Understanding Data Loss Prevention Techniques

Feb 6, 2025

View transcript

Lecture Notes: Data Loss Prevention (DLP)

Introduction to DLP

  • Definition: DLP stands for Data Loss Prevention or Data Leak Prevention.
  • Purpose: Prevents the loss or unauthorized dissemination of confidential and sensitive information.
  • Channels: Protects data from being transferred via email, web, cloud storage, instant messaging, etc.

Functions of DLP

  • Classification: Identifies which documents are considered confidential.
  • Policy Enforcement: Ensures that classified documents are not inappropriately shared or transferred.
    • Prevents data loss, not just notifications.

Methods for Implementing DLP

  1. Manual Implementation: Suitable for small companies; limited to classification.
  2. On-Premises Box: Monitors network traffic for sensitive data.
  3. Cloud Service: Easier for cloud-based infrastructures (e.g., Office 365, Gmail).
  4. Host Agents: Installed on user devices to monitor actions involving sensitive files.
    • Effective for USB data exfiltration.
    • Client-side implementation often considered best.

Server-side vs. Client-side

  • Server-side: Uses proxy devices to intercept and analyze traffic.
    • Issues with decryption and privacy.
  • Client-side: Involves more administrative overhead but provides direct monitoring.

DLP Policy Configuration

  • Includes a policy server or management dashboard.
  • Configures actions such as scanning, blocking, notifying, quarantining, and tombstoning.
  • Integrates with content or document management systems.

DLP Solutions Examples

  • Digital Guardian
  • Office 365 DLP
  • Symantec

Classification Methods for DLP

  • File Tags: Tags files as confidential.
  • Dictionary: Searches for keywords or patterns indicating sensitive data.
  • Templates: Predefined policies for regulatory needs (e.g., HIPAA, GDPR).
  • Exact Data Match (EDM): Uses hashed values to match sensitive information.
  • Document Matching: Provides samples of documents that shouldn’t be shared.

Actions in DLP

  • Block: Prevents data transfer.
  • Notify: Alerts users to sensitive data handling mistakes.
  • Quarantine: Isolates unauthorized accessed files.
  • Tombstone: Replaces files with placeholders after policy violations.

Challenges and Considerations

  • EDM: Difficult to implement but reduces false positives.
  • Document Matching: Susceptible to format changes.
  • Unintentional Data Leakage: Not all exfiltration is malicious.

Summary

  • Exam Preparation: Understand DLP’s purpose, methods, rules, and automatic responses.

Conclusion

  • Upcoming topic: Endpoint Security
  • Reminder to like and subscribe.

Full transcript