035
CHECK POINT 2013 SECURITY REPORT
04
_ DATA LOSS INCIDENTS IN YOUR NETWORK
able to detect personally identifiable information (PII),
compliance-related data (e.g. HIPAA, SOX, PCI data,
etc.), and confidential business data. It should inspect
content flows and enforce policies in the most widely
used TCP protocols, including SMTP, FTP, HTTP,
HTTPS and webmail. The DLP solution should also
be able to conduct inspections by pattern matching and
file classification, so that it can identify content types
regardless of the file extension or compression format.
In addition, the DLP solution must be able to recognize and
protect sensitive forms, based on predefined templates and
file/formmatching. An important feature of a DLP solution
is the ability to create custom data types for maximum
flexibility, along with the vendor’s out-of-the-box data types.
Empower Users to Remediate Incidents
Traditional DLP solutions can detect, classify and even
recognize specific documents and various file types, but they
cannot capture the user’s intent behind the sharing of sensitive
information. Technology alone is inadequate because it cannot
identify this intention and respond to it accordingly. Hence,
a quality DLP solution must engage users in order to achieve
optimal results. One approach is to empower users to remediate
incidents in real-time. In other words, theDLP solution should
inform the user that his/her action may result in a potential
data leak incident. It should then empower the user to decide
whether to discard the message or to continue with sending it.
This methodology improves security by elevating data storage
policy awareness and alerting users of potential mistakes in real
time. As well, it allows for quick self-authorization of legitimate
communications. As a result, securitymanagement is simplified
because the administrator can track DLP events for analysis
without having to personally attend to each external data send
request as it happens.
Protection Against Internal Data Breaches
Another important DLP capability is the ability to not only
to control sensitive data from leaving the company, but also to
inspect and control sensitive emails sent between departments
within the same company. Policies can be defined to prevent
confidential data from leaking to wrong departments.
Examples of data that might need protecting from accidental
interdepartmental leakage include: compensation plans,
confidential human resource documents, mergers and
acquisitions documents or medical forms.
Data Protection for Endpoint Hard Drives
Companiesmust secure laptopdata aspartof a comprehensive
security policy. Without securing hard drive data, outsiders
can obtain valuable information through lost or stolen
computers; this can result in legal and financial repercussions.
A proper solution should prevent unauthorized users from
accessing information by encrypting the data on all endpoint
hard drives, including user data, operating system files and
temporary and erased files.
Data Protection for Removable Media
To stop incidences of corporate data compromises via USB
storage devices and other removable media, encryption
and prevention of unauthorized access for these devices are
required. Employees often mix personal files such as music,
pictures, and documents with business files such as finance
or human resource files on their portable media. This
makes corporate data even more challenging to control. By
encrypting removable storage the devices, security breaches
can be minimized in case the devices become lost or stolen.
Document Protection
Business documents are routinely uploaded to the web by file-
storage applications, sent to personal smartphones, copied
to removable media devices and/or shared externally with
business partners. Each of these actions places sensitive data
at risk of being lost or used inappropriately. In order to secure
corporate documents, a security solutionmust be able to enforce
a document encryption policy and grant access exclusively to
authorized individuals.
Event Management
Defining DLP rules to meet the organization’s data usage
policies should accompany quality monitoring and reporting
capabilities. To minimize the potential of data leakage in an
organization, the security solution must include monitoring
and analysis of real-time and historical DLP events. This
gives the security administrator a clear and broad view of the
information being sent externally, their sources, and it also
provides the organization with the ability to respond in real
time if necessary.
