RSA: Exactly what is DLP?

This is the second write up about something covered extensively at RSA last week. DLP is one of those security terms you hear about, especially now, with all the exposed information being reported. Who has DLP? What is DLP? Why does it matter?

DLP, or Data Loss Prevention, is a buzzword. (Protection is also used as well in place of prevention.) C-Level managers (CTO, CSO, CIO, CEO, etc.) know this term well, and because of that, IT administrators all over the world have researched it at least once. Price wise, it’s cost effective in some cases and in other cases can cover an entire fiscal budget depending on the IT shops size.

DLP does three things, it tries to protect from mistakes, guarding from unintentional data leaks made by people from inside the company. DLP also watches out from the intentional leaks made by people who want to take information for personal gain. Lastly, DLP covers data loss against external attack, someone cracking a database for example. Overall, DLP is an enforcer; it enforces policy within the company and attempts to ensure compliance.

It is important to note that most DLP vendors offer pre-configured policy maps, locating, and defining sensitive information for you. However, for granular policy it is up to the system administrator to create these and to monitor them.

DLP comes in two formats. Network DLP can watch out for employee mistakes and policy violations. (Latterly covering IM, Web, FTP, P2P, and basic TCP) This type of DLP will also include protection for storage-centric shops like file shares and databases. (Think Microsoft SharePoint, Lotus Notes, Exchange, etc.)

DLP for Endpoints is where you see the often hyped iPod spy, or the employee who will move sensitive information to an iPod to take home and work on it later. Laptops and USB drives are also included with Endpoint DLP. (CD burning is also covered here by many vendors.)

Often DLP is combined in an appliance, so you will get Network and Endpoint protection in the same package. When I was at RSA, DLP was being demonstrated on the floor. Symantec had a huge floor presence, and Vontu was giving talks about the need for DLP. Vontu is a recent acquisition by Symantec; they bought the DLP startup some time ago, and added it to their security base. From what was overheard at RSA, they were doing quite well.

Nearly every DLP product will offer great logging and GUI reporting for the administrator. Vontu is a great example of this, I seen some of the dashboards at the show, and they do offer tons of information. While, I did not get a briefing from Vontu, I hung around the booth long enough to notice something else.

Most of the people watching the demonstrations were mid-level administrators, and some C-Levels. I spoke to them (off the record) afterwards. Most of them had the same fear; they did not want to end up on the eleven-o-clock news.

I think DLP is a decent growing technology, but I also think that there is room to grow. I’m not alone in this. Other executives and experts think so too.

“DLP is a tool,” said Craig Shumard, CISO for CIGNA Corp, “It's one of a number of things you can use to help control the insider threat. But it's not the whole solution.” Craig was talking to Dark Reading at the time, and he along with several others agreed. DLP is one layer of security. One part of an overall security plan. Rich Mogull, founder of Securosis, told Dark Reading, “DLP is not going to stop all your leaks. That's not what it's about.”

Amir Lev, CTO at Commtouch, explained it to me best, “The DLP solutions can be relevant only against [protection from insiders]. The other two [intentional data leaks, and malicious attack] are impractical for the private sector,” he said. “Even government security agencies are not immunized against such threats and the private sector will have even more difficulty protecting against such threats, and definitely not against intentional leaks by insiders. As for malicious attacks and external data thefts, it is much more relevant to protect at the perimeter from outside penetrations. Once a site has been infected, preventing a data leakage is next to impossible.”

So is DLP not worth the effort? Quite the opposite, DLP is a great layer of protection. I noticed most of the people at RSA were looking at DLP as a silver bullet, something to prevent their company from becoming the next TJX or Hannaford.

So what are the options for DLP? Who offers it? Researching DLP will depend largely on your company. Both size and scope will factor in whom you ultimately select as your vendor. McAfee, Symantec, and Cisco have all recently bought DLP companies adding them to their security lineup. There are other companies too. RSA, WebSense, Code Green, CommVault, StoredIQ, each offer a DLP product, and are just some of the eighty or so companies who I came across during research.

The price point is tricky, how much do you want to pay? Some solutions I seen ranged from $12,000 to $75,000 in cost. Most vendors want you to contact them before you see a price. Cost should never play a huge role in picking out security, but it does factor in more often than not. So most companies pick what they can afford.

Using this buying method should be coupled with a layering approach to your security. Layering is important. No one security product or appliance will cover all the bases. Some products will come seriously close, but to date nothing can do it all.

There are alternatives. If you look at what DLP protects, you notice a pattern. In one way or another, a human (internal employee or external threat) ultimately causes the data loss. It’s been covered that protecting from outsiders is next to impossible, but internal loss is preventable. Mistakes are the leading cause of data exposure, and correcting this can lower the risk of exposure tremendously.

Making your employees aware of the potential threat data loss poses goes a long way to helping them avoid costly mistakes. To do this, you could invest in training. Many compliance measures (SOX, HIPAA, etc.) require companies to have an annual audit of some sort. When these audits show information risks, policy is set mandating that no sensitive information can be disclosed. (Policies that threaten termination are quite common.) DLP – used as a policy enforcer – helps with these mandates.

People are often aware that data policies exist, but they rarely know why. Since no one takes the time to explain why these data policies are in place, most employees ignore them. Another possible reason for data loss, as explained by Larry Detar of the EC-Council is, “The longer they work with the data, and the information around them, the more it becomes just their job. It becomes more about work than what the actual data is.”

Larry made that comment when explaining that most employees know the policies concerning protecting corporate information, but the more they see it, use it, and deal with it, the more it becomes simple work. People are natural workaholics, so taking a sales report, or earnings statement home to work on, is nothing new.

The EC-Council offers awareness training. The course is called Security 5; they aim the training at the end-user, or Mary in Marketing. They explain what most policies mean, and why they are in place. Covering topics such as how sensitive information is leaked out of a company and how to prevent it. (Apple’s iPods are used here as well as portable hard drives.) Think of it as Layman’s Hacking. Larry said that once people are aware of the security risks and understand the policies then, “Maybe, just maybe, they won’t try to get around them.”

The EC-Council is not the only training company, many other companies offer similar classes. EC-Council is just better known, they offer the Ethical Hacking training if you are not familiar.

Best practice is to layer company security. So if not used as an alternate, then training can be combined with DLP technology to offer two layers to an overall security approach.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably  causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.