Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting & blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage) In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake. Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry.

Endpoint DLP

Data in Use "DiU"

Such systems run on end-user workstations or servers in the organization. Like network-based systems, endpoint-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users (e.g. ‘Chinese walls’). They can also control email and Instant Messaging communications before they are stored in the corporate archive, such that a blocked communication (i.e., one that was never sent, and therefore not subject to retention rules) will not be identified in a subsequent legal discovery situation. Endpoint systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities) and in some cases can access information before it has been encrypted. Some endpoint-based systems can also provide application controls to block attempted transmissions of confidential information, and provide immediate feedback to the user. They have the disadvantage that they need to be installed on every workstation in the network, cannot be used on mobile devices (e.g., cell phones and PDAs) or where they cannot be practically installed (for example on a workstation in an internet café).

Network DLP

Data in Motion "DiM"

Typically a software or hardware solution that is installed at network egress points near the perimeter. It analyzes network traffic to detect sensitive data that is being sent in violation of information security policies.

Benefits of DLP

  • Minimal upfront investment and simple licensing and ordering process
  • Reduces administrative overhead to lower operational costs
  • Reduces business risk by responding in real-time
  • Easily installs and deploys for low TCO
  • Generates increased value from current security investments
  • Helps ease regulatory compliance efforts with centralized analysis and reporting
  • Helps satisfy audit requirements
  • Ensures customer data privacy and integrity

File-level DLP

The software identifies the sensitive files and then embeds the information security policy within the file, so that it travels with it whether the file or part of it is sent, copied or downloaded

Data Security Solutions

Forcepoint DLP
Symantec DLP

Forcepoint Data Security Suite secures organizations against a wide range of data loss scenarios with a single policy framework for network and endpoint data loss prevention and confidential data discovery

– TRITON AP-DATA and AP-ENDPOINT extends data security controls to enterprise cloud applications and to your endpoints. Safely leverage powerful cloud services like Microsoft Office 365, Google for Work and SalesForce.com, as well as protecting your sensitive data and intellectual property on Windows and Mac laptops, both on and off-network.

More Information: https://www.forcepoint.com/product/data-insider-threat-security/dlp-data-loss-prevention

Data privacy regulations, such as GDPR require you to ensure sensitive data is properly managed. Symantec DLP is configured to identify sensitive data (including that defined by GDPR) and uses a variety of advanced data detection techniques to identify data in many forms.

  • Confidently identify regulated data, track its use, and location
  • Protection policies allow you to regulate the flow of sensitive data
  • Integrate with encryption and CASB technologies to protect email, removable media, individual files and data in the cloud


Solution Description

When data leaves your organization and is shared widely, all is not lost. Symantec DLP will identify sensitive data and enable advanced protection, allowing you to:

  • Control who can use data, even from unmanaged locations or devices
  • Define what level of access a user has using persistent encryption and digital rights
  • Monitor user access to sensitive data to identify risky behavior or security compromise
  • Revoke access to users, effectively digitally shredding a document


More information: https://www.symantec.com/products/data-loss-prevention