Categories Topics
Data Loss Prevention (DLP)

Data Loss Prevention (DLP) is a tool or process used to identify, monitor or restrict sensitive information from leaving an organization (i.e. "data leakage") or from being accessed by unauthorized sources. Many DLP commercial solutions focus on monitoring and protection of data leakage to include data in motion (e.g. copying sensitive data to removable media, through e-mail, via internet web proxies and webmail) and data at endpoints (e.g. data discovery and quarantine of files on insecure systems). The main objective of DLP is to ensure information is protected and is not stored on insecure sources. DLP should be part of a defense-in-depth strategy to protect information.

As part of an effective DLP strategy, organizations should start with identifying their most sensitive assets to include the highest risk applications and information that the organization most cares about protecting. SZ recommends organizations have a data classification policy and data handling procedure and to label the most sensitive information.

Additionally, ensure the most sensitive information is inventoried with data classification and has an owner (e.g. Application Directory or a central management database or "CMDB"). The old cliche, "you can't protect what you don't know about" is true with DLP as well. Once data is identified and prioritized using a risk-based approach, a DLP strategy should focus on a phased approach. For example, DLP endpoint agents can be deployed on laptops and desktops to first monitor and (after careful testing) prevent unauthorized USB devices from being used to transfer sensitive data, unless specifically authorized. Rules can be managed via central management system to inspect contents for regular expressions (e.g., SSN), context (e.g. role) or via fingerprinting and then monitor or block the transfer of sensitive files to removable media.

To round out the DLP solution, monitoring appliances or systems can also be setup to discover and relocate sensitive files from unsecure file shares or servers to quarantine systems. Consideration should be made on performance impact on the network and systems. Finally, mechanisms should be deployed to inspect and/or block data leakage using web proxies (e.g. webmail, blogs) and e-mail systems (e.g. SMTP blocking). These communication mechanisms should be specifically authorized to ensure sensitive data is not released to the internet zoo. Encryption of sensitive data in transit should also be leveraged to prevent data leakage.
News Articles
Equifax IT staff had to rerun hackers' database queries to work out what was nicked –
OCR software firm ABBYY leaks 203,000 customer documents in MongoDB server snafuwww.tripwire.com8/28/2018
Hackers help themselves to data belonging to 2 million T-Mobile customerswww.zdnet.com8/27/2018
26.5 million Comcast Xfinity customers had their partial home addresses and SSNs exposedwww.tripwire.com8/9/2018
Breach at Electronics Retailer Might Have Exposed 10M Data Recordswww.tripwire.com7/31/2018
Four Healthcare IT Companies Warn PHO Put 800K Patients’ Data at Riskwww.tripwire.com7/17/2018
User data exposed in Domain Factory hosting security breachwww.zdnet.com7/9/2018
Comcast fixes another Xfinity website data leakwww.zdnet.com6/25/2018
270,000 Med Associates records possibly compromised in data breachwww.scmagazine.com6/22/2018
Hackers siphon hundreds of millions of pesos out of Mexican banks through shadow transactionswww.tripwire.com5/17/2018
Chili’s Restaurants Suffered Payment Card Data Security Incidentwww.tripwire.com5/14/2018
SunTrust warns ex-employee may have shared info on 1.5 million clientswww.cnbc.com4/20/2018
Excel pivot table data leak leads to £120,000 fine for London councilwww.tripwire.com4/19/2018
