Introduction to Data Loss Prevention

The Need for Data Loss Prevention

Data is more accessible and transferable today than ever before, and the vast majority of data is sensitive at different levels. Some is confidential simply because it is part of an internal organization and was not meant to be available to the public. Some data is sensitive because of corporate requirements, national laws, and international regulations. Often the value of data depends on its constant confidentiality - consider intellectual property and competition.

Leakage of your data could be embarrassing or worse, cost you industrial edge or loss of accounts. If you let your organization to act in non-compliance with privacy acts and other laws, it could be worse than embarrassing - the integrity of your organization may be at stake.

You want to protect the privacy of your organization, but with all the tools making information sharing easier, it is easier to make an irrecoverable mistake. To make the matter more complex, along with the severity of data leakage, we now have tools which inherently make it easier to happen: cloud servers, Google docs, and simple unintentional abuse of company procedures - such as an employee who takes work home. In fact, most cases of data leakage occur because of unintentional leaks.

The best solution to prevent unintentional data leaks is to implement an automated corporate policy that catches protected data before it leaves your organization. Such a solution is known as Data Loss PreventionClosed Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP. (DLP).

Data Loss Prevention identifies, monitors, and protects data movement through deep content inspection and analysis of transaction parameters (such as source, destination, data object, and protocol), with a centralized management framework. In short, DLP detects and prevents the unauthorized transmission of confidential information.

Note - Data Loss Prevention is also known as Data Leak Prevention, Information Leak Detection and Prevention, Information Leak Prevention, Content Monitoring and Filtering, and Extrusion Prevention.

Data Loss Prevention and Privacy

DLP captures original data that caused a ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. match, including the body of the transmission and attached files.

Best Practice - Disclose to your users how your DLP environment works. Tell users that transmissions that violate the data security guidelines of your organization are stored, and security personnel can read them.

Information disclosure recommendations:

  1. Disclose the privacy policy BEFORE you configure DLP.

  2. Translate the most important DLP rules into guidelines and tell your users what is not allowed and brings to captured transmissions.

  3. Explain that DLP scans only transmissions that originate from computers inside the organization (including any source that uses organization resources, such as Remote Access or VPN connections).

  4. Explain how to handle Ask User violations.

    DLP incident notifications can be sent by email (for SMTP traffic) or shown in a system tray pop up from the UserCheck client (for SMTP, HTTP, FTP, and so on).

    If the incident of the notification is in Ask User mode, the user can click the Send or Discard link in the pop up of UserCheck client: to handle the incident in real-time.

Important - Make your users are aware of the purpose of the UserCheck client: handle the DLP options directly from the pop up.

If the user exits the client, the alternative web page that provides the Ask User options may not function.

  1. Explain that captured transmissions are logged and saved, and that some may be reported to managers (Data Owners).

  2. Explain that captured emails, attachments, web posts, and so on are available for review by security personnel.

  3. Explain that review of original transmissions is for organization data security alone - you do not collect personal information. Therefore, your users have no option to prevent the scan on their transmission, or disable it, or both.

  4. Make sure that you maintain your guidelines: do not keep or use original transmissions for any use other than review of DLP incidents and rules.