Human Layer Security Summit is back. Register now to save your spot.

What is Data Loss Prevention (DLP) – A Complete Overview of DLP

  • 23 October 2019

Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.

Organizations across industries invest in Data Loss Prevention (DLP) solutions to combat perennial security risks along with new challenges like GDPR and CCPA compliance. 

But, what is Data Loss Prevention (DLP), what are the benefits of implementing a DLP strategy, and how does DLP work?

  • What is Data Loss Prevention (DLP)?

    Data loss prevention (DLP) is a strategy put in place to ensure data isn’t lost, misused, or accessed by unauthorized users, specifically those outside of an organization. Generally speaking, rather than proactively defending against incoming cyberattacks, DLP software minimizes the risk of confidential or business-critical data (like company IP, credit card details, medical records, insurance details, tax records, and social security numbers) leaving an organization.

What is Data Loss Prevention (DLP)?

DLP software monitors different entry and exit points of a corporate network, such as user devices, email clients, servers, or gateways within the network to safeguard data in different forms, including data in motion, data in use, and data at rest. 

  • Data in motion refers to data that is sent and received over your network. 
  • Data in use refers to data that you are using in your computer memory. 
  • Data at rest refers to data that is stored in a database, file, or a server. 

If security software sees something suspicious, such as an email attachment containing credit card details or an attempt to print confidential documents, a predefined response will kick in. Most DLP software offers organizations the ability to block potentially risky communications or to simply flag the anomaly for administrators to follow up on.

Properly configured DLP allows organizations to block sensitive information while permitting non-sensitive communications to continue which means there is a range of benefits of DLP.

What are the benefits of DLP

There are three main problems solved by DLP:

  1. Satisfying compliance standards. With compliance regulations like GDPR, CCPA, and HIPAA dictating how data is handled in different industries and regions, it’s more important than ever that organizations monitor activity and events around Personally Identifiable Information (PII), Protected Health Information (PHI), or payment card information (PCI). Any breaches that compromise the security of this data could mean big fines for organizations. GDPR fines alone can equal up to 4% of a business’ annual turnover
  2. Keeping intellectual property in-house. While customer, client, or patient information must be protected by law, organizations have a vested interest in also protecting intellectual property like financial information, design or development plans, and information related to the overall structure of the business. DLP helps protect against data exfiltration attempts.
  3. Monitoring how data is used. Not all data incidents lead to data breaches. That’s why it’s important for organizations to have full visibility over how individual users are using and interacting with data. This way, administrators can potentially spot a bad leaver or insider threat before any data is exfiltrated. 

What are the different types of DLP?

DLP does more or less the same thing wherever it is deployed – it looks for sensitive information crossing boundaries. But different DLP solutions operate in different ways depending on which “perimeter” is being guarded.

There are three main types of DLP solutions: network DLP, endpoint DLP, and email DLP.

Network DLP

Network DLP protects data in motion by monitoring the traffic that enters and leaves the organization’s network. 

These solutions are mostly cloud-based and are designed to monitor network traffic between users and other endpoints connected through the Internet; every byte of data transmitted through a network will go through the cloud-based DLP solution. 

Like other DLP solutions, Network DLP can be customized to block custom defined data strings to prevent specific information from moving out of the network by blocking them. But, it can also be used to manage access to certain Uniform Resource Locators (URLs), prevent data or files being transferred to specific cloud storage, and block viruses and malware that are traversing the network.

Endpoint DLP

Endpoint DLP protects data in use on employee’s devices (computers, mobile phones) by preventing unauthorized access. How? By ensuring information isn’t taken off work devices and sent or copied to unauthorized devices by allowing or denying certain tasks to be performed on the computer. 

It is also able to detect and block viruses and other malware that could be transferred into your computer system from external sources. 

Universal Serial Bus (USB) blocking is one of the most popular methods used in endpoint DLP, because viruses can be replicated using USB storage, and once a USB flash drive is connected to a computer, the virus can be transmitted to the computer system. 

Email DLP

Email continues to be the most critical risk factor of data loss with both inbound and outbound traffic posing security threats

To protect data, Email DLP monitors, tracks, and filters emails sent back and forth through the email client and checks every communication. 

Inbound email DLP solutions monitor emails for certain keywords to identify phishing scams, spear phishing attacks, ransomware, or malware. It also quarantines any suspicious email message that contains specific types of data. Outbound email DLP, on the other hand, can be set up to check for misdirected emails,unauthorized emails, or sensitive data to prevent critical information moving out of an organization’s network.

Do I need a DLP solution?

Every company is different, but those handling sensitive information – especially from third-parties – will want to consider implementing a DLP solution in order to maintain customer or client trust and satisfy compliance standards. Larger organizations may want to secure every point as part of a layered defense, while smaller companies with limited IT budgets may decide to focus on their single biggest risk. 

For many, this is email.

Not only are misdirected emails one of the most common breaches reported under GDPR, but 90% of data breaches start on email. To learn more about why it’s so important to focus on email, read our Ultimate Guide to Human Layer Security.

How does DLP work?

Traditionally, DLP software has been built around creating long lists of rules and extensive manual tagging. Once set up, it can then monitor the flow of data through different parts of the network, to look for anything sensitive crossing a boundary.

Administrators can create policies to dictate “if x happens, then do y.” These rules should be specific to your organization. For example, a rule may forbid sensitive information being sent to a “freemail” email account or any non-whitelisted third parties.

Unfortunately, though, rule-based DLP has limitations. IT and security teams are tasked with not only creating but also maintaining long lists of rules and employees are often exposed to high flag rates that impede on their productivity.

That’s why Tessian takes a different approach.

How does Tessian prevent data loss?

Tessian uses machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior.

Our machine learning models analyze email data to understand how people work and communicate. They have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. And they continue to adapt and learn as human relationships evolve over time.

This enables Tessian Guardian to look at email communications and determine in real-time if particular emails look like they’re about to be sent to the wrong person. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network.