Data Loss Prevention: definition and uses
Estimated reading time: 7 minutes
data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused or accessed by unauthorized users . DLP software classifies regulated, confidential and business critical data and identifies policy violations defined by organizations or within a predefined policy package. Default policies are typically dictated by regulatory compliance such as HIPAA, PCI-DSS, or GDPR.
Once these possible breaches are identified, DLP applies the “remedy” with warnings, encryption and other security actions . The goal is simple: prevent end users from accidentally or maliciously sharing data that could put your business at risk.
Data loss prevention software and tools monitor and control endpoint activities, filter data streams on corporate networks, and monitor data in the cloud to protect data at rest, in motion and in use. DLP also provides reports to meet compliance and auditing requirements. A very useful tool also for identifying areas of weakness and anomalies for incident response.
Do I need to use DLP tools?
data loss prevention addresses three main objectives that are common pain points for many organizations: personal information protection / compliance, intellectual property protection and data visibility.
Protection of personal information / compliance
Does your business collect and store personally identifiable information (PII), protected health information (PHI) or payment card information (PCI)? If so, you are more than likely subject to compliance regulations , such as HIPAA (for PHI) and GDPR (for EU residents’ personal data), which require you to protect your sensitive data. customers.
data loss prevention can identify, classify and label sensitive data and monitor the activities and events surrounding that data . In addition, the reporting capabilities provide the details needed for compliance audits.
Intellectual Property (IP) Protection
Does the company hold important intellectual property and trade or state secrets that could put your financial health and / or brand image at risk in the event of loss or theft? A DLP solution can classify intellectual property in both structured and unstructured form.
With policies and controls in place, you can protect against unwanted exfiltration of this data.
Is the company looking to gain additional visibility into data movement? A complete enterprise DLP solution can help you see and track your data across endpoints, networks, and the cloud. This will provide visibility into how individual users within your organization interact with data. As we have seen before when talking about social engineering , knowing how users behave is very useful. It is used to trace a basic profile and monitor that there are no anomalies that could indicate account compromise.
The ones listed above are primary use cases. But DLP can remedy a variety of other pain points including insider threats, user and entity behavior analysis, and advanced threats.
Why adopt data loss prevention?
In the Gartner Magic Quadrant for Enterprise DLP As of 2017, the total data loss prevention market was estimated to reach $ 1.3 billion in 2020. The size was approximately $ 2.64 billion. The DLP market is not new, but it has evolved to include managed services, cloud functionality, and advanced threat protection, among other things.
All of this, coupled with the increasing trend in large corporate breaches, has spurred the adoption of DLP as a means of protecting sensitive data. Here are nine trends driving DLP adoption.
Growth of CISOs
More and more companies are hiring Chief Information Security Officer (CISO) who report to the CEO. The latter want to know the strategic plan for the prevention of data leaks. data loss prevention tools provide clear value in this regard and give CISOs the reporting capabilities needed to provide regular updates.
Evolution of compliance requests
Global data protection regulations are constantly changing and every organization needs to be adaptable and prepared. In recent years, EU legislators have approved the GDPR . A similar event occurred in the US when New York State adopted the NYDFS Cybersecurity Regulation . These new regulations have both tightened data protection requirements. DLP solutions allow organizations the flexibility to evolve with changes in global regulations.
Increase of “places” where data are stored
Increasing use of the cloud, complicated supply chain networks, and other services over which you no longer have full control have made data protection more complex. Visibility of events and the context surrounding the data before it leaves the organization is important to prevent your sensitive data from falling into the wrong hands.
Frequency of data breaches
National state adversaries, cybercriminals and malicious insiders target your sensitive data for a variety of reasons, such as corporate espionage , personal financial gain and political advantage . Data loss prevention can protect against all kinds of adversaries, whether malicious or not .
In the past few years, there have been thousands of data breaches and many other security incidents. Billions of records were lost in gigantic data breaches such as: database misconfiguration which leaked nearly 200 million US voter records in 2015 , the violation of Equifax data that continued to grow , and the Yahoo breach affecting 3 billion users. These are just a few of the many headlines that underscore the need to protect your organization’s data.
The data value is very high
Stolen data is often sold on the Dark Web, where individuals and criminal groups can buy it and use it to their advantage. With some types of data sold up to thousands of dollars, there is a clear financial incentive for data theft.
There is more data to steal
The definition of what sensitive data is has expanded over the years. Sensitive data now includes intangibles, such as pricing models and business methodologies . From 1975 to 2015, the amount of intangible assets grew from 17% to 84% of the market value, according to a study by Ocean Tomo . These assets also hit a record $ 21 trillion in 2018. This means your business has a lot more data to protect and using data loss prevention could only help with that.
There is a shortage of specialized personnel
The security talent shortage won’t be resolved anytime soon, and there has probably already been an impact on your company. In fact, in a 2017 ESG and ISSA survey, 43% of respondents said their organizations were affected by the lack of skilled personnel . The shortage is worsening with 3.5 million unoccupied security positions expected by the end of 2021. Managed data loss prevention services act as remote extensions of your team to fill this gap of staff.
Adopt a SIEM to implement DLP
By now, a company’s highest value product is the data it manages. The risk of data exfiltration and consequent economic and image loss is just around the corner. It is easy to say that it is enough to protect your data, the reality is that it gets more complicated every day.
The places in which data are used and stored, the methods of access and consultation are increasing. Technology, in general, makes our life easier by exposing our data at the same time. Corporate infrastructures are no less, indeed, due to the very valuable nature of the data collected, they are subject to at a greater risk.
