Posted: 3 Min ReadProduct Insights

The ‘Easy Button’ For DLP

Symantec DLP 16 Innovation Eliminates the Need For Complex Policies

Think about the last headline you read about a data breach.  It probably reads like many others - yet another organization has lost high volumes of Social Security Numbers, Credit Card details, Medical records etc.  Organizations know that this information is important. They have likely taken steps to protect it, so how did this happen? 

Most likely the data was stored in a tabular or structured format (such as tables), yet the organization was probably searching for a specific data type (e.g. credit card or customer identifier).  The challenge in finding sensitive data this way is you need to ensure many policies to cover all eventualities, and maintaining this set can be overwhelming. With DLP 16 we have solved this challenge, in essence giving customers an “easy button” to reduce the risk of a breach.

Structured Data Matching - Eliminating The Need For Complex Policies

Symantec DLP 16 (both Cloud and On-Prem,) now includes automatic identification and detection of sensitive content occurring in a tabular format in documents (such as MS Word) and Email messages using Structured Data Matching across on-premises channels including DLP for Network (email, web, and network monitor,) and DLP Network Discover. 

With this innovative approach, customers can detect structured data embedded in an otherwise unstructured document. The feature looks for sensitive data (such as Social Security Number, Credit Card Numbers, or Email addresses) formatted in columns and rows without the need to manually enable any specific PII, Healthcare or Finance Data Identifiers or Policy templates.

The new capability is available to all DLP customers with DLP version 16.0.

Key Benefits:

  • Superior protection against sensitive data leaks: Customers are better protected against data leaks due to inadequate policies.
  • Enhanced DLP compliance: Out-of-the-Box protection to help customers remain compliant with their DLP data protection regulations.
  • “Easy Button” setup: Automatic protection without an operational investment and challenges of building indexes such as EDM and EMDI.             

How Do Structured Data Identifiers (For Automated Detection) Work?

The Automatic Structured Data Protection feature is designed to protect data leaks with minimum customer manual interaction and iteration. Our approach is to focus this technology on the most likely type of data leak – exfiltration of data in tabular format in documents and email messages.

Structured Data Identifiers provide customers with an “Easy Button” to identify sensitive content. 

As a DLP Policy Author, a user can select from a list of pre-defined Structured Data Identifiers (PII, Likely PII, Healthcare and Financial), that ship with the product, when creating a Rule for a DLP Policy. Once part of a Policy, Structured Data Identifier identifies tabular data in unstructured documents including MS Office documents (Excel, Word, PowerPoint), PDFs, and CSV files, and Email messages across DLP for Network and DLP Network Discover channels. This automated identification (of tabular data) involves sophisticated parsing (and subsequent extraction) of table contents to identify natural column (and field) delineations and distinguishing column headers (when present) from column data. 

Figure 1: Detection Rule for “Content Matches Structured Data Identifier” and its drop down options.
Figure 1: Detection Rule for “Content Matches Structured Data Identifier” and its drop down options.

The system then decides on the optimal set of Data Identifiers required for potential matches on the table data to generate DLP Policy violations.  Finally, table columns that match Structured Data Identifiers are highlighted in the policy violation report (a.k.a: DLP Incident) for DLP Incident Remediators.

Why do you need Automatic Structured Data Protection?

  1. Protect against expensive Data Breaches: Data breaches, of sensitive/confidential information, often tend to occur in a tabular format. This is because such data either is available from a direct “export” of a database table/query or is copied from a spreadsheet containing PII, Healthcare or Financial information.
  2. Remove blind-spots in DLP protection: Structured Data Identifier creates categories (of protection) such as PII, Healthcare or Finance data, reducing the need for manually including data identifiers into DLP Policies. DLP Policy Authors need to select the “What” - PII, Healthcare or Finance, while the system parses data and automatically decides on the “How.”
  3. Easy (Off-cycle) data domain updates: Customers will receive updates for Structured Data Identifiers, covering additional data domains, through the Content Packs.  

With this newly developed capability, Symantec DLP customers can leverage their DLP investment to better protect against potential data breaches, including phishing attacks, involving exfiltration of sensitive information (PII, Financial and Healthcare) in tabular format in documents and Email messages. The Out-of-the-Box Detection Rule offers highest protection without any operational investment.

For more information about DLP OCR-in-Cloud, and additional Symantec Cloud features, please visit this page.

About the Author

Sudip Guha

Product Manager, Information Security

Sudip is a part of the Information Security Product Management group. He is currently responsible for driving the Symantec Data Loss Prevention product roadmap for DLP detection technologies.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.