In an age of strong data privacy laws like GDPR and CCPA, data loss prevention (DLP) technology is becoming a critically important IT security tool.
Every organization has data, and some of that data is more sensitive than others. Sensitive data can include personally identifiable information (PII) that can impact user privacy. Sensitive data also includes payment and financial information that could lead to identity theft and fraud if the data is lost or stolen and winds up in the wrong hands. Other critical sources of data include intellectual property (IP) and trade secrets.
How DLP Works
DLP technology provides a mechanism to help protect against sensitive data loss—and thus could also be something of a mitigating factor when dealing with compliance agencies in the wake of a data breach. As such, DLP has become a top IT spending priority in many organizations.
By classifying data and users and identifying or blocking anomalous behavior, DLP tools give enterprises the visibility and reporting needed to protect sensitive data and satisfy compliance reporting requirements.
Key DLP Trends
A number of trends are all driving an increase in DLP adoption and strategic importance – and in some cases changing how DLP is delivered and deployed.
The Great Resignation
Businesses are currently struggling with the number of workers leaving for alternate employers. Often leaving with them is the sensitive data that fuels the business. Whether intellectual property or regulated data, employee flight creates a situation where data loss or theft is more prevalent and more costly.
Hybrid Work Model
Prior to the COVID-19 pandemic, the common model was to have the vast majority of employees within the office and in a controlled technology environment. That model has flipped in favor of remote work and won’t likely ever fully return to the way it was. More workers in more locations means more sensitive data in more locations – and more potential points of data leakage.
Cybersecurity Talent Shortage
Hiring, training, and retaining the staff needed to effectively run an information security program can be a challenge for any size business given the cybersecurity talent shortage. Relying on a third party like a managed security service provider (MSSP) to be your eyes and ears delivers the simplicity and efficacy needed for an effective data protection program. Like other security defenses, DLP is also increasingly being offered as a service.
Cloud Security Platform Delivery
The cloud delivery model has proven itself to be efficient and often more secure than what companies can deliver on-premises relying on their own resources. Cloud-delivered DLP, or DLP as a Service, eliminates the complexity and overhead that can burden IT teams.
Organizations rely on an ever-increasing stack of security vendors. This increase in vendors leads to excess complexity – and often reduced information security. Consolidating internal and external data protection programs with a single solution delivers a simplified view that analysts can use to achieve their main goal, which is to protect sensitive data.
IDC estimates that by 2025, 463 exabytes of data will be created every single day. Information security teams have a rapidly expanding challenge to find, understand, and protect all that data. Whether it be on the endpoint, in the cloud, or somewhere in between, data protection programs are a critical piece of the solution to stop data loss or theft.
Customers and companies are moving away from the registration model. Maintaining spreadsheets with millions of rows to identify PII is too difficult to maintain and secure, especially as customers are moving to a profiling mode of operation.
Also read: Top GRC Tools & Software
There are a number of key capabilities that the top DLP products and services support.
- Cloud: The DLP market, much like the broader IT market, has been shaped in recent years by the rise of the cloud. No longer is enterprise data confined to on-premises deployment. DLP solutions therefore must monitor sensitive data in the cloud.
- Privacy compliance: With GDPR, CCPA, and other data privacy regulations on the rise, DLP has become a useful tool for helping organizations protect customer privacy.
- Data labeling: DLP tools have long enabled users to self-assess and identify what types of data should be protected.
- Machine learning: Among the latest advances in DLP is machine learning capabilities that automatically identify potentially sensitive information, so it can be protected.
How to choose a DLP solution
When choosing a DLP technology or services, there are several key considerations organizations must take into account, including:
- Scope: Where is the data that needs to be protected, and does the solution you’re looking at have full visibility into those deployments?
- Compliance: If the DLP service is being used to help enable regulatory compliance, be aware of integration with GRC (governance, risk, and compliance) tools.
- Reporting: It’s important for some organizations to have visibility and reporting into what data is protected and how it is being accessed, particularly for compliance purposes.
8 Top DLP Solutions
Jump ahead to:
After reviewing the market for DLP solutions, here are eSecurity Planet’s top picks for DLP.
The Digital Guardian Data Protection Platform by HelpSystems, powered by AWS, performs on traditional endpoints, across the corporate network, and on cloud applications, making it easier to see and block threats to sensitive information.
