Skip to main content

Information Leakage Prevention

Description

Information Leakage Prevention is a data loss prevention software. The software detects and prevents potential data breaches or data exfiltration transfers by monitoring, detecting and blocking sensitive data in use (endpoint actions), in motion (network traffic) and at rest (data storage).

It is a marketing (information security) term.

Data loss and data leakage

The terms “data loss” and “data leak” are related and often used interchangeably. Data loss incidents become data leak incidents when media containing confidential information is lost and subsequently captured by an unauthorized person. However, a data leak is possible without losing the data on the originating site.

Categories

The technological means of dealing with information leakage prevention can be divided into categories:

Standard security measures such as firewalls, intrusion detection systems (IDS), and antivirus software are commonly available products that protect computers from attacks by outsiders and insiders. A firewall protects the internal network from outside attacks. An intrusion detection system detects the intrusion attempt from outsiders. Insider attacks can be averted by antivirus scans (detect Trojans) that send confidential information and by using thin clients, which are client-server architecture with no personal or confidential data stored on a client device.
Advanced security measures use machine learning and temporal reasoning algorithms to detect abnormal access to data (e.g., databases or information retrieval systems) or abnormal email exchanges. Honeypots are used to detect authorized personnel with malicious intent based on activity verification (e.g., keystroke dynamics detection). It is therefore a monitoring of user activity to detect abnormal data access.
Designated systems detect and prevent unauthorized attempts to copy or send confidential data. It does not matter whether the attempt was intentional or unintentional. This would typically apply to human resources personnel, as they are authorized to access confidential information. To classify certain information as confidential, these mechanisms use exact data matching, structured data fingerprinting, statistical methods, rule and regular expression matching, published lexicons, conceptual definitions, keywords, and contextual information such as the data source.

Information Leakage Prevention Types

Network

Network (Data in Motion) technology is typically installed at network egress points near the perimeter. To identify data as confidential, it initiates an analysis of traffic on the network that is sent in violation of information security policies. Multiple security control points can report activity to be analyzed by a central management server.

Endpoint

Endpoint systems (data in use) run on internal work servers or end-user workstations. Like network-based systems, endpoint-based technology can address both internal and external communications. It can therefore be used to control the flow of information between groups or types of users. You can also control email and instant messaging communications before they reach the corporate archive so that a blocked communication (i.e., one that was never sent and therefore not subject to retention rules) is not identified in a subsequent legal discovery situation.

Endpoint systems have the advantage of monitoring and controlling access to physical devices (e.g., mobile devices with data storage capabilities). In some cases, they can access information before it is encrypted. Endpoint systems as information leakage prevention also have access to information required for contextual classification. For example, the source that generates content. Some endpoint-based systems provide application controls to block attempted transmissions of sensitive information and provide immediate user feedback. They must be installed on every workstation in the network, not used on mobile devices.

Other types include:
[su_list icon=”icon: hand-o-right” icon_color=”#187bc0″ indent=”-5″]

  • The identification of the data
  • Data leakage attempts
  • Archived data
  • Used data
  • Data in Motion
[/su_list]

Do you have any more questions?

Please contact us


Further contents