Revisiting data loss prevention

By Oded Gonda, vice president of network security products at Check Point Software Technologies

You just pressed the ‘send’ button and suddenly realized, too late, that your email was sent to the wrong recipient or that you attached the wrong file with ultra-confidential information.This is, unfortunately, a common mistake that we have all made at some point. For organizations, the prevalence of email for mass communication, combined with high-speed computing and data communication networks, has made the risk of data loss considerably high.

In this ever increasingly digital environment, the questions are: How can enterprises prevent such incidents from occurring? How can you prevent your employees from mistyping an email address or clicking on the wrong email recipient from an automatically generated drop-down list? How can you prevent them from accidentally uploading sensitive data to a file sharing website?

Check Point proposes a new approach to help businesses efficiently tackle the challenge and protect their data from intentional or unintentional loss. This innovative approach combines content detection and user remediation technologies bringing users at the forefront of data loss prevention.

Over the years, companies have tried to address data loss with technology only, but without much success. The majority of DLP solutions in use today are overly sophisticated systems that analyze data files and attempt to determine and qualify the content of each file. Most of them function in detection mode only and generate volumes of reports about potential data leak incidents that occurred across the organization.  Security administrators are then required to analyze aninvestigate each report, and end up being exposed to highly sensitive or strictly confidential data, they were not authorized to see in the first place, which raises the issue of privacy.

If not handled correctly, DLP can rapidly become a real challenge - if not a massive burden - consuming valuable time and resources for the organization. Technology alone is not the answer. Technology alone cannot make on-the-spot decisions about when and where sensitive data should flow, whether it should be quarantined for further consideration, or blocked altogether. What companies need is an innovative solution that combines the power of technology, with users and processes in order to provide contextual background for each potentially sensitive communication. The system should not only generate reactive reports as much as it should focus on proactively blocking incidents from occurring. In addition, the solution needs to be simple to deploy, simple to use, and of course, reliable.

Check Point's new DLP solution pioneers a new era of data loss prevention. Without disrupting the company's daily flow of business, the solution moves data loss from detection to prevention and avoids false-positives by engaging users to remediate. It strikes an optimal balance between containing the risks of data loss, and giving end-users the ability to do their jobs unhindered by intrusive technology, while educating them in the process.

Sitting at the network gateway, the solution inspects outbound traffic to prevent accidental leakages of confidential corporate information. Each enterprise can easily configure the business rules that govern what SMTP, HTTP (including Web mail) and FTP traffic is allowed to pass unhindered and what isn't. The solution can be configured to warn the end-users with a pop-up when they are about to send an email or transmit files with sensitive information, that possibly violate the enterprise's information-sharing policy. End-users can review the message, discard it, if they find out it was about to be accidentally sent to unauthorized users; or proceed to send it if it's a valid communication.

The data classification engine used in Check Point DLP solution combines users, content and process information to make accurate decisions. More sophisticated than other technologies used in different DLP solutions, the technology looks at multiple parameters such as a collection of words or numbers, and not just a predetermined pattern like other solutions. It has high accuracy rates in identifying sensitive data, including personally identifiable information, compliance-related data, and confidential business data. Each enterprise can easily select, create data types and configure their DLP rules to closely match their corporate data policies that govern what data can be shared with whom.

The Check Point Data Loss Prevention solution addresses many of the problems that have dogged DLP in the past - including its costs and complexity of implementation and the high levels of false positives.

Check Point DLP comes as a software blade that can be deployed on all Check Point security gateways and easily added to an organization's existing infrastructure in a simple and flexible way, and is also offered as a stand-alone appliance, DLP-1. Both solutions are centrally managed through Check Point single security management console to reduce complexity and operational overhead. Thanks to its ease of configuration, as well as the built-in policies and rules it features, the Check Point DLP solution can provide protection within a matter of days.

The Check Point solution supports the business objectives for corporate data sharing policies and information protection regulations, while simultaneously educating employees about potential data loss incidents and empowering the users to remediate incidents in real time. It gives employees a valuable second chance to catch that email before they accidentally send it to the wrong person or attach a confidential file, and avoid what could possibly have been a data breach for their company. All without stopping the flow of the business.