Millions of Apps Leak Private User Data Via Leaky Ad SDKsthreatpost.com4/18/2018
Equifax peeks under couch, finds 2.4 million more folk hit by
Norwegian health authority hacked, patient data of nearly 3 million citizens possibly compromisedwww.helpnetsecurity.com1/18/2018
30K Florida Medicaid Recipients’ Data Possibly Accessed in Phishing Attackwww.tripwire.com1/8/2018
Forever 21 investigation reveals malware presence at some storeswww.zdnet.com1/2/2018
Uber says 2.7 MEEELLION(ish) UK users affected by
Health Insurer Sets up Relief Program for Victims of PHI Breachwww.tripwire.com10/3/2017
Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cardskrebsonsecurity.com9/26/2017
5,400 AXA Customers’ Personal Data Potentially Exposed in Breachwww.tripwire.com9/8/2017
Equifax Announces Cybersecurity Incident Involving Consumer Informationwww.equifaxsecurity2017.com9/7/2017
Essential apologizes for 'humiliating' customer data leakwww.zdnet.com8/31/2017
Sony social media accounts hijacked as hackers claims to have stolen PSN databasehotforsecurity.bitdefender.com8/21/2017
Ashley Madison Agrees to $11.2M Settlement for 2015 Data Breachwww.tripwire.com7/17/2017
Trump Hotels joins Hard Rock, Loews and Four Seasons as victims of Sabre hospitality breachwww.scmagazine.com7/13/2017
Millions of Verizon customer records exposed in security lapsewww.zdnet.com7/12/2017
Data Breach hits California Association of Realtorswww.scmagazine.com7/10/2017
Self-Service Food Kiosk Vendor Avanti Hackedkrebsonsecurity.com7/8/2017
Bitcoin, Ethereum Stolen Following Bithumb Hackwww.securityweek.com7/5/2017
8tracks breach yields data on 18M accountswww.scmagazine.com6/29/2017
GameStop Online Shoppers Officially Warned of Breachthreatpost.com6/9/2017
U.S. Defense Contractor Exposes Sensitive Military Datawww.securityweek.com6/1/2017
Zomato Hacked! Database of 17 Million Users Stolenwww.tripwire.com5/18/2017
Brooks Brothers Alerts Customers of Year-Long Payment Card Breachwww.tripwire.com5/16/2017
Retina-X admits they have suffered a data breachwww.helpnetsecurity.com5/2/2017
30,000 London gun owners hit by Met Police 'data breach'
InterContinental confirms card data breach at over 1,000 locationswww.helpnetsecurity.com4/19/2017
Restaurant Chain Confirms Payment Card Breach at 37 Managed Locationswww.tripwire.com4/17/2017
Fancy Bear strikes again: Russian hackers accessed IAAF athletes' medical data in cyberattackwww.zdnet.com4/3/2017
PII of 33,698,126 Americans leaked onlinewww.networkworld.com3/15/2017
Boeing Notifies 36,000 Employees Following Breachthreatpost.com2/27/2017
40% of cloud services are commissioned without the involvement of ITwww.helpnetsecurity.com2/13/2017
UK sports retailer Sports Direct hackedwww.helpnetsecurity.com2/9/2017
InterContinental Confirms Breach at 12 Hotelskrebsonsecurity.com2/6/2017
Telemarketing Firm Leaks 400,000 Recorded Callsthreatpost.com1/30/2017
Email Slip-Up Exposes 60,000 Bank Customers’ Account Detailswww.tripwire.com1/10/2017
Hello Kitty Database of 3.3 Million Breached Credentials Surfacesthreatpost.com1/9/2017 Plugs Account Data Leakage Flawthreatpost.com1/3/2017
Pentagon Subcontractor Inadvertently Leaks 11 Gigs of Sensitive Datathreatpost.com1/3/2017
US government subcontractor leaks confidential military personnel datawww.zdnet.com12/31/2016
8 million GitHub profiles scraped, data found leaking onlinewww.helpnetsecurity.com11/18/2016
Tesco Bank freezes all online transactions after money stolen from 20,000 accountswww.zdnet.com11/7/2016
Lost thumb drives bedevil U.S. banking agencywww.computerworld.com10/29/2016
43+ million users affected by confirmed Weebly breachwww.helpnetsecurity.com10/21/2016
