Data Loss Prevention (DLP)

To protect your organization from data loss, you must implement a comprehensive strategy that covers all the potential threat vectors. This starts with user education to make employees aware of suspicious emails and minimize behavior such as downloading files from websites, using unsecured Wi-Fi connections, etc.

You must secure critical data whether it is in use, in motion, or at rest:

• Data in-use. Data that is being used by applications such as email clients, web browsers, and SaaS applications can be stolen by hackers or accidentally deleted by users. The risks can be greatly minimized by implementing data loss prevention at the mail server level and implementing a web security gateway or web filter to protect web browsers.
• Data in-motion. Data that is in transit across a network is also at risk of theft. For emails, outbound filters and encryption can help protect data in motion. For the most complete possible protection, your network firewall must protect and encrypt all network traffic.
• Data at-rest. This applies to data residing in storage. Protecting this data requires backup tools that, at a minimum, should encrypt the backed-up data and replicate it off-site.

It is critical that you implement data loss prevention technology to all surfaces that potentially expose your organization to data theft — including your email server, web browsers, web server, and network firewall. A data prevention strategy typically consists of the following components.

Implementing email-based data loss

The most common source of data loss is email. If you have not implemented a DLP system, the first step is to secure your email. Barracuda Email Protection and the Barracuda Email Security Gateway include outbound email inspection capabilities. Both products protect against data loss caused by malicious data leaks, malware exfiltration of data, users being hijacked as spambots, and numerous other causes of data loss. They also provide inbound filtering to block malware, viruses, phishing, spear phishing, and advanced threats that can be used to steal data.

In addition to email filtering, email encryption is an important part of a data loss prevention strategy. Barracuda also encrypts emails containing sensitive data. Users can encrypt emails on demand, or you can set up policies to automatically encrypt emails based on the sender, recipient, and content.

Implementing data loss prevention for web browsing

Another common source of data loss is via web browsers which can infect users with malware or spyware, as well as websites that collect sensitive data. The Barracuda Web Security Gateway provide comprehensive filtering of all downloaded internet content. They protect users from malware, spyware, ransomware, and viruses. They also monitor web browsing, searches, and social media for specific patterns and keywords. A tamper-proof web security agent and SSL packet inspection block advanced threats and alert you of suspicious activity.

Implementing data loss prevention for websites

Your website and hosted web applications are another attractive target for hackers looking to steal data. Barracuda Web Application Firewall inspects all inbound traffic for attacks and outbound traffic for sensitive data. When any sensitive or malicious data is identified, it can be blocked or masked automatically. Comprehensive traffic logging helps you identify the source of any potential leaks.

Implementing data loss prevention in network firewalls

Your network firewall should serve as the final and more comprehensive layer of data loss protection. Barracuda CloudGen Firewall includes advanced threat protection to check every file that enters or leaves your network. If a file type is unknown, it is emulated in a virtual sandbox where any malicious behavior can be discovered. Botnet and spyware protection blocks access to malicious sites and servers. The Intrusion Detection and Prevention System (IDS/IPS) provides real-time network protection from a wide range of network threats and vulnerabilities in operating systems, applications, and databases.

Implementing data backup and recovery

Data at rest must be safely backed up as frequently as possible. The backup device should be able to compress the data and eliminate duplicate records to minimize storage space and network bandwidth requirements. The backup system should also be able to automatically schedule backup in such a way as to avoid large data transfers during periods of high network usage. The more efficient the backup technology, the more frequently the data can be backed up.

Barracuda provides several solutions for managing backup and recovery. The Barracuda Backup provides near real-time backup of data regardless of its location and replicates the backed-up data to Barracuda’s secure cloud. For data protection of email, files, Office 365 documents, and SharePoint, Barracuda Email Protection automatically enforces email retention policies by storing emails and files in a tamper-proof cloud archive. The Barracuda Message Archiver provides similar capabilities in a physical or virtual appliance that can be installed on-premises or in the cloud.

Do you have more questions about data loss prevention (DLP)? Contact us today.