Data Loss Prevention (DLP) systems help organisations enforce information handling policies and procedures to prevent data loss and theft.

The THREE states of Data:

  • Data at Rest - Data that resides in a static location e.g Hard drives, the cloud, or on other storage media.

  • Data in Motion - Data that is in Transit over a network. Is the data travelling on an untrusted network?

  • Data in Processing - Data that is in use by the computer system, is the data in an area of memory that is open to exploit if they have system access?

Data Loss Prevention (DLP) systems help organisations enforce information handling policies and procedures to prevent data loss and theft. These systems search for areas of the system that are unprotected and unsecured as well as monitor network traffic for potential attempts to capture and steal confidential information.

DLP Systems work in two environment:

  • Host-based DLP

  • Network DLP

Host-based: Uses Software installed on systems to search the system for the presence of sensitive information. These are commonly credit card numbers, plaintext passwords and other unprotected credentials.

Network: These are dedicated devices that sit on a network and monitor outbound network traffic, watching for unencrypted sensitive information. This can either protect the data through blocking certain transmission or encrypting the data, dependant on the organisations policy.

DLP Systems use two mechanisms to achieve these actions:

  • Pattern Matching - They look for data based on keywords, number formatting, symbols that would indicate financials etc.

  • Watermarking - systems or administrators apply electronic tags to sensitive documents and then the DLP can block these leaving an organisation.