Data Security Knowledge Base
What is Network Data Loss Prevention?
Network data loss prevention is a technology for securing an organization’s network communications, including email, web applications, and traditional data transfer mechanisms like FTP. Companies utilize network data loss prevention solutions in order to prevent loss of sensitive information via the network. These solutions enable companies to encrypt data and block risky information flows appropriately in order to monitor and control the flow of data over their networks and to meet regulatory compliance.
Typically, network data loss prevention includes the ability to:
- Inspect and control traffic on email, webmail, web applications, HTTP/S, FTP/S, and TCP/IP
- Gain control and visibility over webmail and FTP, including SSL-enabled sessions
- Prevent sensitive data loss via the network regardless of port or protocol
- Inspect email subjects, messages, and attachments for sensitive content
- Enforce policy-based monitoring and blocking of web applications
- Encrypt email content for secure communication and regulatory compliance
- Notify users and administrators when network traffic violates corporate data protection policies
Insider Threats and Network Data Loss Prevention
In order to perform their business roles, many employees, partners, and contractors require access to sensitive company data. These users are creating, manipulating, and sharing data at unprecedented rates, which means the data is moving on and off the corporate network, corporate and personal devices, and the cloud. If your company employs independent contractors and freelancers, they are working outside of the corporate network, putting your data at an even greater risk of loss or unintended exposure.
For these reasons, mitigating insider threats remains a primary use case for network data loss prevention solutions. The data visibility and controls afforded by these solutions enable policy-based protections to ensure that sensitive data is only being transmitted to or accessed by authorized recipients.
Challenges of Network Data Loss Prevention and Insider Threats
While it is a top use case for network data loss prevention software, insider threat detection can still prove challenging. Typically, insider threats are more difficult to detect than outside attacks. Employees have authorized logins, so their attempts to access data will not be recognized as threats as easily as attempts made by outsiders. For the same reason, insider threats often cause more damage than outside attacks. Some insiders also know which security measures they have to avoid to go undetected, plus they do not have to worry about firewalls and other network-based security measures when they operate from inside the network.
Network Data Loss Prevention for Regulatory Compliance
Network data loss prevention solutions are also commonly used for meeting regulatory compliance requirements including PCI-DSS, HIPAA, HITECH, GLBA, and Sarbanes-Oxley, among others. Many of these regulations have overlapping requirements for compliance that can be met by network DLP solutions, including the ability to monitor and control regulated data, restrict data access or transmissions, encrypt regulated data, and identify regulated data as well as repositories containing that data. Because of their ease of deployment and wide coverage of compliance requirements, network data loss prevention tools are among the most commonly used for compliance cases.
Keys to Network Data Loss Prevention
Network data loss prevention solutions have one objective: stopping sensitive data from leaving your organization. There are some key features that you should look for when choosing a network data loss prevention solution, so that you are assured that your sensitive data is protected. A robust network data loss prevention solution should be capable of:
- Automatically warning or blocking users when activity is determined to be risky based on data content and event context
- Automatically encrypting sensitive data being sent via email or transferred to removable devices or cloud/web applications
- Event logging for incident response and forensic analysis
- Providing full content inspection with context awareness to automatically recognize sensitive data requiring protection
- Data discovery and classification features to locate and tag sensitive data so that protective policies can be applied
A steady stream of damaging, high profile data breaches combined with the trend of businesses becoming increasingly mobile and geographically distributed has created a heightened reliance on network data loss prevention solutions at the enterprise level. Insider threats within the network especially need to be monitored and detected quickly before damage is done and data is lost. Likewise, internal networks must be monitored and controlled if sensitive data is to remain secure. An advanced network data loss prevention solution is essential to meeting these data protection requirements, and as a result network DLP remains an invaluable component of enterprise security programs today.