Data Loss Prevention Articles

What Is DLP And Why Data Loss Prevention Is Important?

DLP stands for Data Loss Prevention or Data Leakage Prevention. Data loss prevention is a set of technologies and techniques that are created to prevent sensitive information from leaving a company.

The data you are striving to protect behind firewalls and passwords is likely still slipping through your fingers. Data leaks can be initiated by either unwitting employees or users with malicious intent who copy proprietary or sensitive information from their computers to flash memory sticks, smartphones, or other convenient forms of portable storage. Data leaks may also spring from user emails, instant messages, web forms, social network exchanges, or file sharing cloud services.

Wireless endpoint interfaces like Wi-Fi and Bluetooth as well connected mobile devices provide additional avenues for data loss.

Likewise, endpoint PCs can be infected with vicious malware or keyloggers that harvest user keystrokes and send the stolen data over SMTP or FTP channels into criminal hands.

While these threat vectors can evade conventional network security solutions and native Windows/Mac controls, the DeviceLock Data Leak Prevention (DLP) addresses them. It enforces data protection and auditing policies with awareness of both the context and content of data flows across endpoint channels where leaks can otherwise occur.

DeviceLock DLP also delivers Virtual DLP to VM and BYOD devices. Virtual DLP extends DeviceLock DLP to a variety of session-based, streamed and local virtual machines and to BYOD devices using desktop and application virtualization architectures.

DLP With Context & Content Awareness

DeviceLock DLP includes an entire set of controls together with event logging and data shadowing for all data leakage channels

The most efficient approach to data leakage prevention is to start with contextual control - that is, blocking or allowing data flows by recognizing the authenticated user, security group memberships, data types, device types or network protocol, flow direction, state of media or SSL encryption, the date and time, etc.

There are also many scenarios that require a deeper level of awareness than contextual parameters alone can provide. For example, even trusted employees handle data that contains personally identifiable information (PII), financials, health data, "Confidential", or other intellectual property content. Security administrators gain greater peace of mind and data security compliance by passing all data flows that might contain any of these data elements through content analysis and filtering rules before allowing the data transfer to complete.

DeviceLock DLP provides both contextual AND content-based controls for maximum leakage prevention at minimum cost. Its multi-layered inspection and interception engine provides granular control over a full range of data leakage pathways and will further ensure that no sensitive data is escaping through content analysis and filtering that can be applied to endpoint data exchanges with removable media, Plug-n-Play devices, printers, email, web and other network communications.

DeviceLock DLP provides both contextual and content-based controls for maximum data leakage prevention

With DeviceLock DLP, security administrators can precisely match access rights to job function with regard to transferring, receiving and storing data on media attached to corporate computers or through network protocols. The resulting secure computing environment allows all legitimate user actions to proceed unimpeded while blocking any accidental or deliberate attempts to perform operations outside of preset bounds.

How To Manage And Control DLP System?

DeviceLock DLP provides a straightforward approach to DLP management that allows security administrators to use familiar Microsoft Windows Active Directory Group Policy Objects (GPOs) and snap-in DeviceLock consoles to centrally define DLP policies and automatically push them to distributed agents for continual enforcement on both physical and virtual endpoints.

DeviceLock DLP allows administrators to use Active Directory Group Policy to centrally define and automatically push DLP policies

With DeviceLock DLP, administrators can centrally control, log, shadow-copy, alert, and analyze end-user data transfers to all types of peripheral devices and ports, as well as network communications on managed endpoint computers. In addition, its agents detect and block hardware keyloggers to prevent their use in the theft of passwords and other proprietary or personal information.

With its fine-grained endpoint contextual controls complemented by content filtering for the most vulnerable endpoint data channels, DeviceLock DLP significantly reduces the risk of sensitive information leaking from employees' computers due to simple negligence or malicious intent. DeviceLock DLP is a security platform that includes data protection policy templates and promotes compliance with corporate information handling rules, as well as legal mandates like HIPAA, Sarbanes-Oxley, and PCI DSS.