1. Home
  2. >
  3. Security
  4. >
  5. Data Loss Prevention

DATA LOSS PREVENTION

FILE CONTENT EXTRACTION FOR DATA LOSS PREVENTION

Organizations of all types are facing new cyber threats due to the evolving work environment: employees now have access to social networking, file sharing applications, cloud storage, webmail, instant messaging, and SaaS applications. In addition, employees regularly work from home or remote locations. These trends increase the risk of infection by infiltration and the risk of exfiltration of sensitive information. Security vendors have responded with new solutions for data loss prevention (DLP). To be effective, these products need to dig deeper into the payload of network traffic, extract detailed information such as file content (typically decrypted payload) and expose file movements at the network level to track malware and data exfiltration.

STRENGTHENING DLP SOLUTIONS WITH ENEA QOSMOS DPI

Qosmos ixEngine is an advanced DPI engine delivered as a Software Development Kit (SDK), composed of software libraries, modules and tools, that cyber security solution vendors can integrate into their products to gain granular visibility into traffic. Through protocol recognition and IP classification, it enables the reconstruction of network traffic content and the exposure of file movements at the network level in order to detect potential malware and data exfiltration with more precision.

CLASSIFICATION & CONTEXTUAL INSIGHTS FOR ESSENTIAL DLP FUNCTIONS

  • Recognition of over 3700 protocols, more than any other DPI engine on the market.
  • Support of various protocols for file extraction, including all transport types for Server Message Block (SMB) and all generic HTTP transfers, and identification of tunneling on protocols like DNS or ICMP.
  • Extraction of raw traffic content and metadata to reconstruct complete emails, attached files, images, videos, transferred files (uploaded or downloaded via FTP, HTTP, Dropbox), Websites, etc. NOTE: requires prior decryption of traffic.
  • Deep file inspection: Efficient file type detection, file hashing, and metadata extraction for file reconstruction.
  • File content extraction and deep file inspection capabilities are built into Qosmos DPI engine, with regular updates of the protocol library, leaving you free to focus your development resources on the core expertise of your products.

BENEFITS

  • Detect advanced exfiltration techniques like MITM, file spoofing, and tunneling over standard protocols.
  • Enhance rules and monitor usage with application-specific user action metadata (in proxy mode).
  • Reduce forensic storage by up to 150x compared to full packet capture.
Strengthening DLP Solutions with Enea Qosmos DPI
Qosmos ixEngine Content Extraction for Malware Protection and Data Loss Prevention
Video
How to use Qosmos ixEngine for Malware Protection and Data Loss Prevention
The Need for DPI in Cybersecurity Solutions (a whitepaper by IHS Markit)