Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.
Let’s get straight to it and answer your questions.
Data loss prevention (DLP) is a strategy that businesses use to keep their data safe. DLP solutions detect and flag or block any event that might result in the loss, theft, or exfiltration of a company’s data.
Put simply, DLP software monitors different entry and exit points (examples below) to “look” for data and keep it safe and sound inside the organization’s network.
A properly configured DLP solution can detect when sensitive or important data is leaving a company’s possession, alert the user and, ultimately, stop data loss.
A DLP solution has three main jobs. DLP software:
Those entry and exit points we mentioned earlier include:
Different types of DLP solutions are required to safeguard data in these environments.
DLP software can monitor and safeguards data in three states:
There are three main types of DLP software designed to protect data in these different states.
Network DLP software monitors network traffic passing through entry and exit points to protect data in motion.
Network DLP scans all data passing through a company’s network. If it’s working properly, the software will detect sensitive data exiting the network and flag or block it while allowing other data to leave the network unimpeded where appropriate.
Network administrators can customize network DLP software to block certain types of data from leaving the network by default or—by contrast—whitelist specific file types or URLs.
Endpoint DLP monitors data on devices and workstations, such as computers and mobile devices, to protect data in use. The software can monitor the device and detect a range of potentially malicious actions, including:
Such actions might be completely harmless—or they might be an attempt to exfiltrate confidential data. Effective endpoint DLP software (but not all endpoint DLP software) can distinguish between suspicious and non-suspicious activity.
Email is the primary threat vector for most businesses, and the threat vector most security leaders are concerned about locking down with their DLP strategy.
Email represents a potential route straight through your company’s defenses for anyone wishing to deliver a malicious payload. And it’s also a way for insiders to send data out of your company’s network—whether by accident or on purpose.
Email DLP can therefore protect against some of the most common and serious causes of data loss, including:
Almost certainly. DLP is a top priority for security leaders across industries and DLP software is a vital part of any organization’s security program.
Broadly, there are two reasons to implement an effective data loss prevention solution:
Want to learn more about how and why other organizations are leveraging DLP? We explore employee behavior, the frequency of data loss incidents, and the best (and worst) solutions in this report: The State of Data Loss Prevention.
Now let’s look at the practical ways DLP software can benefit your business.
There are 4 main benefits of data loss prevention, which we’ll unpack below:
External security threats are often the main driver of a company’s cybersecurity program—although, as we’ll see below, they’re far from the only type of security threat that businesses are concerned about.
Here are some of the most significant external threats that can result in data loss:
DLP can prevent these external threats by preventing malicious actors from exfiltrating data from your network, storage, or endpoints.
Malicious employees can use email to exfiltrate company data. This type of insider threat is more common than you might think.
Verizon research shows how employees can misuse their company account privileges for malicious purposes, such as stealing or providing unauthorized access to company data. This problem is most significant in the healthcare and manufacturing industries.
Why would an employee misuse their account privileges in this way? In some cases, they’re working with outsiders. In others, they’re stealing data for their own purposes. For more information, read our 11 Real Examples of Insider Threats.
The difficulty is that your employees often need to send files and data outside of your company for perfectly legitimate purposes.
Thankfully, next-generation DLP can use machine learning to distinguish and block suspicious activity—while permitting data to leave your network where necessary.
Human error is a widespread cause of data loss, but security teams sometimes overlook it.
Tessian platform data bears this out. In organizations with 1,000 or more employees, people send an average of 800 misdirected emails every year.
Misdirected emails take many forms. But any misdirected email can result in data loss—whether through accidentally clicking “reply all”, attaching the wrong file, accepting an erroneous autocomplete, or simply spelling someone’s email address wrong.
Governments are more and more concerned about data privacy and security. Data protection and cybersecurity regulations are increasingly demanding—and failing to comply with them can incur increasingly severe penalties.
Implementing a DLP solution is an excellent way to demonstrate your organization’s compliance efforts with any of the following laws and standards:
Bear in mind that, in certain industries, individual customers and clients will have their own regulatory requests, too.
We’ve looked at the huge benefits that DLP software can bring your organization. But does DLP actually work? Some, but not all.
Effective DLP software works seamlessly in the background, allowing employees to work uninterrupted, but stepping in to prevent data loss whenever necessary. Likewise, they’re easy for SOC teams to manage.
Unfortunately, legacy features are still present in some DLP solutions, that either fail to prevent loss effectively, create too much noise for security teams, or are too cumbersome to enable employees to work unimpeded.
Let’s take a look at some DLP methods and weigh up the pros and cons of each approach.
IT administrators can block certain domains associated with malicious activity, for example, “freemail” domains such as gmail.com or yahoo.com.
Blacklisting entire domains, particularly popular (if problematic) domains, is not ideal. There may be good reasons to communicate with someone using a freemail address—for example, if they are a customer, contractor, or a potential client.
Some DLP software allows users to tag certain types of sensitive data.
For example, you may wish to block activity involving any file containing a 16-digit number (which might be a credit card number).
But this rigid approach doesn’t account for the dynamic nature of sensitive data. In certain contexts, a 16 digit number might not be associated with a credit card. Or an employee may be using credit card data for legitimate purposes.
Rule-based DLP uses “if-then” statements to block types of activities, such as “If an employee uploads a file of 10MB or larger, then block the upload and alert IT.”
The problem here is that, like the other “data-centric” solutions identified above, rule-based DLP often blocks legitimate activity and allows malicious activity to occur unimpeded.
Machine learning DLP software like Tessian’s Human Layer Security platform is a “human-centric” approach to data loss prevention.
Here’s how it works: machine learning technology learns how people, teams, and customers communicate and understands the human context behind every interaction with data.
By analyzing the evolving patterns of human interactions, machine learning DLP constantly reclassifies email addresses according to the relationship between a business and customers, suppliers, and other third parties.
Was this article helpful? Subscribe for our weekly blog digest to get more insights into DLP, spear phishing, and other cybersecurity related topics.