Secure DLP = endpoint + network
Data leakage concerns have hit all time highs in 2007, a recent survey shows 71% of people fear a remote worker will lose their PII. 
Enterprises where quick to explorer Data Leakage Protection/Data Loss Prevention (DLP) products since 2003, however the software solutions where still being perfected then. These products seem to be have matured now and have hit main stream Enterprise deployments. Recently I had the opportunity to do security reviews on some of the products in the market. DLP products come in two flavors -
Endpoint DLP - A solution using agents installed on Enterprise workstations, laptops that sync up with a policy server/monitor on a regular basis for policy updates. The agents operate at the kernel level and from what I have seen seem difficult to terminate for your average office geeks. The agents work irrespective of network connectivity this allows policy enforcement while travelling or at home. Depending on the product’s features we have seen many offering device control (USB, iPod, Camera, Blackberry), application control, file share monitoring, content checking(eg. scanning word doc files for more than 5 instances of SSN)
Network DLP - A solution using appliance type devices with/without sensors installed on your network’s main traffic pipes. These appliances constantly scan the traffic and act more like proxies, allowing/monitoring traffic based on the policies defined. Web content filtering proxies have been for a while, while protecting web content well they do not work quite well with encrypted tunnels - HTTPS, SSH tunnels.
Based on my experiences with the security of these products just employing one solution over the other is not going to protect critical company and PII data from leakage. If you need a complete solution employ both network and endpoint security in your organization. Endpoint security policy should at a minimum allow only approved USB disks, monitor file copies to USB disk, do content check [block if SSN, block if financial statments]. Similarly use Network DLP to block file upload sites, popular email sites, block outgoing SSH tunnels. Most importantly do a third party security review of your deployment, the DLP product investment would be worthless if the agent can be turned off using task manager 
Secure DLP = endpoint + network
If your in the market for a DLP solutions some popular ones are : Symantec Vontu, McAfee DLP, Bit9 Parity, Patchlink Sanctuary, GuardingEdge DPP, more solutions here.
No related posts.
