A few years ago, DLP was a hot security buzzword and a relevant single offering. Now, it’s been swallowed up as part of other, beefier solutions that offer a buffet instead of an entrée.
However, to understand where to find DLP today and what exactly it’s doing, it helps to get a sense of the whole picture.
Let’s review the rise, decline and – reincarnation? – of the Data Loss Prevention category.
Where DLP Started
As it was stated so succinctly in Forbes, “Data loss prevention (DLP) has enjoyed a long and hype-filled life since the early 2000s.” That’s fair. Even before data became “big data”, protecting it was something of “big” importance. It only seemed right that doing so should be worthy of its own singular solution, and thus Data Loss Prevention – the tool wholly devoted to making sure not an ounce of protected information ever left the network – was born.
A certified Gen Z-er, DLP grew up in the early aughts and hit its stride in a landscape much different from today’s. There was no cloud. I’ll repeat that – the cloud didn’t even exist when DLP came about (pretty sure it had a landline), and everything was done via email. Network traffic was essentially cleartext, and most baddies were cyber-punks with a personal agenda. Nation-state actors, insider threats and ridiculous ransomware amounts were still creatures of the future.
Into that world DLP emerged, and it promised one great, simple thing. It would protect against data leaving the network or data centre by means of unsafe protocols (HTTP, SMTP). Sounds good enough. And this data was the kind you could easily (or pretty easily) identify; something with a signature, something regulated, something you could wrap your hands around and let your SOC handle if it had to. Pieces of information went in, pieces of information went out, and DLP was here as a ticket-taker to make sure nobody jumped the turnstile.
Then all HTTPS broke loose.
Big Data means Big Problems
Over the course of a few years, data started to explode. The world became an exponentially more connected place, and we need the digital tools that could keep up. Suddenly, useful little DLP was asked to do big things. Could it:
- Track data across multiple environments?
- Keep up with (and find) all the data we shipped up to the cloud?
- Handle petabytes (not terabytes) of data?
- Keep us compliant with GDPR?
- Keep us compliant with CCPA, CPRA, HIPAA, SOX, PCI DSS, ISO 27001, FISMA, The Privacy Act, PIPEDA, and individual data privacy standards for every state in the continental United States (and possibly Puerto Rico)?
- Fingerprint data?
- Contextualise alerts?
- Determine data lineage?
- Autonomously respond to data-targeted threats at scale?
- Spin up automated reports?
No. Good old-fashioned DLP could do none of those things. It was not a slicer-dicer-chopper; it was a can opener.
Now, DLP pure-play providers had some thinking to do. Adjust and adapt? Or be cannibalised by other, faster-moving offerings.
The answers vary as widely as there are providers out there, but as an industry the solution has been somewhere in the middle.
Where You’ll Find DLP Today
These days, DLP can be found right where you left it, but not like you’d recognise it. Even the industry noted the decline, with cybersecurity provider Cyberhaven eventually asking, “What happened to the Gartner Data Loss Prevention Magic Quadrant?” (It was discontinued in 2018).
This is largely what has happened to it:
- Data Risk Management incorporated it into its comprehensive strategy – it takes people, technology (DLP) and processes.
- Secure Service Edge (SSE) adopted some of its components and Insider Risk Management (IRM) took up the banner as a possible data security contender.
- Data Detection and Response (DDR) all but swallowed it whole.
However, this scenario can be hard for companies who see the lack and just want to plug the hole – not create a whole new strategy around it. And for that, there is some encouraging news: the DLP providers that remain have really had to adapt.
While traditional Data Loss Prevention is known for outdated technology, failure to protect data at scale and an annoying penchant to block normal activity, next-generation DLP providers have had to re-work the system.
Now, next-gen DLP has been redefined to include content analysis and offer context. It can cut down on false positives (a big one) and track everywhere that data’s been through meticulous monitoring of data lineage. In this, it even goes above and beyond AI-driven behavioural pattern searching, as important data often contains no recognisable pattern. So, if a disgruntled employee copy-and-pastes a bit of source code to their personal GitHub prior to leaving the company, evolved DLP tools can catch that. Quite a big difference from the low-horsepower reputation that got it booted from Gartner’s Magic Quadrant four years ago.
The Data Loss Prevention landscape is changing, and the legacy of DLP lives on. Perhaps better for its phoenix-like rebirth, its elements have been adopted and consumed in multiple offerings and improved in pure-play DLP solutions ever since.
While no one likes a wake-up call, it’s safe to say this one did the Data Loss Prevention category some good.
The post The Vanishing Data Loss Prevention (DLP) Category appeared first on IT Security Guru.