What is DLP(Data Loss Prevention )?

Equifax, Avanti or Down Jones, are sadly famous companies in 2017 for having suffered significant leaks of sensitive information. Thus, those who committed to ensuring the confidentiality of their customers, are faced with the obvious failure of wrong Data Loss Prevention (DLP) Policies, and this is not a minor problem. According to an IBM Security report, the cost in Italy (similar to Spain) exceeds 2 million euros per year; companies being more affected the longer it takes to apply measures that mitigate the loss.

The application of DLP with a global vision in its complexity is one of the most important challenges organizations are facing worldwide; and, with special attention in the European Union as the implementation of the new Data Protection Law (GDPR) is imminent.

WHAT IS DLP?

Information is an entity that, like everything in nature, has its life cycle. It is created or acquired, transferred, used, stored and finally deleted. Throughout the period in which it exists, unwanted transfers, copies or deletions may occur, intentionally or casually.

At the time the data is stored or published, in any of the current myriads of technological mechanisms for the dissemination of information, without the explicit approval of the owner or in contravention of the laws, a loss of data must be declared.

As example, we would have to store sensitive information in personal equipment not protected by a DLP; whether on internal, external or Cloud storage units, print them on paper, burn them on optical media (CD or DVD), take pictures, or take screenshots.

Another form of data loss is unwanted deletion. Commonly a casual problem, unintentionally, that occurs by mistake; but that can cause irreparable damage at the business level. Becoming a high-risk factor when it occurs unexpectedly but planned, in the search to hide information or as a form of attack.

Much more subtle is the information leak when shared. The complexity of the laws and processes on the sensitivity of data and its protection leads users to not realize when they are violating this confidentiality by sending it by mail, posting it in an inappropriate forum or sharing it through unsafe mechanisms.

Finally, the most striking: data theft. Either by malware, by a virus, by an attack through security holes, or by social hacking. They are actions that move, almost always, by economic background. And that requires a high degree of resources.

APPLICATION CONTEXT

The first barrier that must be built to prevent data loss is a correct configuration of firewalls, isolating the company’s network from unauthorized access. Intrusion Detection Systems (IDS), which rely on detailed analysis of network traffic to detect known attacks, suspicious behaviors, malformed packets, etc.

The configuration of the Intruder Prevention Systems (IPS), which takes a step forward in the preventive way to face possible threats by allowing monitoring of network traffic and system activities in search of malicious activities. For this, it applies security policies or anomaly statistics, to the analysis of network behavior.

Finally, expanding the scope of action, we would have the Data Loss Prevention (DLP) Applications. They are systems designed to monitor, detect and block sensitive information when it is in any of the following three states:

• In-network: That information that is being transported by the network (it is in movement).
• In use: Information with which the user is interacting.
• At rest: “Old” information, which is stored permanently.

In each case, you will apply data identification policies to classify your confidentiality and sensitivity. Either by the analysis of the content (keywords, classification, tags) or a contextual analysis (origin, destination, application), or by applying methods such as searches with regular expressions, Bayesian analysis, statistical analysis, and machine learning.

Precisely, the arrival of the “Artificial Intelligence” systems that can learn the behaviors of the users, have allowed us to make a great qualitative, quantitative and reliable leap in the detection of information leaks, and the reduction of false positives.