Just program your IPS to look for credit card numbers (or similarly sensitive data) and presto, you now have content-aware DLP (well, a tiny piece of it at least). I’ve got vendors of antivirus solutions for SharePoint that can perform general expression pattern matching while they crawl the SharePoint content repository doing DLP. Seems everything is DLP nowadays.
My colleague Greg Young has written a clever series of blogs on classic vendor mistakes. This one resonated with me:
“Saying your product is in X market because X is currently ‘cool’.
DLP is hot.. It’s one of the top five IT security spending areas I see in 2010. The problem is, much of what we do in information security is ultimately directed at stopping the loss of sensitive data. So almost everything we do is a form of DLP in one way or another. So whether or not a vendor provides a DLP solution depends on how you define DLP.
Rather than rely on the vendor’s definition, turn the tables: whether or not you need a DLP solution depends on what your data protection needs are – and data protection is not a product, it’s a process.
Data protection is the process of identifying and understanding where and how sensitive information is created, consumed, processed, moved, shared, stored and retired and protecting it throughout this lifecycle.
There are a myriad of security controls and policy enforcement points that map to this process: full drive encryption, file/folder encryption, content monitoring and filtering at email and web security gateways, application-level encryption, end-user activity monitoring, sensitive data discovery tools, digital rights management, … and, yes, sure (why not?) – even an IPS or AV scanner that is programmed to look for sensitive data.
If you’ve budgeted for a DLP product in 2010, take a step back and look at the process, then decide which controls take priority in 2010. Don’t let a vendor take your money just because they position themselves as a DLP vendor. That can mean just about anything.