Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.
Data loss prevention (DLP) is a strategy that businesses use to keep their data safe. DLP solutions detect and flag or block any event that might result in the loss, theft, or exfiltration of a company’s data.
Data loss prevention (DLP) is a strategy used by businesses to keep their data safe. Different DLP tools and strategies can be used to detect and flag or block any activity or interaction that could result in data being lost, stolen or exfiltrated from your organization. Data loss prevention plays a critical role in protecting confidential and sensitive information from cybercriminals, and ensuring compliance with data protection regulations and industry standards.
There are many different threats to your company’s data, and criminals are constantly finding new and more sophisticated ways to access the growing volumes of sensitive data held by all types of organizations. In addition to threats from cybercriminals or ‘malicious actors’, there are risks from inadvertent data sharing and from malicious insiders within your company who may want to steal or share confidential data for personal gain.
These are some of the most significant threats that can result in data loss:
To prevent data loss, organizations can implement data loss prevention (DLP) software across their systems. DLP software works by monitoring the various data entry and exit points throughout your organization to identify data movements. A properly configured DLP solution detects when sensitive or important data is about to leave your company’s possession, alerts the user and ultimately prevents data loss.
The entry and exit points for data in your organization include computers, mobile devices, email clients, servers and mail gateways. Different types of data loss prevention solution are required to safeguard data in these environments. Your DLP solution has three main jobs to do:
DLP software uses technologies such as antivirus software, artificial intelligence, and machine learning to detect suspicious activities and prevent sensitive data being leaked outside your organization. The best DLP software solutions compare data usage against your company’s policies and procedures to detect suspicious activity. It is therefore important that your company has well-defined policies that define how you label, share and protect data from exposure to unauthorized users.
Data loss prevention software can monitor and safeguard data in three states:
There are three main types of DLP software, designed to protect data in these different states.
This software monitors network traffic passing through your company’s entry and exit points, to protect data in motion. Network DLP scans all data passing through your company’s network. If it’s working properly, the software will detect sensitive data exiting your network and flag or block it, while allowing other data to leave the network unimpeded. Your network administrators can customize network DLP software to block certain types of data from leaving the network by default, and can also white list specific file types or URLs.
Endpoint DLP software monitors data on devices and workstations, such as computers and mobile devices, to protect data that is currently being used. The software monitors each device and detects a range of potentially malicious actions, such as printing a document, creating or renaming a file, or copying data to removable media (e.g. a USB drive). Many of these actions will be completely harmless, but they could also be an attempt to exfiltrate confidential data. Effective endpoint DLP software will be able to distinguish between suspicious and non-suspicious activity.
As every CISO knows, email is the primary attack vector for cybercriminals. Email represents a potential route directly through your company’s defenses for anyone wishing to deliver a malicious payload. It’s also a way for insiders to send data out of your company’s network – either deliberately or by accident.
Email data loss prevention software is therefore an essential tool to protect against some of the most common and serious causes of data loss, including email-based cyber attacks such as phishing, malicious exfiltration of data by employees, and accidental data loss, perhaps caused by an employee sending an email to the wrong person or attaching the wrong file.
Preventing data loss from your organization has significant benefits, including reducing the risk of financial losses and reputational damage, and improving your company’s compliance with data protection and industry regulations.
The benefits of implementing an effective data loss prevention solution fall into two broad categories:
Ensuring compliance with laws and regulations is another significant benefit of implementing data loss prevention software. It is a clear and simple way to demonstrate your organization’s compliance with the following:
The most effective DLP software works invisibly in the background, enabling employees to work without interruption, but stepping in whenever necessary to prevent data loss. The best DLP software is also easy for IT security teams to manage.
Unfortunately, some DLP solutions have a number of legacy features that either fail to prevent data loss effectively, create too much noise for security teams, or are too cumbersome to enable employees to work unimpeded. Let’s take a look at some DLP methods and weigh up the pros and cons of each.
IT administrators can block certain domains associated with malicious activity, for example, “freemail” domains such as gmail.com or yahoo.com. Blacklisting entire domains, particularly for popular (if problematic) domains, is not ideal. There may be good reasons for communicating with someone using a freemail address – for example, if they are a customer, contractor or a potential client.
Some DLP software allows users to tag certain types of sensitive data. For example, you may wish to block activity involving any file containing a 16-digit number (which might be a credit card number). But this rigid approach doesn’t account for the dynamic nature of sensitive data. In certain contexts, a 16-digit number might not be associated with a credit card. Or an employee may be using credit card data for legitimate purposes.
Rules-based DLP uses “if-then” statements to block certain types of activity, such as “If an employee uploads a file of 10MB or larger, then block the upload and alert IT.” The problem here is that, like the other “data-centric” solutions identified above, rules-based DLP solutions often block legitimate activity and allow malicious activity to occur unchallenged.
Overcoming the limitations of these legacy features requires a more intelligent approach to risk assessment. This is where artificial intelligence and machine learning can deliver real benefits for end users, IT security teams and organizations as a whole.
Tessian Cloud Email Security uses machine learning technology to ‘learn’ how people, teams, and customers communicate in reality, and ‘understand’ the context behind every interaction with data. This advanced capability enables the system to intelligently prevent advanced email threats and protect against data loss.
By analyzing the evolving patterns of human interactions, machine learning DLP constantly reclassifies email addresses according to the relationship between a business and customers, suppliers, and other third parties. It enables organizations to strengthen data security and a build smarter security culture across the entire enterprise – without interrupting the day-to-day work of employees.
To find out more about using machine learning and artificial intelligence to help protect your organization’s data, please visit our website.
