What is Data Loss Prevention (DLP) - A Complete Overview of DLP

Table of Contents

What is Data Loss Prevention (DLP)?

What are the benefits of DLP?

What are the different types of DLP?

Do I need a DLP solution?

How does DLP work?

How does Tessian prevent data loss?

Organizations across industries invest in Data Loss Prevention (DLP) solutions to combat perennial security risks along with new challenges like GDPR and CCPA compliance.

But, what is Data Loss Prevention (DLP), what are the benefits of implementing a DLP strategy, and how does DLP work?

What is Data Loss Prevention (DLP)?

Data loss prevention (DLP) is a strategy put in place to ensure data isn’t lost, misused, or accessed by unauthorized users, specifically those outside of an organization. Generally speaking, rather than proactively defending against incoming cyberattacks, DLP software minimizes the risk of confidential or business-critical data (like company IP, credit card details, medical records, insurance details, tax records, and social security numbers) leaving an organization.

What is Data Loss Prevention (DLP)?

DLP software monitors different entry and exit points of a corporate network, such as user devices, email clients, servers, or gateways within the network to safeguard data in different forms, including data in motion, data in use, and data at rest.

Data in motion refers to data that is sent and received over your network.
Data in use refers to data that you are using in your computer memory.
Data at rest refers to data that is stored in a database, file, or a server.

If security software sees something suspicious, such as an email attachment containing credit card details or an attempt to print confidential documents, a predefined response will kick in. Most DLP software offers organizations the ability to block potentially risky communications or to simply flag the anomaly for administrators to follow up on.

Properly configured DLP allows organizations to block sensitive information while permitting non-sensitive communications to continue which means there is a range of benefits of DLP.

What are the benefits of DLP

There are three main problems solved by DLP:

Satisfying compliance standards. With compliance regulations like GDPR, CCPA, and HIPAA dictating how data is handled in different industries and regions, it’s more important than ever that organizations monitor activity and events around Personally Identifiable Information (PII), Protected Health Information (PHI), or payment card information (PCI). Any breaches that compromise the security of this data could mean big fines for organizations. GDPR fines alone can equal up to 4% of a business’ annual turnover.
Keeping intellectual property in-house. While customer, client, or patient information must be protected by law, organizations have a vested interest in also protecting intellectual property like financial information, design or development plans, and information related to the overall structure of the business. DLP helps protect against data exfiltration attempts.
Monitoring how data is used. Not all data incidents lead to data breaches. That’s why it’s important for organizations to have full visibility over how individual users are using and interacting with data. This way, administrators can potentially spot a bad leaver or insider threat before any data is exfiltrated.

What are the different types of DLP?

DLP does more or less the same thing wherever it is deployed – it looks for sensitive information crossing boundaries. But different DLP solutions operate in different ways depending on which “perimeter” is being guarded.

There are three main types of DLP solutions: network DLP, endpoint DLP, and email DLP.

Network DLP

Network DLP protects data in motion by monitoring the traffic that enters and leaves the organization’s network.

These solutions are mostly cloud-based and are designed to monitor network traffic between users and other endpoints connected through the Internet; every byte of data transmitted through a network will go through the cloud-based DLP solution.

Like other DLP solutions, Network DLP can be customized to block custom defined data strings to prevent specific information from moving out of the network by blocking them. But, it can also be used to manage access to certain Uniform Resource Locators (URLs), prevent data or files being transferred to specific cloud storage, and block viruses and malware that are traversing the network.

Endpoint DLP

Endpoint DLP protects data in use on employee’s devices (computers, mobile phones) by preventing unauthorized access. How? By ensuring information isn’t taken off work devices and sent or copied to unauthorized devices by allowing or denying certain tasks to be performed on the computer.

It is also able to detect and block viruses and other malware that could be transferred into your computer system from external sources.

Universal Serial Bus (USB) blocking is one of the most popular methods used in endpoint DLP, because viruses can be replicated using USB storage, and once a USB flash drive is connected to a computer, the virus can be transmitted to the computer system.

Email DLP

Email continues to be the most critical risk factor of data loss with both inbound and outbound traffic posing security threats.

To protect data, Email DLP monitors, tracks, and filters emails sent back and forth through the email client and checks every communication.

Inbound email DLP solutions monitor emails for certain keywords to identify phishing scams, spear phishing attacks, ransomware, or malware. It also quarantines any suspicious email message that contains specific types of data. Outbound email DLP, on the other hand, can be set up to check for misdirected emails,unauthorized emails, or sensitive data to prevent critical information moving out of an organization’s network.

