Data Loss Prevention

MUHAMMAD YOUSUF | MSIS/2018-19/069

SHABBIR ANWER KHALIDI | MSIS/2018-19/068

Introduction to Data Loss Prevention
Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or
critical information outside the corporate network.
The term is also used to describe software products that help a network administrator control
what data end users can transfer.
Data loss prevention software detects potential data breaches/data ex-filtration transmissions
and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion,
and at rest.
The terms "data loss" and "data leak" are related and are often used interchangeably.
Types of Data Loss
Data loss can be divided into two sometimes overlapping categories:

Leakage - in which sensitive data is no longer under the control of the organization. (In computer
security parlance, this is a loss of confidentiality.)
Disappearance or damage - where a correct copy of the data is no longer available to the organization
(corresponding to a compromise of integrity or availability).
Common Channels for Data Loss

Network Personal Device Storage

Company Network Personal USB drive

Computer

Email File Server

Smart Phone
Data Base
Regulatory Compliance Aspect of DLP
Payment Card Industry Data Security Standards. A worldwide information security standard created to help
organizations that process card payments to prevent credit card fraud through increased controls around data
and its exposure to compromise.
Federal Information Security Management Act of 2002. It provided a comprehensive framework for ensuring
the effectiveness of information security controls over information resources that supported Federal operations
and assets.
Privacy Act of 1974. It prohibited disclosure of information in personal records by any means of communication
to any person or to another agency, except pursuant to a written request by, or with the prior written consent
of, the individual to whom the record pertains
Health Insurance Portability and Accountability Act of 1996. It required that to ensure privacy and
confidentiality all patient healthcare information be protected when electronically stored, maintained, or
transmitted.
Gramm-Leach-Bliley Act of 1999. It mandated privacy and the protection of customer records maintained by
financial institutions.
Data Prevention Loss Vectors
Enterprise data generally exists in the following three major states.
Data at rest – Data residing in files systems, distributed desktops and large, centralized data
stores, databases, or other storage methods.
Data at the endpoint – Data residing at the endpoints of the network such as laptops, USB
devices, external drives, CD/DVDs, archived tapes, MP3 players, iPhones, or other highly-mobile
devices.
Data in motion – Data moving through the network to the outside via email, instant messaging,
peer-to-peer (P2P), File Transfer Protocol (FTP), or other communication mechanisms.
Data Classification
Enterprises are often unaware of all of the types and locations of information they possess. It is
important, prior to purchasing a DLP solution, to identify and classify sensitive data types and
their flow from system to system and to users.
Classifications can include categories such as private customer or employee data, financial data,
and intellectual property. Once the data have been identified and classified appropriately,
further analysis of processes should facilitate the location of primary data stores and key data
pathways.
Copies are frequently made to facilitate application testing without first cleansing the data of
sensitive content. Having a good idea of the data classifications and location of the primary data
stores proves helpful in both the selection and placement of the DLP solution.
Components of DLP Solution
Manage – Define enterprise data usage policies, report data loss incidents, and establish
incident response capability to enable corrective actions to remediate violations.
Discover – Define the sensitivity of enterprise data, create an inventory of sensitive data, locate
sensitive data wherever it is stored, and manage data cleanup. This includes discovering and
inventorying sensitive data.
Monitor – Monitor the use of sensitive data, understand sensitive data usage pattern, and gain
enterprise visibility. This could include monitoring data in motion by inspecting network
communications such as email, Instant Messaging (IM), web, FTP etc.
Protect - Enforce security policies to proactively secure data and prevent sensitive data from
leaving an enterprise. Automatic protection of sensitive data across endpoint, network and
storage systems.
DLP for Endpoints
• Advantage
• Maximize the Coverage
Personal Device
– Content-Aware and Always-On
– USB, CD/DVD, Print, Fax and Trusted Device
control
Endpoint Discover
– Applications such as IM, Facebook, Twitter
and Citrix
• Automatically Remediate
– Inform / Notify / Justify / Quarantine / Block /
Endpoint Prevent Encrypt
– Integrate and Customize through
FlexResponse
• Minimize the Impact
– Intelligent and Lightweight Agent Design
– Centralized Agent Configuration, Monitoring
and Troubleshooting
– Accuracy and Efficiency for Lower TCO
9
DLP for Storage
Advantage
Storage • The broadest coverage including file
servers, databases, email, websites,
groupware
Network Discover • Custom scan management: Inventory,
incremental and parallel scans
Data Insight • Identify frequent users of confidential
Enterprise information, monitor data access,
automatically notify users
Network Protect • Extensive fix capabilities: Encryption,
ERM and custom FlexResponse actions

10
DLP for Network Advantage
• Corporate email and web protection on
mobile phones and tablets
Network
• Scalable, high-performance network
monitoring
Network Monitor • Cloud and social media protection

Network Prevent for

Email
• Hosted messaging and security
Network Prevent for
Web services support

• Broad integration support for MTA’s,

gateways, and web proxies 11
Best Practice
Prioritize loss vectors - This means first identifying all the potential data loss vectors in the
organization and then prioritizing them based on criteria such as past breaches, volume of
communications, volume of data, the likelihood of a breach and the number of users with access
to those vectors.
Protect without disruption - To work effectively, a data loss prevention solution must operate
without diminishing system performance or preventing workers from doing their jobs. Solutions
that do not scale can cause performance issue as companies grow.
Flexible & modular architecture - Enterprises need to address the data loss problem by creating
a flexible and modular architecture. A flexible and modular architecture allows enterprises to
immediately and cost effectively addresses their most pressing requirements while being able to
add new controls as their needs change.
References
ISACA Data Leak Prevention Whitepaper
http://www.isaca.org/Knowledge-Center/Research/Documents/Data-Leak-Prevention_whp_Eng_0910.pdf
NIST Publication Data Loss Prevention
https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=904672
SANS Data Loss Prevention Whitepaper
https://www.sans.org/reading-room/whitepapers/dlp/paper/32883