A Small Leak will Sink a Great Ship: An Empirical Study of DLP Solutions
Data Leakage Prevention (DLP) is the general term for a new approach to avoid data breaches. To achieve this goal, all currently available implementations of this concept perform an analysis of intercepted data to detect breaches in a generic way. The analysis is typically based on user-defined policies which specify what data is valuable. There are several different approaches to both define these content policies and to intercept data to enable analysis.
In this paper, we introduce a methodology to evaluate DLP solutions and we exemplify the method by testing two DLP implementations in detail. Our review process is an essential step in the life cycle of every new software or concept: there should be a continuous cycle of test phases and examinations before a solution can be regarded to be dependable. To perform such an analysis in a structured way, we develop a set of generic tests which evaluate critical parts of important functionality in a DLP solution. We focus on the development of a set of tests that evaluate the DLP specific functionality, instead of performing a traditional vulnerability assessment.
Our empirical tests reveal security vulnerabilities in the tested products. The vulnerabilities have different impact, like the fact that data breaches can still happen or even new leakage vectors can arise.
KeywordsFile Type Identity Theft Data Leakage Endpoint Agent Data Breach
Unable to display preview. Download preview PDF.
- BBC. Teacher’s details on missing disk. http://news.bbc.co.uk/1/hi/england/west_midlands/7636822.stm, 2008.
- P. Proctor E. Quellet and R. Mogull. Magic Quadrant for Content Monitoring and Filtering and Data Loss Prevention. Technical report, Gartner RAS Core Research, 2007.Google Scholar
- The Guardian. Ebay camera contains secret MI6 terrorist images. http://www.guardian.co.uk/politics/2008/sep/30/terrorism.ebay, 2008.
- M. E. Johnson and Scott Dynes. Inadvertent disclosure - Information Leaks in the Extended Enterprise. In Proceedings of the Sixth Workshop on the Economics of Information Security. Carnegie Mellon University, 2007.Google Scholar
- Rich Mogull. Understanding and Selecting a Data Loss Prevention Solution. Technicalreport, SANS Institute, 2007.Google Scholar
- E. Quellet and P. Proctor. Magic Quadrant for Content Monitoring and Filtering and Data Loss Prevention. Technical report, Gartner RAS Core Research, 2008.Google Scholar
- Der Spiegel. Diebe klauten 17 Millionen T-Mobile-Datensaetze. http://www.spiegel.de/wirtschaft/0,1518,581938,00.html, 200html, 200