Data loss prevention (DLP) software monitors, detects, and blocks sensitive data in use, in motion, and at rest to stop data from exfiltration. Which of the following measures is least commonly employed in DLP?
B. Intrusion prevention
C. User activity monitoring
D. Rule and regular expression matching
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Intrusion prevention.
Intrusion prevention is about detecting and preventing inbound traffic or attacks, while DLP works on outbound traffic or data breach.
Data loss prevention (DLP) software detects and prevents personnel who are authorized to access sensitive information from any intentional or unintentional data breach. For example, to prevent an unintentional breach because of sending an email with classified attachments without encryption or watermark that violates the security policy.
- Rule and regular expression matching analyze if classified documents are involved.
- User activity monitoring detects classified documents are attached in the email.
- DLP prohibits the user from sending unencrypted emails
According to Wikipedia, the technological means employed for dealing with data leakage incidents can be divided into categories as follows, although only the latter category (Designated DLP systems) is currently thought of as DLP today.
- Standard security measures, such as firewalls, intrusion detection systems (IDSs), and antivirus software.
- Advanced/intelligent security measures, such as machine learning and temporal reasoning algorithms, honeypots, and user activity monitoring.
- Access control and Encryption
- Designated DLP systems
- Data loss prevention software
- Data exfiltration
- 10 Best Data Loss Prevention Software in 2020
- Technology Overview – Symantec Data Loss Prevention (DLP)
- WHAT ARE DATA LOSS PREVENTION (DLP) BEST PRACTICES?
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
B. 預防入侵 (Intrusion prevention)
D. 規則和正則表達式(regular expression)匹配