The buzzword “Next Generation” started trending in cybersecurity, thanks to Gartner analysts and network security pros who pioneered the term over a decade ago. It quickly became popular among professionals and consumers in the market. With time, companies began attaching the “Next-Gen” tag to more products and categories to signal innovation and stand out in a crowded field. However, not all of these naming attempts have stuck around.
The term “Next Generation” has also caught on in the world of Data Loss Prevention (DLP). At the same time, different experts have their own interpretations of what it means. Let’s look back at how DLP has evolved and consider whether “Next Generation” is an apt label for today’s DLP systems.
Tracing the Evolution of Data Loss Prevention Systems
Looking back at the history of DLP, it is clear that categorizing generations of DLP systems -or any systems, for that matter – is quite subjective. Nevertheless, we can pinpoint some basic benchmarks that influenced how DLP systems were designed during different phases of their evolution. This categorization is not rigid. It is less about the systems themselves and more about the objectives customers had in mind for them.
The first generation of DLP systems was designed to meet the legislation requirements. They were focused on performing relatively narrow tasks in accordance with specific laws or industry standards.
The next stage of DLP development shifted towards safeguarding trade secrets and businesses’ intellectual property. During this stage, there was an emphasis on enhancing the technology applied, broadening the scope of communication channels monitored, and improving the categorization of the protected data.
DLP capabilities were then expanded to address internal security problems, such as identifying malicious insiders and other internal violators and investigating incidents.
Finally, the next generation of DLP systems has arrived. Here, we are looking at multifunctional products that are capable of handling various tasks like malware removal, legal compliance, incident investigation, etc.
Next Generation DLP
Discussing recent developments in DLP, an essential advancement has been the management of wider data leakage channels. For example, DLP systems can now recognize and sort natural spoken language in audio communications, capturing audio through built-in microphones and stopping potential data breaches through visual captures like screen photos. There is no doubt that the capabilities of DLP systems have grown considerably.
But is this enough to talk about a generational change? In my opinion, probably not. For that, we would need to see more fundamental changes, such as architectural changes or new technological breakthroughs.
One significant change could be a fundamental shift in how we approach security – from the traditional method of analyzing past incidents to assessing potential risks.
This evolved approach does more than just enforce security policies. It anticipates threats and uncovers subtle fraud schemes that might slip past security specialists and standard DLP systems. It also highlights the most at-risk business areas and identifies which employees require closer supervision. This is particularly vital for large organizations and security officers who have to monitor the work of thousands of users.
Any consultant will emphasize the critical role of risk assessment – it is foundational to a company’s information security. It is quite surprising that DLP systems, which collect a lot of data from their sensors, have not played a bigger role in risk management despite having every chance to do so.
Looking ahead, what is even more crucial for the future application of DLP is the integration of Data-Centric Audit and Protection (DCAP) capabilities. DCAP has traditionally been used as a standalone solution, but integrating it with DLP can provide a more comprehensive and effective approach to data protection.
Your Stored Data Is at Risk
The traditional approach to preventing data leaks typically involves monitoring data during storage, handling, and transfer phases. However, in practice, DLP systems often emphasize the transfer phase – data is closely monitored as it is being copied or sent, and then checking each operation for compliance with corporate policies.
Interested in what the future will bring? Download our 2024 Technology Trends eBook for free.
User behavior can be monitored, for example, by using User Behavior Analytics (UBA) modules and things like display photo detection to control how information is used.
Yet, when it comes to overseeing stored data, there is a noticeable lack of tools. Some DLPs offer data discovery modules to help identify where confidential information is stored, but this is where data at rest protection ends.
Most of the risks to the confidentiality of corporate information arise at the storage stage, not at the data transfer stage. These risks can be caused by:
- Excessive data access rights are granted to individuals who should not have them.
- Duplicate files that are spread across the network (including by secretaries, assistants, designers, etc.)
- Still-active user accounts of former employees, which could be exploited by those ex-employees, their colleagues, or even external hackers.
- Concealed, forgotten, or unknown data storage location, often referred to as “Shadow Data.”
- The overwhelming amount of data companies accumulate, which is increasing rapidly.
- Poorly organized data storage systems that are hard to understand and navigate.
- Lax or sometimes non-existent controls over who gets to access data.
DCAP systems are designed to reduce security threats to data stored in a corporate environment. They have the capability to audit and map out an organization’s data storage landscape, detailing who has access to what and highlighting any improperly set permissions. By doing this, they can pinpoint the actual data owners, unnecessary access privileges, and frequent file users. Based on the points above, it is clear that using DLP and DCAP separately only taps into a fraction of their potential capabilities.
The Benefits of Combining DLP and DCAP
Using separate security tools is perfectly fine, but it is the combined use of these tools that creates a synergistic effect.
At a basic level, this integration offers:
- Universal policies for uninterrupted data protection.
- A unified console and uniform methods for managing data.
- The integration of information from different sources to gain a comprehensive view and make accurate predictions.
- A central database for storing data and events, which allows you to reduce the costs of its implementation and maintenance.
Digging deeper, you can uncover a broader range of benefits:
- The use of the same content analysis and classification technologies needed for examining both stored and in-transit data, which can be facilitated by shared services.
- The ability to reflect business-specific details using the same vocabularies, eliminating the need to develop or transfer them anew.
- Objects receive uniform labelstags.
When data from different sources is combined, it does not just add to the quantity of information about the items being protected – it enriches the data, making the whole greater than the sum of its parts. This kind of integration particularly enables the following:
- The detection of anomalies and the evaluation of risks.
- The cross-referencing of details within data sets.
- The creation of backup copies of critical files.
- An increase in the diversity of technologies applied leading to a more effective information security system.
- A more precise assessment of the risks facing corporate data and its users.
Anomalies could be things like files being deleted or moved around too frequently, unusual spikes in activity from employee or system accounts, and other peculiar behavior patterns.
A crucial aspect lies in incident investigation, which can be streamlined through a single incident response module that collects insights from both static and dynamic sources. This helps to restore chains of events and file versions and identify seemingly unrelated connections between different facts.
DCAP highlights data that DLP needs to pay attention to. No DCAP system can obtain information about files from the network perimeter. In turn, the DLP system can track the entire life path of each intercepted file from the moment it is created or appears in the network perimeter. Finally, the DLP + DCAP combination can detect all the current storage locations of the document being studied, its previous versions, and files with similar content.
Conclusion
Syncing Data Loss Prevention and Data-Centric Audit and Protection systems offers a lot of advantages, but thinking of them as totally separate things is not quite right. They are really more like two parts of the whole process of keeping data safe from leaks. Ideally, they should be integrated, not isolated. This is the goal of Next Generation DLP: to bring together what has been previously split between different types of products to strengthen how we safeguard company data.
This combined approach saves money on the deployment and maintenance of information security systems, reduces the workload for security personnel, and, most importantly, improves data visibility in the corporate environment, leading to more effective protection.