The adoption of an adequate security system is essential and the solutions available are many. We at SOD, speaking of data loss prevention , recommend adopting a SIEM which includes the tools necessary to implement techniques of DLP. For even better protection and more granular control of user data, the SOC as a Service also provides behavioral analysis performed by an artificial intelligence system ( UEBA ).
To find out how these services can help your business protect your data and infrastructure, do not hesitate to contact us, we will be happy to answer any questions.
Ethical hacking: defending knowing how to attack
Machine learning and cybersecurity: UEBA applications and security
Avoid Ransomware: That’s why it’s best not to take any risks
- The SOAR benefits: simplifying investigation and response
- Security Code Review: How the service works
- Integration of the automated response: the automations in SOCaaS
- Coordination between CTI and SOC: how to further raise the defenses
- New Cloud Server: redundant internet
- Quality certificate for the SOCaaS of SOD
- Managed Detection and Response: a new preventive approach
- CLUSIT: our collaboration for better services
- Backup as a Service (17)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- ICT Monitoring (5)
- Log Management (2)
- News (21)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (170)
- Cyber Threat Intelligence (CTI) (6)
- Ethical Phishing (8)
- Penetration Test (5)
- SOCaaS (55)
- Vulnerabilities (84)
- Web Hosting (15)
- PyPI's 2FA Requirements Don't Go Far Enough, Researchers Say June 2, 2023The Python Package Index will require developers to better secure their accounts as cyberattacks ramp up, but protecting the software supply chain will take more than that.
- 'PostalFurious' SMS Attacks Target UAE Citizens for Data Theft June 2, 2023SMS campaigns targeting members of the public in the United Arab Emirates have been detected.
- 'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting June 2, 2023A recent campaign tricks victims into visiting credential harvesting sites by hiding malicious URLs behind photos advertising deals from trusted brands.
- Streamers Ditch Netflix for Dark Web After Password Sharing Ban June 2, 2023Disgruntled users are pursuing offers for "full Netflix access" at steeply discounted rates.
- Want Sustainable Security? Find Middle Ground Between Tech & Education June 2, 2023The winning recipe for sustainable security combines strategic user education and tactical automation of well-constructed processes.
- Apple Zero-Days, iMessage Used in 4-Year, Ongoing Spying Effort June 2, 2023Russia's FSB intelligence agency says the zero-click attacks range far beyond Kaspersky, and it has blamed them on the United States' NSA. Those allegations are thus far uncorroborated.
- How CISOs Can Manage the Intersection of Security, Privacy, And Trust June 2, 2023Integrating a subject rights request tool with security and compliance solutions can help identify potential data conflicts more efficiently and with greater accuracy.
- DNB Strengthens its Network Security Posture and Productivity With Ericsson Security Manager Solution June 1, 2023
- Cyversity and United Airlines to Provide Cybersecurity Training Scholarships to Cyversity Members June 1, 2023Program designed to equip women and underrepresented individuals with the necessary skills and knowledge to succeed in cybersecurity.
- Tel Aviv Stock Exchange Selects CardinalOps to Reduce Risk of Breaches Due to Undetected Attacks June 1, 2023Enables financial services firm to operationalize MITRE ATT&CK with Splunk and eliminate detection coverage gaps based on organizational risk and priorities.
- [CVE-2023-29459] FC Red Bull Salzburg App "at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity" Arbitrary URL Loading June 2, 2023Posted by Julien Ahrens (RCE Security) on Jun 02RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: FC Red Bull Salzburg App Vendor URL: https://play.google.com/store/apps/details?id=laola.redbull Type: Improper Authorization in Handler for Custom URL Scheme [CWE-939] Date found: 2023-04-06 Date published: 2023-06-01 CVSSv3 Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVE: CVE-2023-29459...
- [RT-SA-2022-004] STARFACE: Authentication with Password Hash Possible June 1, 2023Posted by RedTeam Pentesting GmbH on Jun 01Advisory: STARFACE: Authentication with Password Hash Possible RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database […]
- CVE-2022-48336 - Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8) May 30, 2023Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48336 [+] Title : Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
- CVE-2022-48335 - Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90) May 30, 2023Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48335 [+] Title : Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
- CVE-2022-48334 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370) May 30, 2023Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48334 [+] Title : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
- CVE-2022-48333 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c) May 30, 2023Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48333 [+] Title : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
- CVE-2022-48332 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18) May 30, 2023Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48332 [+] Title : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
- CVE-2022-48331 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0) May 30, 2023Posted by Cyber Intel Security on May 301. INFORMATION -------------- [+] CVE : CVE-2022-48331 [+] Title : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0) [+] Vendor : Google [+] Device : Nexus 6 [+] Affected component : Widevine [+] Publication date : March 2023 [+] Credits : CyberIntel Team 2. AFFECTED VERSIONS -------------------- 5.0.0 […]
- SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer May 30, 2023Posted by Lennert Preuth via Fulldisclosure on May 30Title ===== SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-33255 Link ==== https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001/ Text-only version: https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txt Further SCHUTZWERK advisories: https://www.schutzwerk.com/blog/tags/advisories/ Affected products/vendor...
- [RT-SA-2023-005] Pydio Cells: Server-Side Request Forgery May 30, 2023Posted by RedTeam Pentesting GmbH on May 30For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response […]
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF
Copyright © 2011 Secure Online Desktop s.r.l. All Rights Reserved.