With the prevalence and damaging effects of data breaches, organizations now see
digital asset protection as a critical component of their security infrastructure.
Data Loss
Prevention safeguards an organization's sensitive data against accidental or deliberate
leakage.
Data Loss Prevention allows you to:
-
Identify the sensitive information that requires protection using data identifiers
-
Create policies that limit or prevent the transmission of digital assets through common transmission channels, such as email messages and uploaded files
-
Enforce compliance to established privacy standards
Before you can monitor sensitive information for potential loss, you must be able
to answer
the following questions:
-
What data needs protection from unauthorized users?
-
Where does the sensitive data reside?
-
How is the sensitive data transmitted?
-
What users are authorized to access or transmit the sensitive data?
-
What action should be taken if a security violation occurs?
This important audit typically involves multiple departments and personnel
familiar with the sensitive information in your organization.
Trend Micro uses Data Loss Prevention templates to tag and detect sensitive content
by a set
combination of data identifiers. A template combines data identifiers and operators
(And, Or)
in condition statements. When a set of data matches the criteria of a condition, Data
Loss
Prevention triggers a policy action. For example, a file containing data matching
the
All: Names from US Census Bureau AND US: HICN (Health Insurance Claim
Number) templates, triggers the HIPAA policy.
TMWS provides some Data
Loss Prevention out-of-the-box templates for regulatory compliance initiatives, such
as GLBA,
PCI-DSS, SB-1386, US PII, and HIPAA, and integrates them into Data Loss Prevention
profiles to
help manage the distribution of sensitive data across the network. Administrators
can scale
profiles to apply to the entire company, groups, or specific endpoints.