Data loss prevention DPI for enterprise security
The issue of security in enterprises has always been relevant. Restricting access to unauthorized persons and preventing theft of property of the enterprise – these are the main tasks that the service of its own security was engaged in. With the advent of information technology, enterprises acquired a staff of information security employees whose headache was to identify the theft of confidential information. Today we’ll talk about ways to prevent data leakage, information security systems and much more.
A long time ago, when I worked in a state structure, the issue of preventing information theft was resolved radically: USB controllers were turned off in the BIOS of the workstation, and the interfaces themselves on the system unit had to be sealed. The staff was recommended not to bring with them the means of accumulating information – flash drives, floppy disks, etc.
Agree, these measures do not work even for very small enterprises.
Firstly, screening for the presence of flash drives, external hard drives, cables for the phone (which will later be used as a drive) at non-mode objects is difficult to carry out.
Secondly, walking and inspecting seals on computers is uninteresting, boring and, as a result, sooner or later the quality of inspections will drop, and the data will be stolen.
On February 26, 2019, NDN.info published a news about the leak of personal data of more than 506 thousand customers.
“Young people came to the office of the Mobile TeleSystems company with their laptops, took a login and password from local specialists and calmly downloaded a database of 506 thousand 185 subscribers. It included personal data and information about the debts of residents of Novosibirsk, Berdsk, Novokuznetsk, Barnaul, ”reports NDN.info.
How to protect corporate information in modern realities?
A simple, fast and productive solution will be the transfer of important information to the server and the deployment of a DLP-system (Data Leak Prevention – leak prevention), preferably in conjunction with DPI. This solution extends standard access control tools, such as directory and file access policies, as well as logins and passwords.
So you can imagine the network diagram of a modern company that cares about the security of corporate information – Figure 1. The introduction of DLP in the enterprise network
What is DLP and what does it consist of?
DLP (Data Leak Prevention) – prevention of leakage of confidential information from an information system. A DLP system is usually a modular software product, less commonly a hardware product. The system is based on the analysis of data streams that go beyond the corporate network and / or its specific segment.
The classic DLP system consists of three modules:
• An analyzer is a network component whose task is to control traffic, as well as collect statistics from switches and routers on a corporate network, including flow, with subsequent transmission to storage systems.
• Storage system – collects, stores and processes the received data.
• Graphic module – visualization of data and reports, as well as the output of monitoring results to an information security employee.
External module – in some DLP-systems, the external module is intended for direct installation on the user’s PC for subsequent monitoring of keystrokes on the keyboard, a picture on the monitor screen, the contents of RAM, as well as the control of moving / copying / deleting files on disk devices.
This system can be considered perfect if it is supplemented by DPI (Deep Packet Inspection) – a technology for deep traffic analysis. Thanks to DPI, a DLP system can:
a. Conduct an audit of network security and identify external attacks, as well as take countermeasures to eliminate them with personnel alerts;
b. Analyze the status of all network connections and make a decision about their break;
c. Collect statistics on protocols, applications, services, as well as traffic direction and even for a specific user with subsequent logging;
d. Generate traffic for the target server in order to test its performance and resistance to attacks.
DLP system vendors
There are many companies on the market, including Russian ones, ready to offer a similar product:
- Garda enterprise;/li>
- DeviceLock DLP;
- Dell EMC RSA DLP;
- Zecurion DLP;
- Symantec DLP
The products of these companies allow us to solve the problem of protection against data leaks, but not every one of them can do this as efficiently as possible, using DPI technology to process all traffic on the corporate network. The use of deep traffic analysis technology allows inspection at the protocol and application level, analysis up to OSI level 7 – which is not available for other DLP systems.
The development of digital technology and social engineering casts doubt on the security of confidential information. And today it is important to make a choice in favor of a proven solution. Modern DLP systems using DPI technology will allow at high speeds (up to 400 Gb / s) to analyze data streams that go beyond the corporate network and prevent leakage of confidential information outside the corporate network.
Protection systems against confidential information leakage from DPI vendors, such as the SPECTRE DPI DLP system, are ready to upgrade networks at any speed. The ability to scale performance is due to the use of standard x86 servers, the traffic processing speed can reach 3.84 Tbit / s.