Connect with us

Hi, what are you looking for?


Data Protection

Data Loss Prevention: From Hero to Goat and Back Again

Over a decade ago, as the digital economy was getting its legs, data loss prevention (DLP) technology was seen as the savior for companies fearing exposure of sensitive internal and customer data.  In the intervening years, DLP has gone from hero to goat and back again. 

Over a decade ago, as the digital economy was getting its legs, data loss prevention (DLP) technology was seen as the savior for companies fearing exposure of sensitive internal and customer data.  In the intervening years, DLP has gone from hero to goat and back again. 

In the classic, “be careful what you wish for” scenario, enterprises turned on DLP and suddenly found their businesses paralyzed and their DLP administrators overwhelmed with alerts.  This was the result of initial implementers not realizing the impact of DLP technology on day-to-day business processes, nor did they imagine the volume of “violations” the tool’s policies would raise to responders. 

To make matters worse, many of the alerts ended up being false positives, wasting analysts’ and investigators’ time chasing fires that didn’t exist and increasing everybody’s blood pressure. 

Computer in Data CenterFrustrated buyers most often tuned down their DLP policies to prevent it from hindering the business, which also reduced the benefit gained from the technology.  Others hired boatloads of analysts to do their best to cut through the noise and catch the bad guys. The rest never completed their implementations in the first place, leaving parts of their organizations or certain exfiltration vectors (i.e. USB ports, email gateways, etc.), unprotected.  Regardless of any one company’s approach, the aggregate result was data loss protection technology getting a bad name, to the point where it was almost verboten to mention.

That was then, this is now.  Many factors have led to a resurgence in DLP technology and practices as a means of protecting sensitive data. One is a series of high profile incidents of sensitive data theft. Thre is nothing like board members and business executives asking CISOs what they are doing to prevent their company from becoming the next front-page story. 

Another is the explosion of cloud application usage, mobile computing and remote connectivity. Data is far less contained than it was just a few years ago when cloud and mobile were just beginning to get their footing. 

Finally, the straw that broke the camel’s back, are regulatory requirements that include mandates about sensitive data protection, and carry significant fines and penalties for not doing so. 

Top of mind among those regulations is the European Union’s upcoming Global Data Protection Regulation (GDPR).  GDPR focuses on protecting the rights of citizens of the EU when it comes to protecting their data.  It includes a broad set of requirements, as well as a penalty of up to four percent of global revenue.  Underlying much of the regulation is to ensure that sensitive data is not exposed to those who do not need to see or process it, especially outside the “GDPR countries.” 

Advertisement. Scroll to continue reading.

DLP is the obvious technology for that job, but is not enough by itself.  The convergence of these factors in addition to significant advancements in DLP and related technologies makes its implementation more important, practical and effective. The result – DLP is the comeback kid. 

DLP technology has improved significantly in both its ability to catch data exfiltration events across multiple channels like the cloud, as well as its ability to inspect a broader range of formats like images.  These new capabilities make its detection more reliable across more scenarios, resulting in better protection, but has not solved the challenge of the overwhelming number of resulting events.  

Enter user and entity behavior analytics (“UEBA”).  The advent of UEBA technology has enabled DLP to be more effective by paring down the endless mountain of incident level alerts to a more manageable list of suspicious users for investigation. 

Using techniques like “peer analysis,” which compares a person’s behavior to those with the same manager and the same organization, UEBA is able to minimize false positives and accelerate the human analyst’s job. UEBA continues to evolve alongside DLP, and can now integrate many user activity vectors like authentication, proxy and CASB, as well as data sources like threat intelligence to improve identification of communication with known bad destinations and indicators of attack/compromise that may lead to the identification of compromised accounts.  This evolution has led to a more risk based view that takes into account the potential motivation of the user and the riskiness of the events occurring on the computer endpoints they use. 

DLP and UEBA technology are leaps and bounds ahead of where they were just a few years ago.  The cyber analytics ecosystem of which they are a part continues to evolve quickly, synthesizing additional data sources and improving the accuracy of machine learning algorithms.  

These continued developments will improve their capabilities and reduce human involvement in the process of identifying and mitigating insider threats. 

The challenge of data protection is not going away.  Even without the ever-improving tactics of the bad guys, data sprawl has made it difficult for those just trying to do their jobs.  DLP will continue to be the keystone of protecting sensitive data and preventing its unauthorized exposure. Comeback complete.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...