Do I need a DLP solution?

Every company is different, but those handling sensitive information – especially from third-parties – will want to consider implementing a DLP solution in order to maintain customer or client trust and satisfy compliance standards. Larger organizations may want to secure every point as part of a layered defense, while smaller companies with limited IT budgets may decide to focus on their single biggest risk.

For many, this is email.

Not only are misdirected emails one of the most common breaches reported under GDPR, but 90% of data breaches start on email. To learn more about why it’s so important to focus on email, read our Ultimate Guide to Human Layer Security.

How does DLP work?

Traditionally, DLP software has been built around creating long lists of rules and extensive manual tagging. Once set up, it can then monitor the flow of data through different parts of the network, to look for anything sensitive crossing a boundary.

Administrators can create policies to dictate “if x happens, then do y.” These rules should be specific to your organization. For example, a rule may forbid sensitive information being sent to a “freemail” email account or any non-whitelisted third parties.

Unfortunately, though, rule-based DLP has limitations. IT and security teams are tasked with not only creating but also maintaining long lists of rules and employees are often exposed to high flag rates that impede on their productivity.

That’s why Tessian takes a different approach.

How does Tessian prevent data loss?

Tessian uses machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior.

Our machine learning models analyze email data to understand how people work and communicate. They have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. And they continue to adapt and learn as human relationships evolve over time.

This enables Tessian Guardian to look at email communications and determine in real-time if particular emails look like they’re about to be sent to the wrong person. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network.

Protect Your Data

Book a Demo For Tessian’s Outbound DLP Solutions

Human Layer Security

The Ultimate Guide to Human Layer Security

By Tim Sadler
24 January 2020

There’s a big problem in cybersecurity. Despite over 3,000 products in the market, data breaches are at an all-time high. Businesses are at risk of insider and outsider threats, with a reported 67% increase in the volume of security breaches over the past five years. Worse still, this increase in security breaches is happening despite organizations spending more than ever to protect their systems and data, up from $1.4 million to $13 million. Why is this happening? Businesses haven’t been protecting their most important asset: their employees. Historically, email security solutions have layered defenses first on top of networks, then devices, and finally cloud applications. The majority of these solutions provide blunt protection, or rely on retroactive threat detection and remediation, which leaves obvious (and unfortunate) gaps in a business’ armor. So, when you can get a firewall to protect your network, and EDR to protect your devices, what do you get to protect your people?

What is Human Layer Security?

Tessian’s Human Layer Security technology understands human behavior and relationships, enabling it to detect and prevent dangerous activity. Importantly, Tessian’s technology learns and adapts to how people work without getting in the way or impeding productivity. We created this category over a year ago, and it was the thesis for our Series B fundraise. Since then, we’ve seamlessly deployed Tessian solutions to customers across industries from SMBs to multi-national enterprises, and are now detecting and preventing millions of inbound and outbound threats on email.

Why do we need Human Layer Security? Your employees now control both your systems and your data and, the fact is, people make mistakes, people break the rules, and people can be hacked. It’s no wonder that 88% of data breaches are caused by human error, with AIG reporting “human errors and behavior continue to be a significant driver of cyber claims.” After all, employees can transfer millions of dollars to a bank account in a few clicks and can share thousands of patient records in an Excel file via a single email. Instead of expecting people to do the right thing 100% of the time, we think it’s better to preempt these errors by detecting and preventing them from happening in the first place. Each of our solutions – Tessian Enforcer, Tessian Guardian, and Tessian Defender – is uniquely positioned to do just that, and these solutions can be explored by the specific type of human error they protect against. People break the rules Whether done maliciously or accidentally, people in every organization can and do break the rules. Those rules can be related to anything, from a password policy to how sensitive information is stored. But, what about rules related to data exfiltration? Oftentimes, employees are blissfully unaware of policies related to – and the risk associated with – sending emails containing work-related information to domains outside of their own organization. Take, for example, an employee who sends a file to their personal email account so that they can work from home over a long weekend. Sometimes, though, work-related information is extracted with more nefarious intent and, unfortunately, this can happen in even the most secure environments. Case in point: In late-2019, an employee at a cybersecurity and defense company sold 68,000 customer records to scammers. This isn’t an isolated incident, either; more than half of UK employees admitted to stealing corporate data. A quarter of those would be willing to do so for less than £1,000.

