• Home
• Protector
• Portable Penetrator
• Cloud Penetrator
• Penetrator
• Partners

You are here: Resources > IT Security Technical Resources Part4 > DLP

DLP (Data Loss Protection)

DLP or Data Loss Prevention is an IT security term that refers to systems that protect, monitor, and identify data in rest such as data storage, data in motion such as network actions, and data in use such as endpoint actions, through a centralized management framework, contextual security analysis of transaction (attributes of recipient/destination, timing, medium, data object, originator, and so forth), and deep content inspection. These DLP systems are precision engineered and carefully developed to prevent and detect unauthorized access and manipulation of personal or confidential data as well as protecting them from file degradation through human or computer errors and whatnot as well.

Systems that are specifically designed to avoid getting "leaked" into the wrong hands are referred to as Extrusion Prevention System (by analogy to intrusion-prevention system), IPC or Information Protection and Control, CMF or Content Monitoring and Filtering, Information Leak Prevention or ILP, ILDP or Information Leak Detection and Prevention, and Data Leak Prevention (not to be confused with DLP or Data Loss Prevention). At any rate, here are the different types of DLP systems.

The Network DLP is a type of DLP that's gateway-based (hence, it is also know as gateway-based system). It usually analyzes network traffic in order to look for illicit and unauthorized access and data transmissions, which includes communication mediums like HTTPS, HTTP, FTP, IM, and email (referred to as data in motion, which was already discussed earlier). They have benefits and advantages such as low ownership cost and easy installation. Furthermore, a Network DLP is capable of detecting data at rest or stored information that's found in unsecured or inappropriate places as well. This DLP type is typically a dedicated hardware or software platform that's installed and run on a corporation's Internet network connection.

On the other hand, Host-Based DLP systems are installed in an organization's end-user servers or workstations. Just like their network-based counterpart, a Host-Based DLP can answer both internal and external communications. Ergo, it can manage data flow between types of users or groups (for example, "Chinese walls"). A Host-Based DLP can also supervise and control IM and email communications before they're retained in the company archive, wherein a blocked message or a communication that was never sent and therefore isn't necessarily queued for corporate storage will not be recognized in a following legal discovery occurrence.

Host systems are advantageous to companies because they can track down and handle access to hardware and physical machines such as mobile devices that are capable of storing data. They can even retrieve content before it's been encrypted during certain instances. There are also host systems that offer program controls that specifically block transmission attempts at acquiring personal or confidential info, such that they'll provide automatic feedback to the user if ever such a transgression transpires. Unfortunately, they require separate installations on each and every network workstation available, they can't be used on mobile gadgets like PDAs or cell phones, and they cannot be practically installed in certain circumstances.