Data Loss Prevention (DLP) software protects data from theft or loss that could cost your company in fines or productivity. DLP solutions cover a wide variety of techniques to protect data – like classification, encryption, monitoring, and policy enforcement. Let’s investigate DLP solutions some more.
If you’re interested in leveling up your IT security, check out our free live security webinars and earn CPE credits along the way.
Get the Free Pen Testing Active Directory Environments EBook
How does DLP work?
DLP is an end-goal, and not a process or procedure. To get to the goal of protecting data from loss, you need to know several things about the data you protect.
- What kind of data do you have? Compliance governed? Intellectual property? Karen from Accounting’s gif collection?
- Who has access to that data? Who should?
With your data classified and your permissions mapped, you can determine what you need to protect and how you need to protect it. Do you want to spend resources on gifs of cats? Probably not. But your data containing PII, HIPAA, SOX, and IP information you certainly need to protect.
Here are a few ways to protect data from loss.
- Backups: Lose data? Restore from backup. Problem solved.
- Encryption: Encryption prevents the person who steals the data from accessing or reading the data. This means your data is still not “lost,” even though it is no longer within your network.
- Monitoring: Monitoring keeps an eye on your data, so you know if you have an internal or external attack targeting your data.
Check out Varonis CTO Brian Vecci on the “Defense in Depth” podcast to learn more about data protection.
The Importance of Data Loss Prevention
It’s the day of your quarterly announcement, and the disk where your finance team stores all the data dies and you don’t have time to recover it.
A laptop with a spreadsheet of unencrypted PII gets stolen.
Do you agree that you need a DLP process in place now? Awesome.
The Role of DLP in Cybersecurity
DLP is a core discipline in a full-spectrum cybersecurity plan. You have to protect data from loss from ransomware or exfiltration to maintain productivity and prevent data breaches.
What Does DLP Software Protect?
Here are lists of data that you should protect with DLP.
- Intellectual Property
- Design documents
- Project plans
- Patent applications
- Source code
- Process documentation
- Corporate Data
- Financial records and statements
- Employee records
- Pricing documents
- User logins
- Customer Data
- End-user logins
- Credit card numbers
- Social security numbers
- Medical data
This is not a comprehensive list. There might be some other kind of data in your business that you should protect with the same vigor. A complete data audit will uncover a treasure trove of data you didn’t know you had to worry about.
What is a Data Loss Prevention Policy?
A data loss prevention policy is the guidelines you set for your organization to promote DLP. Each organization should have a DLP policy in place as part of their overall cybersecurity or data retention policy. One look at the previous list should be enough for you to know why. Companies store huge amounts of ever-increasing data. Some of that data is protected by laws. Some of that data is worth billions of dollars in potential revenue. A DLP policy will help you protect that data.
Considerations to Pick the Best DLP Solution
Here are some things to consider when you compare DLP solutions:
- Does the solution cover your primary data stores?
- Is there endpoint, server, and cloud coverage?
- Does the solution provide classification, or can the solution take input from 3rd party classification systems?
- Do you need to protect structured data, unstructured data, or both?
Questions to Ask a DLP Software Provider:
- Do you have technology partnerships with [structured and/or unstructured data vendors]?
- What technologies do you use to support Windows? NFS? Linux?
- What kind of encryption technology do you support?
- Does your solution promote privacy-by-design principles? (i.e., what risk if any do you introduce)
- How long does your solution take to deploy, and how long until our data is protected?
What Sets Varonis DLP Solutions Apart From the Rest
Varonis provides the core functionality you need to protect your most sensitive data differently than the rest. You can use Varonis as your core data security platform and cover many of the standard DLP workflows while taking advantage of other functionality like advanced threat detection and response capability.
- Maps and discovers where your data is exposed by excessive permissions.
- Classifies sensitive data like PII, PHI, HIPAA, SOX, GDPR and allows for custom classification rules as well
- Creates baselines of individual user behavior patterns, so you know who is accessing what data when
- Fixes over-permissive folder access and reduces the base risk to your sensitive data
- Puts data owners in charge of their data, and builds a process to audit access to that data
- Monitors data activity on-premises, in the cloud, and email with additional context from AD, VPN, DNS, and web proxies to alert and detect any abnormal behaviors
Data Loss Prevention FAQ
Below are some commonly asked questions about data loss prevention.
Q: What is the difference between DLP and “DLP Endpoint?”
A: When you hear “DLP Endpoint,” it means that there is an agent running on a computer that is managing some aspects of DLP for that computer.
Q: If I have DLP Endpoint, why do I need to worry about DLP for the file servers?
A: 100% of your file traffic doesn’t happen on Endpoints anymore. There are cloud servers, remote processes, and many other possible avenues for traffic to completely bypass the Endpoint. Not to mention that an attacker can log directly into a file server and exfiltrate data if they need it.
Q: Are there any known security limitations with DLP?
A: DLP only tracks file movement and doesn’t include context beyond files. A classic example is a large folder migration. A user moves a large folder into a new folder, which triggers a DLP alert. This might be benign and normal behavior, but the DLP didn’t know that the user is a regular user of this data and hasn’t had any signs of compromise or abnormal AD behaviors. It just knows that a bunch of files got moved. DLP doesn’t have any insight into user behavior patterns or abnormal logins.
Q: When our users create data, the DLP asks them to classify the file, isn’t that good enough?
A: Do you trust your users to know all of the possible classification implications of the data they create? Me neither. It’s best to have the file scanned by an engine that has all the rules enabled.
Q: Is Varonis a DLP?
A: Varonis does have some DLP capabilities, like data monitoring and alerting on abnormal behaviors, classification, archival, and quarantine. You should start with Varonis at the core of your data security plan, and add functionality around it to fill in any gaps, like an Endpoint DLP solution.
Check out one of the Varonis Live Cyber Attack Demo, where we show you a real attack scenario and show you how Varonis detects that scenario and see the Varonis difference for yourself.