DLP module in the Internet gateway: how, why and why?

All that is known about an inexperienced person about DLP systems can be put in three words: difficult, expensive, incomprehensible. Even Wikipedia doesn't know how to do it: Data Leak Prevention or Data Loss Prevention . Although, the essence of the technology directly corresponds to the name: protection against accidental data leaks. No more, no less. We have released the first Russian Internet gateway with the DLP module. Maybe, generally, the first in the world (the Chinese probably already invented this), although it is so logical to filter traffic on the gateway, not plugging in a separate system before or after it. DLP-module does not need to be implemented or configured - it is already in the distribution. Home users do not even have to pay for it - download, as they say, license.

First of all, the DLP disclaimer. The essence of technology - protection of service data (or any that you consider confidential) from accidental distribution. Remember how Mozilla someone talented laid out the base of accounts on an open server? So, DLP allows you to prevent this. You upload documents (spreadsheets, videos, etc.) to the DLP system for taking digital fingerprints. Documents are not stored on the server, only fingerprints are stored. The DLP module scans all outgoing traffic (mail, web protocols) and when it detects "secret" documents, it triggers, blocking their transmission and notifying both parties (admin and user) about the attempt to disseminate internal information. It also works with modified documents, i.e. not just for full compliance. Ideally, the DLP system also controls uploading to different media and output to the printer. Yes, she does not beat insiders on her hands (there is a security service for this), her task is to protect her from stupidity and accident.
Our DLP module provides filtering of everything that flows through the Internet channel. To detect sensitive data in the outgoing traffic stream, we use the md5 file hash comparison, in this case any file formats are supported. Also, for a more thorough filtering of text documents, the latest SmartID technology is used - if the files sent are modified, depending on the degree of change, their similarity will be searched for with documents previously uploaded to the server.

A small presentation from our lead DLP developer:

If you didn’t watch the video, I’ll summarize: our module will be developed and we will strive to close all holes and possible data leakage. Now he controls the main channels and copes well with 95% of leaks. The main function of our product is access and control of access to the Internet, so DLP filtering quite logically complements its security tools.
So,

Advantages of the DLP module in the IdecoICS Internet Gateway:

• no need to implement - it is included in the gateway distribution
• setup is easy and understandable without manual
• it is not worth the extra money, and in networks of up to 5 computers it can be legally used for free (as well as the main product - the gateway)

')
Cons of our DLP module:

• while there is no copy protection on devices and flash drives
• There is no possibility to surf messages in messengers for the transfer of texts
• Only a network administrator (or several) can monitor the policy and upload documents. In the future, there will be a Security Officer account that will control DLP without having access to the settings of the gateway itself.

In any case, the product develops and will develop. Now the module is fully working in our network and with some customers who make an invaluable contribution to its development. If you, dear habrovchane, have any requests for its functionality, you can take part in the discussion on Reformal: dlp.reformal.ru , you will help us a lot.