What is File Fingerprinting?

by Nate Lord on Friday September 7, 2018

Contact Us
Free Demo
Chat

File fingerprinting, also known as data fingerprinting or document fingerprinting, is a technique employed by many network data loss prevention solutions for identifying and tracking data across a network. Read on to learn more about fingerprinting and the security benefits of a DLP solution with data fingerprinting capabilities.

A Definition of File Fingerprinting

Document fingerprinting is performed by algorithms that map data such as documents and files to shorter text strings, also known as fingerprints. These fingerprints are unique identifiers for their corresponding data and files, much like human fingerprints uniquely identify individual people. Generally, document fingerprinting is a traditional network-based data loss prevention (DLP) feature.

Document fingerprinting is used to identify sensitive information so that it can be tracked and protected accordingly. As employees continue to produce and handle various types of sensitive data and information in increasingly large quantities, data fingerprinting provides a scalable technique for identifying, monitoring, and applying protective controls to data as it moves across the corporate network.

Document fingerprinting is especially useful for identifying sensitive data within forms, including government forms such as tax documents, Health Insurance Portability and Accountability Act (HIPAA) and other regulatory compliance forms, employee documentation forms used by finance or human resources, and other proprietary forms that a business may use, such as customer order forms or contracts. By extending data fingerprinting to forms, traditional DLP solutions can detect sensitive data such as social security numbers, credit card numbers, and healthcare information within those forms. Recognizing when these documents contain pieces of sensitive data enables DLP solutions to secure those documents during transmission.

Methods of Document Fingerprinting

Different documents and data types often follow unique word patterns. Traditional DLP solutions identify those unique word patterns within the documents and then create document fingerprints based on them. From there the DLP solution uses the document fingerprint to detect network data transmissions featuring the same pattern.

One of the most efficient ways of creating document fingerprints is to upload a form or template first. This enables a DLP solution to detect and match file fingerprints even after a form has been modified or completed, as the original elements of the template will still be present. The DLP solution then can determine the sensitivity of the document based on its fingerprint and secure it if needed.

Benefits of Document Fingerprinting

The primary benefit of file fingerprinting is the ability to automate and scale the process of identifying and tagging sensitive information on a network. After a DLP solution creates data fingerprints and associates files with their appropriate DLP policies, the program detects network traffic – such as emails, TCP and FTP traffic, or web uploads – that contains documents matching fingerprint data in order to apply protections based on those DLP policies. Protections deployed based on document fingerprints may include blocking transmissions, preventing file access, or encrypting sensitive data. Most businesses and organizations have restricted-use or restricted-access policies so that only specific users have access to sensitive information; this can be made possible by data fingerprinting used in conjunction with DLP policies and exceptions.

Document fingerprinting is an important safeguard against insiders intentionally or inadvertently leaking sensitive information to outside or otherwise unauthorized contacts. Intellectual property, as well as government forms and business records, can be protected through document fingerprinting.

whitepaper

The Definitive Guide to Data Loss Prevention

Challenges of Data Fingerprinting

The effectiveness of document fingerprinting can limited in certain instances. Fingerprinting does not always work for certain file types, including documents that are encrypted or password protected, images and videos, and data in which the text does not perfectly match a predefined document fingerprint. Document fingerprinting also may not be enough to defend against external cyber attacks and malware. As attackers and malware become more sophisticated, it becomes more difficult for businesses to defend against them using traditional methods.

Additionally, businesses need to utilize malware detection that is dynamic enough to quickly and accurately detect malware, including new variations of malware. New advanced behavioral analysis featured in dynamic endpoint detection and response solutions is better able to detect malware than traditional signature-based or fingerprinting methods. Also, many advanced endpoint DLP solutions have more effective methods of classifying and protecting sensitive data based on contextual factors such as user, file source/destination, and file or application type. Traditional classification solutions using document fingerprinting can also be time consuming, as they require a lengthy process of developing fingerprint models before they are able to detect sensitive data based on those fingerprint templates. Finally, because file fingerprinting is typically performed by a network DLP appliance, these solutions are only viable when users are connected to the corporate network – unlike endpoint DLP solutions, which are installed on devices themselves and can protect data on or off the network.

The Role of File Fingerprinting in a Comprehensive Security Program

While document fingerprinting is useful as an automated, scalable solution for securing data and files on a corporate network, it is not a standalone solution to data security for enterprises today and should rather be used as a component of a defense-in-depth strategy. Network DLP solutions that employ document fingerprinting are a viable solution for many regulatory compliance requirements as well, but the contextual protection and device-level security capabilities offered by endpoint DLP solutions often make endpoint DLP the answer for businesses with more stringent data protection requirements.

For more help on deciding which type of data loss prevention solution is right for your business requirements, check out this video:

Tags: Data Protection 101

Nate Lord

Nate Lord is the former editor of Data Insider and is currently an account manager covering the southeast, Great Lakes, and Latin America regions at Digital Guardian. He has over 7 years of experience in the information security industry, working at Veracode prior to joining Digital Guardian in 2014. Nate enjoys learning about the complex problems facing information security professionals and collaborating with Digital Guardian customers to help solve them.