Data Loss Prevention – SY0-601 CompTIA Security+ : 2.1

Data loss prevention can help protect sensitive data from unauthorized use. In this video, you’ll learn about DLP, USB blocking, cloud-based DLP, and DLP in email systems.

<< Previous Video: Protecting Data Next: Managing Security >>



We maintain and collect a lot of different types of data on our networks. We could keep social security numbers, credit card numbers, health care information, and other sensitive data that we must protect. If attackers focus on our network, they’ll want to have access to this sensitive information.

There are so many places to obtain and store this information on our network. So we need intelligent systems called Data Loss Prevention, or DLP, that’s able to look in many different locations and protect our data from prying eyes. An endpoint DLP solution would reside on our local workstations and devices. And they’re examining everything that is being transferred into or out of our device.

We can also have DLP technologies on our network that’s examining all of the packets going across the network and making sure that no sensitive information is stored in the network traffic. And to look at data at rest on our servers, we may want to have a DLP system that is running on the servers themselves. In some cases, DLP is designed to block access to different types of hardware. For example, DLP on a workstation would be able to allow or disallow access to data that’s being stored on a USB-connected drive.

An example of how important it is to have DLP associated with these USB flash drives occurred in November of 2008 with the US Department of Defense, where suddenly, a worm was able to move throughout the network because it was replicating itself using USB storage. The US Department of Defense immediately banned the use of USB-connected media devices and blocked all of those devices from working on their network. Every device on the US DoD network had to be updated to be sure that this DLP solution was in place. They finally lifted the ban in February of 2010 and put in much stricter rules on how these flash drives were able to be used.

We’ve talked about our devices, and our networks, and our servers. But what about devices that are stored outside of our organization in the cloud? Well, of course, there’s cloud-based data loss prevention technologies as well.

This type of DLP also lives in the cloud. And it’s able to look for all of the traffic going through to see if any particular predefined data strings exist within those data flows. This cloud-based DLP could also block data from going to certain URLs to prevent people from storing that data on an insecure cloud-based storage system. This could also block viruses, and malware, and anything else that might traverse the network.

The ability to send and receive emails also makes it very easy to transfer sensitive information into and out of your network. To be able to prevent this, we need to have data loss prevention on our email systems. This will look at both inbound and outbound emails and block any information that is categorized as sensitive.

Inbound emails can be filtered with this DLP using keywords or by identifying emails that are coming from imposters. These emails are then quarantined and can be examined by an email administrator to validate whether this is legitimately a DLP filtering function or if it may be a false positive. A good example of outbound DLP filtering might be to block anything that looks like a wire transfer– maybe somebody trying to transfer W-2 information or anything related to employees’ personal information.

A good example of how important it is to have DLP in our email systems occurred in November of 2016. An employee at the Boeing organization e-mailed their spouse a spreadsheet that they would then be able to use as a template for a different project. Unfortunately, hidden in that template spreadsheet was the personal information of 36,000 Boeing employees. And by sending this information to his wife over nonsecure channels into their own personal email, he had now transferred out social security numbers, dates of birth, and much more information as well.

Ironically, Boeing does sell their own version of a DLP software. But it wasn’t in use in this particular case because it’s only used on classified networks. This is just another example of how important DLP is, whether it’s on your servers, your network, or your email system.