Email data loss prevention

DLP: The full guide to data loss prevention

by Egress
Published on 16th Jul 2020

Data loss prevention (DLP) software stops intentional and accidental leaks of information from your network. By monitoring sensitive data in use, in motion and at rest, DLP technology helps you maintain the level of security you require.

What kinds of DLP software are there?

Data loss prevention software is split into two main types: network DLP (N-DLP) and endpoint DLP. While both technologies are there to protect your sensitive information, the actual ways they prevent data loss differ.

Network DLP

Network DLP, also referred to as data-in-motion protection, is installed at entry and exit points along your network’s perimeter. It works by tracking and monitoring data as it moves around the protected network. When a user attempts to send an email containing sensitive data, the network DLP system is able to act on a number of pre-programmed actions, such as blocking, quarantining, auditing, or encrypting the mail. It is also able to notify network administrators of users’ attempts to send sensitive emails.

Endpoint DLP

As its name suggests, endpoint DLP operates on individual devices within your organization’s network (at the endpoint). This DLP software monitors incoming and outgoing data (such as information contained in emails) and content stored on the device. It can even recognize and monitor unencrypted (plaintext) sensitive data within files stored on the device.

However, this increased protection level does require a higher degree of management than network DLP. Every device has to be protected individually, meaning that if your network of devices is complex and geographically spread, protecting each will require more intensive levels of management and maintenance.

How do I know which type of DLP is right for me?

Different situations require different types of DLP software. In general, if you are unable to exercise a high amount of control over individual devices within your system, it’s likely that you’ll have to choose a network DLP system. N-DLP is faster and more simple to organize – however, it is worth remembering that protection will not be as thorough as endpoint DLP.

However you choose to protect your system, it’s important to remember that DLP alone isn’t enough to make sure your sensitive data is kept fully secure. Egress Prevent software helps to eliminate potential risks in your system and covers gaps that traditional DLP might leave exposed – including human errors such as misdirected email.

By using contextual machine learning, it’s able to recognize when your employees are about to cause data leaks – either intentionally or accidentally. With prompts to encourage users to practice secure and responsible handling and comprehensive administrator monitoring and analysis tools, Egress Prevent helps stop breaches before they happen.

Are there any downsides to traditional DLP software I need to be aware of?

Traditional DLP software will help to protect data shared inside and outside your organization’s network, but it can be frustratingly inflexible. Employees may have a perfectly valid reason to share data with an individual with a free mail domain – for instance, communication with a freelancer or supplier. However, if that domain is blacklisted by rigid DLP software, that communication may be impossible.

Other features of traditional DLP can also hamper productivity. Keyword tagging, where emails are blocked for containing trigger words that may be associated with sensitive or protected information, can prevent data loss but may also act as a communication barrier. It’s also worth noting that such systems are labor-intensive and require constant updating and management.

What else do I need to be doing to prevent data loss?

Alongside traditional DLP software, it’s advisable to introduce email encryption to protect sensitive information. Data that’s handled between colleagues or shared with external clients or suppliers needs to be kept secure.

Egress Protect offers highly secure email encryption that gives you total control over the information you handle. Combined with intelligent Egress Prevent DLP software it helps you have complete confidence in the security of your system to stop data leaks.