DLP to Analyse System Events and Prevent Data Loss

To date, the DLP system is one of the fastest growing information security tools.

DLP, what it means and how it work?

Before talking about the DLP market, it is important to clarify the meaning of these solutions. By DLP systems, we normally understand software that prevents businesses from losing sensitive data. The abbreviation DLP stands for Data Leak Prevention

These systems create a digital security framework around businesses and analyze all outgoing and inbound information. The check should include not only Internet traffic, but also various other information flows: documents on external devices outside the protected security circuit, documents printed or sent to mobile devices via Bluetooth, etc.

Because DLP systems prevent leakage of sensitive information, they must have built-in mechanisms to determine the level of confidentiality of the detected document. There are usually two methods: by analyzing the contents of documents, and secondly by document markers. Currently, the first option is no longer available because it resists changes to the document before it is sent, and it easily increases the number of sensitive documents that the system can work with.

Additional DLP tasks

In addition to preventing information leaks, DLP systems can also solve various other tasks of controlling the activities of employees. In most cases, DLP systems resolve the following non-core tasks:

• Keep a tab on employees work time and resources.
• Controlling employee communications to identify infiltration conflicts that can harm businesses.
• Control the actions of employees from a legal point of view like prevention of document printing of false documents, etc.
• Identify employees who send their resume to find a new job.

Since companies consider controlling the use of working time are more important than data leakage protection, there are several programs specifically designed for this purpose. In some cases, they can protect businesses against leakage. Unlike full-fledged DLP systems, these programs do not have advanced tools for analyzing captured data. This must be done manually by an IT expert, suitable only for small businesses.

DLP Classifications

Based on the number of features, all DLP systems can be divided into several major classes. Regarding the possibility of blocking the information identified as confidential, there are systems with active and passive control of the actions of the user.

Unlike Active DLP system, passive DLP does not have this feature where it can block transmitted information. Previous systems are much better at combating accidental data leaks, but can inadvertently suspend business processes. These are reliable, but are only suitable for avoiding systematic leaks.

Another classification is based on their network architecture. DLP Gateway systems run on intermediate servers, while host systems use agents working directly on the employees’ workstations. Today, the shared gateway is the most common option that is used.

DLP market

Currently, the main players in the global DLP market are companies known for their information security products. These are Comodo, TrendMicro, MacAfee, Kaspersky, Symantec etc. The total volume of the global DLP market is estimated at $ 400 million, which is small compared to the antivirus market. Nevertheless, the DLP market is growing strongly.

Trends and Prospects

According to the experts, the main trend is the transition from “patched” systems, which consist of components from different manufacturers and solve different tasks, to unique integrated software suites. The reason is obvious: complex integrated systems relieve IT security experts of the need to solve the compatibility problems of the various components of the “patched” system. These systems also enable IT, professionals, to easily change the settings of a large number of client workstations and streamline the transfer of data from one component to another in an integrated system. Developers also choose embedded systems because of the special nature of information security tasks. If you leave at least one uncontrolled leakage channel, you cannot talk about enterprise security.

Another important trend is the gradual transition to a modular structure. This means that a customer can independently select the required components, it can be customized. The specificity of the industry will also play an important role in the development of DLP systems. For example, we can expect the release of special versions designed specifically for the banking sector, government institutions, etc.