Data Loss Protection (DLP) (noun)
Rick Howard: The word is: DLP
Rick Howard: Spelled D for data, L for loss, and P for protection.
Rick Howard: Definition: A set of tools designed to safeguard data while in use in motion and at rest.
Rick Howard: Example sentence: The DLP solution prevented the attacker from stealing sensitive data.
Rick Howard: Origin and context: In the early internet security days, circa 1990s, infoSec practitioners weren't thinking about zero trust or intrusion kill chain prevention as security models to protect their organizations. Those concepts wouldn't be created for another 20 years.
Rick Howard: Perimeter defense was the model of choice where we would build electronic borders around our digital assets and try to keep the bad guys out. Unfortunately, employees and contractors had to work outside the electronic barrier and data had to be allowed in and out under specific conditions. In those early days, PII, personally identifiable information was a major concern, like employee names, social security numbers, and credit card numbers. Security practitioners didn't want that data type to get out. Later in the 2000's, one attack vector that became prominent was the insider threat. Examples are disgruntled employees seeking to do harm to the organization by releasing embarrassing information, departing employees seeking to take intellectual property with them as they go out the door, and spies working for an outside agency taking jobs within a target organization with the purpose of stealing secrets.
Rick Howard: DLP solutions are designed to stop that kind of activity. It's unclear when the first DLP solutions became available to the market, but it's likely somewhere in the mid-2000s. By the 2010s DLP solutions were available for many locations along the data path on the endpoint, in the network, on the database, and in the cloud. They essentially look for keywords, PII, data types like files with specific labels, and certain database queries. They could also prevent users from using certain types of media like USB sticks, CDs, and floppy disks. The problem with DLP solutions is that they are not fire and forget technologies.
Rick Howard: A team has to manage them, and except for a small class of niche use cases like governments trying to protect sensitive data, many organizations didn't prioritize this effort. According to Zscaler, Enterprise DLP solutions are notorious for being overly complex and costly, and most customers only use a small subset of the products capabilities.
Rick Howard: In 2018, Gartner retired the Magic Quadrant for enterprise data loss prevention, saying that more advanced security products already incorporate the basic functionality like CASB, Cloud Access Security Broker, SASE Secure Access Service Edge, and SSE, Security Service Edge.
Rick Howard: Nerd reference: On the Professor Messer YouTube channel, a channel that among other things, teaches CompTIA security training courses. Professor Messer explains one early use of a DLP solution from the U.S. Department of Defense.
James Messer: In November of 2008 in the United States Department of Defense, they received on USB storage a worm and that worm very quickly propagated to the entirety of the Department of Defense. As a result, the DOD banned removable flash media and storage devices, and you can imagine what a disruption that was, but it was necessary to prevent anything like this from occurring again. All of their devices had to be updated, all of their workstations and servers, and laptops and mobile devices, and a DLP agent was in charge of making sure that nobody could use any USB storage devices. The Department of Defense lifted this ban in February of 2010, but they instituted very strict guidelines for the use of USB storage devices in the future.
Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.