Cloud-delivered means simplified deployment, cross platform coverage for no gaps, and flexible controls to stop risky behavior. And available either as a software-as-a-service (SaaS) or managed service deployment, Digital Guardian gives deployment flexibility.
- Digital Guardian supports both a use case-based approach (known data types or user groups) or a data risk discovery approach (identifying unknown use cases).
- Users can gain visibility into their data by seeing where sensitive data is located, how it flows in the organization, and where it is put at risk, all without policies.
- Users can benefit from rapid deployment, reduced overhead, and instant scalability.
- DLP coverage is available for all endpoints, browsers, and apps.
- Controls are able to align data protection programs with business needs. These controls include log, alert, prompt, block, and encryption.
- The platform can be deployed as a fully managed security service program (MSSP) with a 24/7 global analyst team.
- Users can discover, classify, and protect data throughout the extended enterprise via an endpoint agent that can be installed on Windows, Mac, or Linux machines or a network appliance, either physical or virtual.
- All data-centric events collected are reported up to the Analytics & Reporting Cloud (ARC). This web-based console, powered by AWS, correlates and analyzes system, user, and data events from endpoint agents and network appliances to provide the visibility and context to identify and remediate insider and outsider threats.
- Digital Guardian provides intellectual property and regulated data protection.
Fidelis Network gives a clear picture of bi-directional, encrypted traffic along with its context, all in one place. Deep Session Inspection technology extracts metadata and monitors 300+ different attributes.
In addition, Fidelis can retrospectively detect and investigate threats and stop sessions that violate policies with details about who is sending and receiving data and what type of data is being sent. As an integrated feature of a larger security stack, Fidelis DLP provides increased data visibility, protects intellectual property, and ensures compliance.
- Fidelis offers visibility into all ports and protocols.
- Users can analyze encrypted traffic and detect anomalies within that traffic.
- Fidelis enables users to inspect objects, text, and attributes buried deep in layers of applications, archives, or compression.
- Custom file decoders extract text and attributes from PDFs, MS Office files, etc.
- Decrypt for deeper analysis to detect malware on the wire, encrypted attacker communications, data theft, and insider threat; inspect; and re-encrypt traffic without slowing down network traffic.
- Understand what’s moving across the network, how it’s moving, and who is seeing it.
- Prevent data theft or unauthorized sharing.
- Fidelis provides a flexible and customizable policy engine.
- A prevention capability is available even in real-time sensors, including prevention by hash, using partial file matching.
- The platform offers an extensive list of profiling in addition to data registration processes. By using profiling, Fidelis customers can sufficiently describe the data rather than painstakingly collecting the data.
- PII profiling is covered by a multivariate data analysis technique that detects violating data without creating huge lists.
- Email handling with bi-directional quarantine blocks threats coming in and sensitive data going out.
Check Point Data Loss Prevention (DLP) combines technology and processes to move businesses from passive detection to active DLP.
Data classification integrates user, content and process information to make accurate decisions, while UserCheck empowers users to remediate incidents in real time. Check Point’s network-based DLP solution frees IT and security personnel from incident handling and educates users on proper data handling policies—protecting sensitive corporate information from both intentional and unintentional loss.
- Deploy predefined policy in monitor mode in a few minutes.
- Track and control the movement of sensitive data in the organization.
- Stay compliant with regulations and industry standards.
- Educate users on proper data handling policy.
- Check Point has two options for securing data: Content Awareness and a full-featured DLP.
- Choose from 60+ or 700+ predefined data content types for PII, PCI, HIPAA, and more.
- Customize predefined data types or create new ones as needed.
- Customizable, multi-language user notifications are available.
- Inspect and control SMTP, FTP, HTTPS webmail, and Exchange traffic.
- Harmony Cloud Email Security secures Office 365 and Google Workspace applications.
- DLP is integrated directly into Check Point security gateways and firewalls, and they also check SSL/TLS encrypted data to prevent data loss.
Clumio Protect & Discover offers backup and recovery for AWS, VMC, and Microsoft 365. It simplifies and automates AWS data protection for Amazon S3, EC2, EBS, and RDS; SQL Server on EC2; DynamoDB; VMware Cloud on AWS; and Microsoft 365.
- Ransomware protection is offered with air-gap backups that are immutable and end-to-end encrypted.
- Meet compliance requirements with global policies and protection groups.
- Restore data in minutes with granular, one-click recovery to reduce RTO (recovery time objectives).
- Get real-time visibility and recommendations to reduce data risks and stay on top of AWS backup spend.
