10 critical capabilities to look for in any DLP solution

• Ability to discover sensitive data across all platforms:

A DLP solution should be able to discover sensitive data across applications, storage towers, systems and devices. It should have inbuilt rules to identify sensitive data as required by various regulatory requirements


• Ability to do deep content and context analysis for Encrypted/Password protected content:

Apart from applying content analysis techniques, such as database fingerprinting, partial document matching, regular expressions etc., on normal documents good DLP solution must also have access to centralized key/password management tool to scan the encrypted file types.


• Ability to identify sensitive information in graphical documents and image files:

This feature helps organizations to prevent data breaches via screen-shots, print screen functionality and other tools which convert document into graphic files. The solution must have optical character recognition feature to scan file for any sensitive content.


Ability to scan for sensitive data in archival tools and documents embedded inside another document:

A DLP tool should be able to monitor data transfer in zipped format as well such as .zip/rar/.7z/.tar etc.


• Ability to identify sensitive content in all languages:

A malicious insider (esp. privileged users) can employ this technique to leak any sensitive data by simply translating the data into another language. A good DLP solution must be able to identify and prevent such actions


• Ability to protect data both on and off the corporate network:

After BYOD trend people are bringing various mobiles devices to workplace. Sensitive data on those mobile devices are frequently leaving the companies secure network. In this scenario a good DLP solution must have Mobile device management capabilities and must ensure that data is protected both on and off the network


• Ability to log the actions of privileged users:

Most of the data breaches today are happening due to the abuse of privileged accounts. A DLP solution must be able to audit the use of privileged accounts and logs all the actions in an encrypted and digitally signed file.


• Integration with Directory services, Mail servers, and other security tools:

Integration with Active Directory, SIEM tools, IAM, IPS, Databases, Mail servers and proxies are critical to enhance the effectiveness of any DLP solution


• Supports for MAC and Linux platforms:

Should provide support for MAC and Linux systems.


• Supports centralized deployment and incident response workflow:

A Centralized management will ensure effective monitoring of all the DLP components from a single user interface. It also supports centralized policy creation, generating reports and managing incident response in case of any breach.

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform