack threat does overlap with insider threat, to successfully recognize and mitigate this new threat requires additional capabilities and programs.  Most recently, the combined insider and outsider threat has emerged where a compromised insider introduces the malware, bypassing the latest generation of cyber attack threat perimeter defenses.

Consider researching the Verdasys and FireEye partnership.

Additionally, the following references will bring you up to speed:
http://www.sans.org/critical-security-controls/control.php?id=17
http://www.sans.org/reading-room/whitepapers/dlp

Here's some other interesting solutions to review when addressing the Cyber Threat category of DLP:

http://www.invincea.com/2013/10/invincea-how-it-works/
https://spikes.com/
http://www.fireeye.com/products-and-solutions/
http://technet.microsoft.com/en-us/security/dn283932.aspx
http://blog.opendns.com/2013/11/06/umbrella-msps-protects-networks-cryptolocker/
0
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 283 total points
ID: 39715513
DLP stats
DLP stats
Considering 57% of data loss purportedly comes from outside, the cyber threat category could easily be considered primary, followed by insider threat, followed by compliance (depending on your organization).

http://datalossdb.org/statistics

Regarding legal compliance requirements, see http://datalossdb.org/us_states
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 192 total points
ID: 39717618
As I said, by using the above list, DLP solution should do:
E-Mail Encryption
USB/CD Controls
Printer Monitoring
Web /Content Filtering
Report a data breach
Support for keyword/key phrases searching
Support for archiving instant messaging communications
..etc


In other words, your DLP solution should address the following areas:
Content Profiling - (automatically identifying sensitive data content in documents/emails/etc.)
Document Management - (Prevent user actions on files and documents)
Application Access - (blocking and monitoring of applications)
Data Discovery -  (where sensitive data content resides on the network)
Pictures/Screen Capture - (Scanning content of Screen Prints)
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question