Hacker grabs over 58 million customer records from data storage firmwww.tripwire.com10/13/2016
Vera Bradley suffers data breach as POS system hackedwww.scmagazine.com10/12/2016
Security analyst says Yahoo!, Dropbox, LinkedIn, Tumblr all popped by same
Meet MailSniper, a tool to search Microsoft Exchange emails for sensitive infowww.networkworld.com9/26/2016
71,000 Minecraft World Map accounts leaked online after 'hack'
Hackers use vBulletin flaw to break into 27M more accountswww.computerworld.com8/24/2016
Epic's forums hacked again, with thousands of logins stolenwww.zdnet.com8/22/2016
Another Data Breach Notice, This Time from Eddie Bauerwww.tripwire.com8/19/2016
Credit-card stealing malware hits Hyatt, Marriott, Sheraton hotel chainswww.tripwire.com8/16/2016
200M Yahoo accounts go up for sale on black marketwww.computerworld.com8/2/2016
Kimpton Hotels Investigating Payment Card Fraudthreatpost.com7/26/2016
Hacker steals 1.6 million accounts from top mobile game's forumwww.zdnet.com7/22/2016
Wendy's says hackers stole card data in attack disclosed in Januarywww.cnbc.com7/7/2016
32m Twitter login credentials stolen from userswww.helpnetsecurity.com6/9/2016
65M Tumblr account records are up for sale on the underground marketwww.computerworld.com5/31/2016
LinkedIn panics, legal threats fly into hacker search engine inboxwww.zdnet.com5/20/2016
Megabreach: 55 MILLION voters' details leaked in
Data of nearly 50 million Turks allegedly leaked onlinewww.cnbc.com4/5/2016
Trump Hotels investigating possible payment card breachwww.networkworld.com4/4/2016
Crooks Steal, Sell Verizon Enterprise Customer Datakrebsonsecurity.com3/24/2016
Rosen Hotel chain was hit by credit-card stealing malware for 17 monthswww.tripwire.com3/9/2016
Report: Hackers steal, post details on 9,000 DHS employeeswww.networkworld.com2/8/2016
University of Virginia data breach exposed financial datawww.zdnet.com1/25/2016
250 Hyatt hotels infected last year with payment data stealing malwarewww.zdnet.com1/15/2016
Hyatt discovers malware at 250 hotelswww.scmagazine.com1/15/2016
TaxAct breached: Customer banking and Social Security information compromisedwww.scmagazine.com1/13/2016
Starwood Luxury Hotel Chain Reports Credit Card Breach At Over 50 US Locationswww.tripwire.com11/23/2015
Comcast resets 200k cleartext passwords, hacker claims
EMC, Hospital to Pay $90,000 Over Data Theft From Stolen Laptopwww.tripwire.com11/9/2015
TalkTalk breach: CEO dismisses encryption, 15-year-old arrestednakedsecurity.sophos.com10/27/2015
Data hack at 7 Trump hotels confirmedwww.cnbc.com10/5/2015
Experian breach may have exposed data on 15M consumers linked to T-Mobilewww.computerworld.com10/1/2015
Banks: Card Breach at Hilton Hotel Propertieskrebsonsecurity.com9/25/2015
OPM underestimated the number of stolen fingerprints by 4.5 millionwww.computerworld.com9/23/2015
Internet company hit by credit card breachwww.computerworld.com8/19/2015
IRS breach claims 220,000 additional US taxpayerswww.zdnet.com8/18/2015
Huge hack attack: UK data cops to probe Carphone Warehouse
Attackers can access Dropbox, Google Drive, OneDrive files without a user's passwordwww.zdnet.com8/6/2015
UConn School of Engineering cyberintrusion originated in Chinawww.scmagazine.com8/3/2015
Alfa Insurance: data on 86K individuals inadvertently made accessible to internetwww.scmagazine.com7/21/2015
As Predicted, OPM Director Resigns in Wake of Epic Hackwww.wired.com7/10/2015
Private security clearance info accessed in second OPM breachwww.scmagazine.com6/13/2015
Hacked data on millions of US gov't workers was unencryptedwww.computerworld.com6/11/2015
IRS Statement on the "Get Transcript" Applicationwww.irs.gov5/27/2015
Palo Alto Networks Acquires CirroSecurewww.securityweek.com5/27/2015
