DLP again

Well, some thoughts about DLP were in my mind for some time and I want to write them down.

First, DLP is about unintentional data loss. There are always ways to get data out of a secure area, if it’s by USB drives, HTTPS upload, CD-Rs, steganography or what so ever. It’s nearly impossible to prevent data leaks completely.

But that’s not what DLP is aiming for… it’s for the user that accidental chooses the wrong email-adress or picks the wrong file for uploading on a website. And for that purpose, it’s totally sufficient.

The underlaying engine which does the processing is amazing and you can do all kinds of stuff with the data types. For most of your requirements Check Point brings build-in datatypes, if it’s credit card numbers or social security numbers.

Second: the hard part with DLP is to define a company policy and a list of data that should not leave the company. This is were technical and organizational security meet and the biggest challenge.

Concerning the DLP-1 appliances that I mentioned before, I have some information about the hardware.

The DLP-1 2571 has Dual Core CPU, 4 GB RAM and 500 GB HDD, so it’s pretty much a UTM-1 3070 series appliance with more memory and HDD.

The DLP-1 9571 is based on the Power-1 9075 and comes with 2x QuadCore CPU, 8 GB RAM and 2x 1 TB HDD.

Internal Check Point sources say that by now it’s safe to assume that for real live traffic you have to divide the performance numbers by 4. This will change with the next releases that improve performance.

If you haven’t noticed, DLP-1 appliances come with UserDirectory blade to allow easy connectivity to Activce Directory domains or LDAP directories.

DLP-1 will be able to scan also HTTPS traffic in the near future (Q1/11) and I’m really looking forward to that feature.

Comments

0 Responses to "DLP again"

Post a Comment