- Validate defined RPO (recovery point objectives) across all accounts to ensure compliance on recovery points.
- With all backup and recovery management and optimization in one easy-to-use place, IT teams can spend less time on AWS backup and focus more on strategic initiatives.
- Backups in Clumio SecureVault are stored outside of AWS accounts by default so no additional actions are needed to protect backups from malicious attacks.
- Clumio backups are immutable; they cannot be changed, and there is no delete button.
- Centralized dashboards and reports plus calendar view, global search, and browse functionalities make it easy to see data and customize protection.
- Lifecycle management rules allow users to automate and streamline backup plans.
Trellix – formed from the merger of McAfee Enterprise and FireEye – remains tightly coupled with its former cloud business, Skyhigh Security, in the area of DLP. Trellix Data and User Security provides DLP features such as real-time visibility and security of data, protecting against data leakage through dynamic access adjustment, intelligent threat identification, and automated response.
- The platform protects data everywhere.
- Trellix provides continuous data security from any device with multi-vector DLP.
- Data is deployed and updated with a zero-trust approach.
- Applies AI (artificial intelligence)/ML (machine learning) insights at scale to identify anomalous user behavior (UEBA), while also automating and simplifying data access policy orchestration.
- Trellix Data and User Security adapts across the enterprise.
- Threat research is combined with intelligent automation to adapt to new risks, allowing you to flexibly address ever-growing data security needs.
Code42 plays in the DLP market yet believes DLP isn’t the answer. Instead, it advocates a risk-based approach via its Incydr solution. It monitors all the places data lives to identify when files move outside the trusted environment.
- Code42 prioritizes the highest risk employee activity using 60+ contextual Incydr Risk Indicators (IRIs).
- Watchlists allow you to programmatically protect data when files are most at risk, such as during employee departure.
- A range of controls are available to contain, resolve, and educate on events via Incydr Flows and SOAR.
- The platform acts as a cross-platform endpoint agent for Windows, Mac, and Linux.
- Incydr Exfiltration Detectors are available for cloud (OneDrive, Google Drive, Box), email (Office365 and Gmail), and Salesforce.
- Tailored views identify data exposure, training gaps, and corporate policy.non-compliance as well as measure program performance company-wide.
- Prioritizes the risks that need immediate attention through contextual risk scoring based on file, vector, and user characteristics and behaviors.
- Automates management workflows and get focused visibility into file activity for a subset of users who are more likely to put data at risk, such as departing employees.
- Investigates event details and custom query a comprehensive, cloud-based index of activity metadata without putting strain on employee devices.
- Documents and retains investigation evidence for malicious and high-impact incidents, and creates reports for key stakeholders.
Forcepoint DLP offers tools to manage global policies across every major channel, whether it is an endpoint, network, cloud, web, or email. Predefined templates, policies, and streamlined incident management, among other features, enable organizations to address risk by bringing visibility and control where people work and data resides.
- Meet and maintain compliance with more than 1,500 predefined templates, policies, and classifiers applicable to the regulatory demands of 83 countries.
- Locate and remediate regulated data with network, cloud, and endpoint discovery.
- Take advantage of central control and consistent policies across all channels.
- Coach employees to make smart decisions, using messages that guide user actions, educate employees on policy, and validate user intent when interacting with critical data.
- Securely collaborate using policy-based auto-encryption that protects data as it moves outside the organization.
- Automate data labeling and classification by integrating with third-party data classification solutions (e.g., Microsoft Azure Information Protection, Boldon James).
- Identify data at rest, in motion, and in use with Forcepoint DLP.
Proofpoint Endpoint DLP takes a people-centric approach to protecting data. It provides integrated content awareness and behavioral and threat awareness, which gives granular visibility into user interactions with sensitive data. In addition, Proofpoint Endpoint DLP offers the ability to detect, prevent, and respond to data loss incidents in real time.
- Simplifies response for data-loss incidents and out-of-policy violations.
- Identifies risky user behavior and sensitive data interaction.
- Detects and prevents insider-led security incidents and data loss from endpoints.
- Proofpoint Endpoint DLP extends the capabilities of the Proofpoint Information and Cloud Security platform to the endpoint.
- Visibility and context into user and data activity is available.
- Proofpoint Endpoint DLP simplifies deployment with a pure SaaS back end and lightweight endpoint agent architecture.
- The platform collects telemetry on user interactions with data.
Read next: Best Incident Response Tools and Software