Phases of Data Loss/ Leakage Prevention (DLP)
199 بار بازدید -
پارسال
-
"Every organization has a Data
"Every organization has a Data Protection Program, and Data Loss Prevention (DLP) is a crucial part of that program.
A DLP strategy is essential for monitoring egress in your organization. These are different technologies and practices that must align with your organization's existing architecture.
The objective here is to prevent data loss or unauthorized access to data.
Now, there are three phases of Data Loss Prevention: the first stage is the discovery and classification of data within your organization, followed by monitoring, and finally enforcement and protection against data leakage or loss.
In the Discovery and Classification phase, the scope includes all structured and unstructured data hosted on the IT assets of your organization. DLP solutions scan networks based on patterns, signatures, data levels, and unknown data. Signatures can include patterns like MasterCard numbers, social security numbers, or other identifiers used by your organization. DLP solutions may also use regular expressions to match data strings.
After identification, DLP solutions categorize data based on its value or sensitivity to the organization. Your organization may already have classified data as part of its asset inventory program, which DLP solutions can utilize.
This discovery and classification of data are prerequisites for the successful execution of the next stages and overall implementation of DLP solutions in your organization.
In the next stage, monitoring involves data at rest, data in motion, and data in use. DLP solutions monitor data based on early discovery and classification. Data at rest refers to stored data, where encryption and access controls are typically used for protection. However, DLP solutions can monitor for any violations. Data in use refers to data being processed or in memory. Endpoint DLP agents can monitor data in use, detecting activities such as USB data extraction attempts, copy-pasting of data, or screenshots on endpoints.
Data in motion, or data in transit across networks, is monitored by network-based DLP solutions for protocols like HTTP, FTP, and SMTP (web traffic, file transfers, and emails, respectively). However, standard DLP implementations do not inspect encrypted web traffic (HTTPS). Integrating encryption and Key Management protocols into DLP solutions is complex but necessary for certain critical use cases.
Overall, DLP solutions monitor data throughout its lifecycle, on servers, endpoints, and network devices, including email, browser/web traffic, and application traffic. As mentioned earlier, standard DLP solutions cannot monitor encrypted traffic.
The final phase, Enforcement or Protection, aims to prevent unauthorized data extraction or violations against the organization's egress policy. The goal is to block all unauthorized egress traffic.
The previous phases of classification and monitoring are prerequisites for enforcement or protection. For less sensitive data, DLP solutions can be set to generate alerts only, whereas for highly critical or sensitive data, DLP solutions can be configured to block attempts.
Therefore, it's crucial to tune your DLP solutions to minimize false positives and false negatives. Improperly tuned DLP solutions may block authorized users or allow unauthorized access to sensitive data. Continuous tuning of your DLP solution is essential.
That concludes our discussion. Thank you."
A DLP strategy is essential for monitoring egress in your organization. These are different technologies and practices that must align with your organization's existing architecture.
The objective here is to prevent data loss or unauthorized access to data.
Now, there are three phases of Data Loss Prevention: the first stage is the discovery and classification of data within your organization, followed by monitoring, and finally enforcement and protection against data leakage or loss.
In the Discovery and Classification phase, the scope includes all structured and unstructured data hosted on the IT assets of your organization. DLP solutions scan networks based on patterns, signatures, data levels, and unknown data. Signatures can include patterns like MasterCard numbers, social security numbers, or other identifiers used by your organization. DLP solutions may also use regular expressions to match data strings.
After identification, DLP solutions categorize data based on its value or sensitivity to the organization. Your organization may already have classified data as part of its asset inventory program, which DLP solutions can utilize.
This discovery and classification of data are prerequisites for the successful execution of the next stages and overall implementation of DLP solutions in your organization.
In the next stage, monitoring involves data at rest, data in motion, and data in use. DLP solutions monitor data based on early discovery and classification. Data at rest refers to stored data, where encryption and access controls are typically used for protection. However, DLP solutions can monitor for any violations. Data in use refers to data being processed or in memory. Endpoint DLP agents can monitor data in use, detecting activities such as USB data extraction attempts, copy-pasting of data, or screenshots on endpoints.
Data in motion, or data in transit across networks, is monitored by network-based DLP solutions for protocols like HTTP, FTP, and SMTP (web traffic, file transfers, and emails, respectively). However, standard DLP implementations do not inspect encrypted web traffic (HTTPS). Integrating encryption and Key Management protocols into DLP solutions is complex but necessary for certain critical use cases.
Overall, DLP solutions monitor data throughout its lifecycle, on servers, endpoints, and network devices, including email, browser/web traffic, and application traffic. As mentioned earlier, standard DLP solutions cannot monitor encrypted traffic.
The final phase, Enforcement or Protection, aims to prevent unauthorized data extraction or violations against the organization's egress policy. The goal is to block all unauthorized egress traffic.
The previous phases of classification and monitoring are prerequisites for enforcement or protection. For less sensitive data, DLP solutions can be set to generate alerts only, whereas for highly critical or sensitive data, DLP solutions can be configured to block attempts.
Therefore, it's crucial to tune your DLP solutions to minimize false positives and false negatives. Improperly tuned DLP solutions may block authorized users or allow unauthorized access to sensitive data. Continuous tuning of your DLP solution is essential.
That concludes our discussion. Thank you."
پارسال
در تاریخ 1401/12/02 منتشر شده
است.
199
بـار بازدید شده