Every organization has data, and some of that data is more sensitive than others. Sensitive data can include personally identifiable information (PII) that can impact user privacy. Sensitive data also includes payment and financial information that could lead to identity theft and fraud if the data is lost or stolen and winds up in the wrong hands.
DLP technology provides a mechanism to help protect against sensitive data loss — and thus could also be something of a mitigating factor when dealing with compliance agencies in the wake of a data breach. As such, DLP has become a top IT spending priority.
There are a number of key capabilities that the top DLP products and services support.
- Cloud: The DLP market, much like the broader IT market, has been shaped in recent years by the rise of the cloud. No longer is enterprise data confined to on-premises deployment. DLP solutions therefore must monitor sensitive data in the cloud.
- Privacy compliance: With GDPR, CCPA and other data privacy regulations on the rise, DLP has become a useful tool for helping organizations protect customer privacy.
- Data labeling: DLP tools have long enabled users to self-assess and identify what types of data should be protected.
- Machine learning: Among the latest advances in DLP is machine learning capabilities that automatically identify potentially sensitive information so it can be protected.
How to choose a DLP solution
When choosing a DLP technology or services, there are several key items for organizations to consider.
- Scope: Where is the data that needs to be protected, and does the solution you’re looking at have full visibility into those deployments?
- Compliance: If the DLP service is being used to help enable regulatory compliance, be aware of integration with GRC (governance, risk and compliance) tools.
- Reporting: It’s important for some organizations to have visibility and reporting into what data is protected and how it is being accessed, particularly for compliance purposes.
Top DLP products
In the cloud computing era, there are a number of services that are purpose-built for a specific public cloud use-case. Some organizations may choose to use a combination of different DLP services to get the best coverage.
In this eSecurity Planet top companies list, we spotlight the vendors offering the top DLP tools and services.
Value proposition for potential buyers: Check Point’s DLP technology is available as part of the company’s Infinity architecture offering that runs on hardware gateways. It’s a good option for organizations that have already deployed Check Point hardware.
- A key differentiator for Check Point is its ability to also check SSL/TLS encrypted data via the gateway to help protect against data loss.
- Another interesting feature is the alerting capability that warns and educates users about sensitive data use and potentially dangerous actions that could lead to data loss.
- Data can be tracked as it traverses an enterprise across file sharing services as well as email.
- Data labeling is handled via Check Point’s proprietary MultiSpect data classification engine that combines users and content to better understand sensitive data risks.
Value proposition for potential buyers: Code42 provides DLP across both endpoints and the cloud for organizations of all sizes, with a strong focus on forensic investigation capabilities.
- A key differentiator for Code42 is the platform’s continuous monitoring that tracks data creation and movement across local systems and from on-premises into the cloud.
- The threat hunting capability in Code42 is particularly strong, with an ability to investigate potential threads with extensive file details and up to 90 days of user history.
- Going a step further, security teams can also identify if a file was deleted, and then recover the lost or stolen data.
Value proposition for potential buyers: Digital Guardian is a purpose-built DLP platform that also incorporates user and entity behavior analytics (UEBA) to help limit the risks of data loss.
- Digital Guardian provides a cloud based platform for DLP that includes an endpoint agent for on-premises devices, as well as a network appliance that can be used to protect an entire network.
- A key differentiator for Digital Guardian is the the platform threat-aware capabilities that incorporate threat detection with data loss features.
- Database record-matching fingerprinting technology is a core part of Digital Guardian’s approach for labeling and identifying sensitive information that should be protected.
Value proposition for potential buyers: Fidelis provides a network-based technology that delivers visibility to enterprises and can help limit data loss risks.
- The Fidelis Network offering is all about visibility into different threats that can hit networks. It includes network traffic analysis capabilities.
- DLP is one of the many features within Fidelis Network, with built-in data classification and labeling policies for potentially sensitive data.
- Fidelis’ DLP features include a set of pre-built policies for how sensitive data should be handled, clearly identifying when it should not leave a network.
Value proposition for potential buyers: Forcepoint is another option for those looking at a network hardware device-based approach to DLP that can protect data on-premises and in the cloud.
- A key differentiator for Forcepoint is the DLP’s integrated regulatory compliance checking and reporting capabilities that can help with data privacy regulations such as GDPR.
- Data identification and classification is enhanced with optical character recognition (OCR) so that sensitive data from images and scanned documents can be identified and protected.
- One dashboard provides administrators with a unified view of protected data across an enterprise, including endpoint, network and cloud applications.
Value proposition for potential buyers: McAfee DLP is a suite of products including discovery, prevention, monitoring and endpoint components. It’s a good option for organizations looking for a modular approach to DLP.
- McAfee’s DLP suite provides data protection across endpoints, networks and cloud resources.
- A key differentiator for McAfee is the company’s forensic analysis capabilities, which examine data loss events to help improve rules.
- The McAfee DLP discover component is particularly powerful, helping locate and identify data that an administrator may or may not know about.
- The monitor component goes beyond basic alerting to provide real-time analysis of network traffic to continuously look for potential policy violations.
Value proposition for potential buyers: Proofpoint DLP is focused on data loss via email and is a fit for organizations looking to reduce the risk for that specific attack vector.
- The key differentiator for Proofpoint’s DLP is its Digital Asset Security feature that is able to detect private information found in unstructured email content.
- Also of note is how the service can be used to limit the risk of Business Email Compromise (BEC) attacks, with policies that can block wire transfers or employee information to fraudsters.
- Self-service control is another key aspect, with a Smart Send feature that can help to educate users about policy violations.
Value proposition for potential buyers: Symantec has a suite of DLP capabilities for data discovery and protection both on premises and in the cloud
- Symantec has undergone significant changes over the past year, with the company’s enterprise assets being acquired by Broadcom in a $10.7 billion deal.
- Rather than having a single product, Symantec’s DLP has modules for cloud, email, web, endpoints, and storage data loss protection.
- A key differentiator is the Symantec DLP for Storage component, which specifically looks for sensitive data that is being stored in file servers and databases.
- Across the different modules, there is a unifying dashboard for consolidated policy management and response.
Value proposition for potential buyers: Trend Micro’s approach to DLP is to integrate it as a plug-in capability that fits into other products in the Trend Micro portfolio.
- The integrated DLP approach can be deployed on endpoints, network gateways and the cloud.
- Sensitive data can be identified via a variety of mechanisms, including the use of keywords and file attributes. There are also compliance templates that can be used to align against custom policies and regulatory requirements.
- A key feature of the integrated DLP is the ability to block, quarantine or even delete data that a user is attempting to send.