Dating website hack leaks data of 4M userswww.cnbc.com5/22/2015
1.1 Million Affected by CareFirst BlueCross BlueShield Breachthreatpost.com5/21/2015
Personal Information Possibly Stolen in Linux Australia Breachwww.securityweek.com4/6/2015
Slack Says It Was Hacked, Enables Two-Factor Authenticationwww.wired.com3/27/2015
Premera Blue Cross breached, info on 11 million customers at riskwww.scmagazine.com3/17/2015
Stolen hard drives bring more data breach pain for US health servicesnakedsecurity.sophos.com3/11/2015
Credit Card Breach at Mandarin Orientalkrebsonsecurity.com3/4/2015
Anthem now says 78.8M were affected by breachwww.computerworld.com2/24/2015
Poor security left Anthem customer records exposedwww.zdnet.com2/6/2015
Health insurer Anthem discloses customer and employee data breachwww.computerworld.com2/5/2015
Breach of Health Insurer Exposes Sensitive Data of Millions of Patientswww.wired.com2/5/2015
Malaysia Airlines website attacked, big data dump threatenedwww.computerworld.com1/26/2015
Over 870K personal records leaked following Australian insurer breachwww.scmagazine.com1/21/2015
Park ‘N Fly, OneStopParking Confirm Breacheskrebsonsecurity.com1/14/2015
Hackers Compromise United and American Airlines Customer Accounts, Book Free Tripswww.tripwire.com1/13/2015
Examiner caused Palm Springs credit union breach, NCUA IG to investigatewww.scmagazine.com12/31/2014
Target Hackers Hit OneStopParking.comkrebsonsecurity.com12/30/2014
Daily Report: Simple Flaw Allowed JPMorgan Computer Breachbits.blogs.nytimes.com12/23/2014
Sony to media: stop publishing our stolen stuff or we'll get
Experts take inventory of Sony Pictures data leak, potential costswww.scmagazine.com12/5/2014
Sony Pictures corporate files stolen and released in cyberattackwww.zdnet.com11/28/2014
Sony Pictures Computers Down for a Second Day After Network Breachbits.blogs.nytimes.com11/25/2014
Oops! Health Insurer Exposes Member Databits.blogs.nytimes.com11/10/2014
U.S. Postal Service suffers breach of employee, customer datawww.computerworld.com11/10/2014
Staples Is Latest Retailer Hit by Hackersbits.blogs.nytimes.com10/21/2014
JPMorgan hack affected 76 million households, 7 million SMBswww.zdnet.com10/3/2014
Data breach that hit Jimmy John's is larger than first thoughtwww.computerworld.com9/26/2014
Hack attacks on hospitals jump 600% this year: CEOwww.cnbc.com9/25/2014
Tripadvisor site coughs to card data breach for a potential 800k
56 Million Payment Cards At Risk in Home Depot Data Breachthreatpost.com9/18/2014
Home Depot Data Breach Could Be the Largest Yetbits.blogs.nytimes.com9/8/2014
JPMorgan Hackers Came In the Front Door -- in June. Two Months of
Hold the ice cream: DQ likely data breach victimwww.cnbc.com8/27/2014
Survey: manufacturing businesses’ intellectual property gets lost to security breachesus-business.kaspersky.com8/13/2014
Millions of PCs Affected by Mysterious Computrace Backdoorthreatpost.com8/11/2014
Backoff: New Point of Sale
63% of businesses don't encrypt credit
Data Breaches in New York Hit Record High in 2013, State Attorney General Saysbits.blogs.nytimes.com7/15/2014
File sharing programs cause data leaks, security headacheswww.scmagazine.com7/2/2014
AT&T: 'twas conniving contractors who nicked your
TrueCrypt considered HARMFUL – downloads, website meddled to warn: 'It's not secure'
SanDisk ships its first self-encrypting SSDswww.computerworld.com5/13/2014
Do you use NAS drives? For work? One just LEAKED secret cash-machine
Drives containing info on 2,500 stolen from Michigan health departmentwww.scmagazine.com4/7/2014
South Korea punishes three credit card firms over data heistnakedsecurity.sophos.com2/18/2014
Theft of unencrypted laptops behind Coca-Cola breach impacting 74,000www.scmagazine.com1/27/2014
