Computer Systems Security Planning for Success

Data loss prevention (DLP) solutions aim to stop the exfiltration of sensitive data. This could be personally identifying information (PI), medical records, social security numbers (SSNs), credit card numbers, etc. Typically DLP either functions on the endpoint and server, data at rest, or on the network, data in motion.

Network DLP solutions may monitor emails or web traffic for sensitive strings, such as SSNs. When an SSN is detecting in an email, the email is quarantined and an alert is sent. Server and endpoint DLP solutions may periodically scan the system to see if sensitive strings are stored on the system. If it is a system that shouldn’t have access to sensitive data an alert is sent. DLP on an endpoint may also limit tasks like USB usage or bulk data transmitting.