Data Leak Prevention
Date:
By: Nigel Stanley
Classification: Market Update
Data leak prevention is the term used to
describe a system that is put in place to
stop the unauthorised loss of data outside
of the control of an organisation. Data loss
is a prevalent problem that has resulted in
significant reputational and legal issues for
many organisations. It is therefore desirable
to stop data leaking in the first place rather
than have to deal with the aftermath of a data
loss incident.
Data leak prevention and data loss prevention
are generally synonymous terms but data
loss prevention has also been used to
describe data encryption. The term extrusion
prevention is also used by some vendors to
describe data leak prevention.
Data leak prevention technologies can be
quite advanced as they need to determine
the validity of a piece of data being moved
from one place to another without stopping
legitimate business access to the data.
In some systems, analysis is undertaken of
the data traffic pattern over a period of time to
determine where data tends to originate and
terminate and which users are involved in the
process. It will also look at the mechanism
used to transfer the data, such as email,
USB, CD/DVD or any one of the many other
data transmission mechanisms. Data leak
prevention systems will often detect the
use of keywords during the attempted data
transmission, picking up on obvious candidate
terms such as “confidential” and “executive”
to indicate a potential leak.
Some solutions act at the network packet
level reviewing data as it passes through
the network. These systems will analyse a
particular file or set of data and determine if
its use is appropriate, rather than examining
explicit user behaviour.
Over time a data leak prevention solution
will often build up a comprehensive map of
data movements and be able to flag potential
violations. This flagging will often be in the
form of a message to the user telling them
that the data movement they are attempting
may be in violation of the data leak rules for an
organisation. The user may then be given an
opportunity to justify their action, sometimes by typing into a suitable dialog box, which can then be sent to a line manager for review.
Of critical importance to users is that the system does not become a burden and an obstruction to their normal work. In many cases the number of false positive or false negative activations may change over a period of time as the data leak prevention system learns what is acceptable behaviour for particular users or data sets.
Digital rights management (DRM) is starting to be used as a way of preventing data leaks. Often with a DRM solution, metadata is carried with a piece of data describing who may or may not have access to it. Using this technique, some vendors promote the notion of security travelling with a set of data wherever it goes.
An analysis of DRM vendors is outside the scope of this market update but some have been included where they have a complimentary data leak prevention offering.
A number of vendors also provide content inspection appliances to monitor data as it passes through a network. Where appropriate, these have also been included in this report when complimented by a data leak prevention offering.