Bank data of 20 million customers leaked in South Koreawww.zdnet.com1/20/2014
A Leader again! McAfee is positioned highest for completeness of vision in the new Gartner Endpoint Magic Quadrantblogs.mcafee.com1/16/2014
Overexposed: Snapchat user info from 4.6M accountsnews.cnet.com1/1/2014
Two Missing Insurance Laptops May Impact 800k Peoplethreatpost.com12/16/2013
Quadrillion-dollar finance house spams Reg reader with bankers' private
California hospital notifies patients of missing thumb drivewww.scmagazine.com11/20/2013
Nearly 50k patient credit cards compromised by insiderwww.scmagazine.com10/10/2013
Unencrypted laptop stolen from Calif. hospital puts patients at riskwww.scmagazine.com9/30/2013
Chap unrolls 'USB condom' to protect against
State employee error puts thousands at riskwww.scmagazine.com9/9/2013
Lawyers report steep rise in employee data theft casesnakedsecurity.sophos.com9/3/2013
Detective's stolen laptop risks data of 2,300 in Washington statewww.scmagazine.com6/28/2013
Firm: Facebook 'bug' worse than reported; non-users also affectedwww.zdnet.com6/26/2013
Info of nearly 3K University of Illinois dorm residents stolenwww.scmagazine.com6/25/2013
Nicked unencrypted PC with 6,000 bank details lands council fat
Huddle: Consumer cloud services causing 'security time-bomb' for enterpriseswww.zdnet.com5/30/2013
Be careful of where your big data ends up: ServCorpwww.zdnet.com5/30/2013
Flurry of products pushing BYOD in Indiawww.zdnet.com5/17/2013
Telstra apologetic after old customer data leaks onlinewww.zdnet.com5/15/2013
Investment regulator loses portable device containing personal datawww.scmagazine.com4/15/2013
Laptop stolen from S.C. medical center contains data on 7k veteranswww.scmagazine.com4/8/2013
Lost, unencrypted USB thumb drive impacts more than 50k Medicaid providerswww.scmagazine.com3/12/2013
Former Employee Charged With Accessing Thousands of Driver's Licensesthreatpost.com2/7/2013
'Terrific Employee' Fired After Losing USB Drive Containing Medical Recordsthreatpost.com1/17/2013
51% of UK networks compromised by BYODwww.infosecurity-magazine.com1/7/2013
Toshiba tees off 2013 with self-encrypting driveswww.zdnet.com1/7/2013
Feds step up HIPAA enforcement with hospice settlementwww.scmagazine.com1/7/2013
Study: 94 Percent of Healthcare Organizations Breachedthreatpost.com1/3/2013
University of Michigan Health Systems Admits Patient Data Stolenthreatpost.com12/26/2012
Dexter malware targets point of sale systems
Swiss spy agency warns CIA, MI6 over 'massive' secret data theftwww.zdnet.com12/4/2012
Petraeus affair reveals risks of emailwww.computerworld.com12/3/2012
Stolen NASA Laptop Puts ‘Large Number’ of Employees at Riskthreatpost.com11/14/2012
SEC Left Sensitive Data Vulnerable, Report Sayswww.darkreading.com11/9/2012
OIG finds 85 percent of VA encryption licenses lay dormantwww.fiercegovernmentit.com10/16/2012
Keeping Data Out Of The Insecure Cloudwww.darkreading.com10/15/2012
Chinese hackers breach Indian navy computerswww.zdnet.com7/2/2012
Man charged with stealing NY Fed Reserve Bank source codenews.cnet.com1/18/2012
Nationwide employee sentenced to 2 1/2 years for counterfeit video gameswww.dispatch.com12/30/2011
Plans to migrate LAPD to Google's cloud apps droppedwww.computerworld.com12/22/2011
DARPA to start checking your email for threatswww.navytimes.com12/21/2011
Hackers Stole Emails From Employees in Chamber of Commerce Breachwww.eweek.com12/21/2011
Jury convicts hacker over AT&T-iPad user data breachwww.zdnet.com11/21/2011
White Papers
Social Media: Consumer Compliance Risk Management Guidancewww.ffiec.gov1/22/2013
Third Annual Benchmark Study on Patient Privacy & Data Securitywww.ponemon.org12/6/2012
The CERT Insider Threat Centerwww.cert.org4/28/2012
2012 State of Mobility