DLP stands for Data Loss Prevention or Data Leakage Prevention. Well, if Intrusion Prevention Systems, Antiviruses or Firewall mechanisms cannot prevent data leakage, a DLP system is needed. This issue needs to be brought up a little bit.
It should be clear that all the security layers of Antivirus Intrusion Prevention Systems (IPS), Antibody Prevention Software, Web Security or URL Filtering Solutions, SIEM, MDM and Anomaly Detection software, and other network security software and hardware support to the point of prevention. The point where DLP leaves is to control the user within the organization.
In network security, companies often protect themselves from external attacks. We also know the fact that attacks and infiltrations can occur from the inside, but there are also problems at the point of action to report or prevent it.
The most important motivation for the emergence of DLP and even its becoming a commercial product is the damage suffered by institutions due to the leakage of private / confidential information. In addition, the sanctions of sectoral regulatory organizations have forced companies to ensure data security. HIPAA in the health sector, GLBA in finance, BASEL II and PCI (Payment Card Industry) Standards and regulatory sanctions such as BRSA, KVKK in our country play an important role in taking serious steps regarding information security and therefore DLP. We can even say that Sarbanes-Oxley laws are the most important sanctions for DLP, which are critical enough to leave all of them behind, and every institution that is traded on the Wall Street stock exchange is subject to very strict controls.
The DLP system technically controls both the network and the clients. Before starting the project File system and databases, sharepoint etc. a classification should be made on the criticality level of the data held in places.
Each department within the company should determine the order of criticality for its data and then introduce this critical data to the DLP system.
DLP doesn’t know if a data is critical until you tell it it’s critical. How do you introduce critical data to DLP? There are several methods for this. Keywords that we call keywords can be introduced to DLP. Salary, bodro, top secret, strategy document and so on. words you want to check can be added. Whoever posts these documents or makes these correspondences immediately comes to the DLP management screen.
Another method is Regex. Especially product numbers, credit card numbers, T.C. ID No etc. they are figures with a logic in itself.
Many DLP systems have pre-written regexes, but a space has been allocated for the user to write their own Regex.
In particular, the product codes in the manufacturing plants can be identified by pouring the logic inside itself into the regex.
Drawing documents, database files, zip, encrypted documents that leak out with file type based control are another descriptor that can look and analyze the True File Type.
The technology that makes the DLP system DLP is the fingerprint technology aside from the identifiers I mentioned above.
Only critical data in a directory that is accessed by administrators on the File Server needs to be introduced to the DLP. Or customer information in the corporate database.
The question is: How do we mark this information as Critical? That’s where the fingerprint comes in. DLP, which accesses directory structure with admin right, opens each document one by one and analyzes the text data in it. After ignoring the words and removing the spaces between words, it starts to take the hash of the document according to a serious mathematical algorithm. You shouldn’t forget that. The function in a fingerprinted data is unidirectional. This means that the original hash of a document with fingerprints cannot be restored.
What does this technology provide us? In fact, if we take 1 line of information from a document that we have simply labeled as critical, and try to leak it. the DLP Fingerprint will say this. The data you are trying to leak can detected as the data is critical by creating a weight similar to 70% similar to the \\ 172.16.2.6 \ Administration \ strategy.pdf file on the following File Server. This is a sensitivity that companies are looking for.
Machine Learning (ML) Algorithm has been developed on fingerprint technology. Unlike fingerprinting, this algorithm is based on learning. Basically positive and negative samples are introduced to the system. The introduced sample data is for the ML algorithm to learn. According to the presented data, it is general motivation to draw conclusions about whether the next sent data is critical or not.
Information requested from DLP is; Who, What, Where, How to send the answer to the question. It provides the training of the user with the warnings to be sent to the data which will be a critical element in the data sent by the users. The user begins to behave more carefully than he thinks it is controlled by a system.
Data Leakage prevention is technically impossible, but it is important to remember that this is a process. The biggest contribution of DLP systems is to increase the awareness of the company’s employees in these processes and to ensure that the corporate processes are operated in compliance with the compliance regulations and provide corporate awareness.
DATA TYPES in DLP
The purpose of data leak prevention technology, which is considered in the category of data security in information security, is to protect the data in its network, storage areas and end-user (endpoints) throughout its life. Accordingly, data is handled in three different ways in DLP.
• Data in Motion A type of data that moves across the network, that is, constantly moving on transmission channels such as email, instant messaging, the web and P2P.
• Data at Rest is a sensitive type of data that is required to be questioned and used in databases, file systems and other special storage units when necessary and generally required to be protected in the first place.
• Data in Use This is the type of data that is used and processed by the end user, but is connected to sensitive and confidential data.
Another important feature is the attempt to transmit corporate data to another user after taking the laptop of another user in the same company to another user, and as a result of the audit after reporting it, the user thinks that there is no DLP control outside the company, and the establishment of corporate awareness by DLP.
In fact, violations of existing privacy rules are detected and users are warned.
Sentra works with Forepoint DLP Solutions. For information on ForcePoint DLP Solutions, the leading company in its field, you can use the relevant tab on our website or contact the Sentra sales team.
Case Study: Please contact Sentra sales team for Case Study document