Content Copyright © 2009 Bloor. All Rights Reserved.
In March 2009 Bloor Research released a Market Update on the
subject of Data Loss Prevention.
The current stress in the worldwide economy has manifested
itself in many ways. As well as macro economic upheaval and the challenges it
presents the public and private sector more practical and localised issues are appearing,
including the increase risk to businesses of data loss.
Previous work at Bloor Research has underpinned the
significance of the inside threat to data loss. Whilst this problem has often
been attributed to the “incompetent and non-malicious” user releasing data by
mistake the increasing numbers of disaffected white collar knowledge workers
being made redundant is seeing an increase in “competent and malicious” data
Publicity surrounding significant data loss incidents over
the past year have brought the issue to the fore. Senior politicians have
become embroiled in public sector episodes as much as private sector company
directors. Clearly data loss can be summarised in one word – risk, and it is up
to security professionals to work with the business to mitigate this risk be it
to shareholder value, reputation or personal embarrassment.
Data protection often starts with the creation of IT
security policies through to user education and the deployment of supporting
Data leak prevention can play a significant part in this
data protection as it prevents unauthorised data leaving an organisation’s
endpoints. It does this using a variety of techniques including key word
matching, traffic pattern analysis, network monitoring and file tracking.
Although no data leak prevention vendor would ever guarantee 100% of all leaks
would be prevented a solution such as this can form a major part of an
organisation’s security strategy.
Many organisations are combining data leak prevention with
data encryption so that if any significant data does leave the organisation it
will remain encrypted and therefore unusable to anyone other than an authorised
recipient. This combined approach of leak prevention and encryption is referred
to as Enterprise Data Protection and is subject to another market update from
Data leak prevention and data loss prevention are generally
synonymous terms but data loss prevention has also been used to describe data
encryption. The term extrusion prevention is also used by some vendors to describe data leak prevention.
Data leak prevention technologies can be quite advanced as
they need to determine the validity of a piece of data being moved from one
place to another without stopping legitimate business access to the data.
In some systems analysis is undertaken of the data traffic
pattern over a period of time to determine where data tends to originate and
terminate and which users are involved in the process. It will also look at the
mechanism used to transfer the data such as email, USB, CD/DVD or anyone of the
many other data transmission mechanisms. Data leak prevention systems will
often detect the use of keywords during the attempted data transmission picking
up on obvious candidate terms such as “confidential” and “executive” to
indicate a potential leak.
Some solutions act at the network packet level reviewing
data as it passes through the network. These systems will analyse a particular
file or set of data and determine if its use is appropriate rather than
examining explicit user behaviour. Over time a data leak prevention solution
will often build up a comprehensive map of data movements and be able to flag
potential violations. This flagging will often be in the form of a message to
the user telling them that the data movement they are attempting may be in
violation of the data leak rules for an organisation. The user may then be
given an opportunity to justify their action, sometimes by typing into a
suitable dialog box, which can then be sent to a line manager for review. Of
critical importance to users is that the system does not become a burden and an
obstruction to their normal work. In many cases the number of false positive or
false negative activations may change over a period of time as the data leak
prevention system learns what is acceptable behaviour for particular users or
Digital rights management (DRM) is starting to be used as a
way of preventing data leaks. Often with a DRM solution meta data is carried
with a piece of data describing who may or may not have access to it. Using
this technique some vendors promote the notion of security travelling with a
set of data where ever it goes. An analysis of DRM vendors is outside the scope
of this market update but some have been included where they have a
complimentary data leak prevention offering.
A number of vendors also provide content inspection
appliances to monitor data as it passes through a network. Where appropriate
these have also been included in this report when complimented by a data leak
The Market Update is available free of charge at BloorAnswers.com and features a number of vendors including;
- Sophos (Utimaco)
- FrontRange Solutions
- GTB Technologies
- Tumbleweed Communications
- Fidelis Security Systems
- Lumension Security
- Code Green Networks
- CA (Orchestria)