People make mistakes To err is human and, entrusted with both systems and data, employees put themselves in decidedly vulnerable positions as they maneuver dozens of human-digital interactions each day. From a simple typo to a misconfigured firewall, mistakes are inevitable in the workplace. Unfortunately, though, the consequences of these mistakes are far-reaching. If an employee accidentally fires off an email containing sensitive customer data to the wrong person – otherwise known as a misdirected email – penalties and fines could be incurred, customer trust could plummet, and reputational damage could be long-lasting. And those are just the consequences to the larger organization. Individuals will likely suffer, too, with misdirected emails no doubt causing employees and supervisors tremendous anxiety and even putting them at risk of being terminated.

People can be hacked Businesses of all sizes work with a web of suppliers, contractors and customers spanning different time zones and regulatory environments. As a result, we’ve seen a rise in targeted spear phishing attacks where cybercriminals are convincingly impersonating internal and external contacts. Worse still, the odds are against businesses and their employees. While a hacker only has to get it right once, we are expected to get it right every time. So, what happens if one employee is successfully tricked one time by a spear phishing email and wires money, shares credentials, or otherwise acts as an entry point for a bad actor to gain access to your network? With the average cost of a data breach in the United States climbing to $8.19 million in 2019, the company will likely take a hard hit, especially with the sharp increase in GDPR fines.

Why focus on email? To be truly effective, Human Layer Security must protect all human-digital interactions within the enterprise. This is a massive remit. So, Tessian started with email, because it’s the most popular (we spend 40% of our time on it) and riskiest (most breaches happen here) communication channel.

But why is email currently so poorly protected and how does Tessian fit into larger security frameworks to keep your people and your data safe? Rule-Based Technology Traditional email security solutions are static, disruptive and admin-intensive. Some demand that employees manually classify every email based on sensitivity or tag all emails being sent to external contacts; this is time consuming and not reliable. (Alert fatigue is real.) Others may require that employees encrypt emails, which adds friction and slows the pace of business. These older technologies can’t be configured to adequately defend against all the ways people make mistakes or cut corners on email. Training Aware of these tech shortcomings, most companies layer in security training. The hope is that through a combination of training and policies, employees will adopt secure behaviors. Unfortunately, though, two thirds of employees are not regularly trained about cyber threats on email, which is the #1 threat vector in an organisation. What’s more, a significant percentage of those who are trained don’t retain what they’re taught. Training is incomplete, irregular and doesn’t stick. Hence the need for HLS. Human Layer Security In addition to policies, training, and other security solutions, organizations need an extra layer of security. Human Layer Security works by understanding and adapting to human behavior without compromising productivity. This is only made possible by machine learning (ML), and Tessian built our HLS platform out of the gate using stateful ML. We built our outbound email protection first, and leveraged the email data from hundreds of customers (with their consent, of course) to build our inbound threat stack. Our stateful ML models analyze historical email data in order to understand human relationships and communication patterns. Once we know what normal and abnormal look like, Tessian can automatically predict and prevent security breaches.

How is Tessian using machine learning to secure the human layer on email? We get it—ML/AI are used often and interchangeably in the cybersecurity space. But, the simple truth is that a solution built on ML enables better email protection because ML models get smarter and better over time as more data is ingested. Tessian’s Human Layer Security platform consists of intelligent and fully customizable email filters. For every inbound and outbound email, our filters analyze a vast array of data points in real time to create a comprehensive assessment of the correspondence. In the simplest terms, to determine whether an email is safe or unsafe to send/receive, we examine: Relationship History: Analyzing past and real-time email data, Tessian has a historical view on all email communications and relationships. For example, we can determine in real time: if the wrong recipient has been included on an outbound email; if a sensitive attachment is being sent to a personal, non-business email account; if an inbound email with a legitimate-looking domain is a spoof by detecting an unusual IP address.on Content & context: Using natural language processing to analyze historical email data, Tessian understands how people normally communicate on email and what topics they normally discuss. As a result, our filters automatically detect anomalies in subject matter (i.e. project names) or sentiment (i.e. urgency), which might indicate a threat. Tessian understands and adapts to how people work, so it can prevent threats before they happen. It gets out of the way so people can proceed confidently with business as usual without being slowed down, or having to add threat detection to their to-do list. First, you protected our networks. Then, you protected our devices. Now, you can protect your people with Tessian’s Human Layer Security.

What is Data Loss Prevention (DLP) – A Complete Overview of DLP