CipherTechs helps their customers build Data Loss Prevention Programs in an effort to achieve milestones and complete long term security goals without compromising immediate security concerns.
Data Leakage (Loss) Protection (DLP) is a security monitoring tool utilized by Fortune 500 companies and SMB’s alike. The premise behind DLP is, “If you have something to protect, protect it….” DLP allows its operators to create policy, which analyzes multiple protocols in an effort to identify sensitive data in your environment. DLP is flexible and dynamic enough to learn how a business operates. With policy tuning and tweaking the organization can define what data they consider sensitive, what data they need to protect for compliance or regulatory purposes, and how they want to apply actions to prevent the loss from occurring.
HOW IT WORKS
There are three basic verticals, which DLP works to protect the organization from data loss.
- Data in Motion is the vertical which analyzes free flowing information either inbound or outbound from your environment. The organization is protected from malicious or suspicious activity being sent via email, posted to websites, or sent via FTP. Depending on the vendor, DLP will monitor all outbound egress points to protect the organization
- Data at Rest is how DLP will scan stagnant data in your environment. Organizations typically utilize this vertical when they aren’t sure where sensitive or regulatory information is being stored in their environment. The scanning features from DLP solutions allow scanning of different databases, file shares, and Network Attached Storage (NAS) servers. Controls can be applied to the data which has been identified as breaking policy such as, quarantining, encrypting, or removing.
- Data in Use is the third vertical and is typically deployed with a lightweight endpoint client. The goal of this vector is to provide DLP policy to those individuals who handle sensitive material on their host machines. Robust protocol monitoring of removable media, local storage, CD/DVD burning and printing can all be monitored and controlled depending on the vendor.
Some security products such as Antivirus or Web Proxies may contain what’s typically referred to as DLP Light. This sort of functionality is not a full blown DLP solution, but it does have a policy engine which will make an attempt to identify sensitive or suspicious data movement in the respected product.
CipherTechs also has the ability to customize their offerings to meet changing customer needs. DLP light vs full blown DLP Managed Service can be provided. DLP is an extremely important and intelligent tool in our customer’s security arsenal and CipherTechs is here ensure that it is being used effectively.
ARCHITECTURE & DEPLOYMENT
It is truly important to know the entirety of our customer’s environment when architecting a Data Loss solution. Knowing and understanding the potential loss points in a network will allow CipherTechs to recommend and deploy the most secure solution. Knowing existing solutions in the environment is also important. DLP will integrate with multiple security devices (SIEM, Email Gateway’s, Web Proxy’s, Cloud Security Applications, Encryption solutions, etc.) to help achieve an optimal security effectiveness.
POLICY, GOVERNANCE & SECURITY
The policy which is configured in DLP is where the organization is defining its most critical assets and sensitive data. A requirement capturing session should be conducted to identify which data is important to an organization. Interviews with key business stakeholders and operators alike will help identify the approved methods of data use within an organization and allow the DLP solution to highlight misuse or data loss.
Learning the business functions of our customers also allows CipherTechs to implement the compliance and regulatory policies (HIPAA, PCI, OFAC, ITEC, etc.), which are required by state and federal administrations (click here to learn more). Other security initiatives such as data classification or data ownership programs can also contribute to the effectiveness and accuracy of DLP policy. Furthermore, some DLP solutions will help with the classification itself.
CipherTechs always works through a detailed testing procedure on each policy they build to ensure its accuracy and effectiveness.
INCIDENT RESPONSE & HANDLING
Analyzing and responding to transactions which break DLP policy must be done quickly and in a manner associated with the level of severity for the respective policy. Determining the manner in which to respond is part of the interview process conducted when the policy is built, but further work must be done with the Security Team, Legal Team, and other necessary parties to ensure incident handling matches the customer desired level of protection.