1. Home
  2. >
  3. Security
  4. >
  5. Data Loss Prevention

DATA LOSS PREVENTION

FULL CONTEXT AWARENESS TO PROTECT AGAINST ADVANCED EXFILTRATION

Data Loss Prevention (DLP) is a must-have security function for all organizations. Used to identify and prevent the theft or misuse of sensitive data (e.g., social security numbers, financial information, account credentials…), to inspect content for anomalies and to identify user activities that do not comply with company guidelines or government regulations, it is an essential first line of defense. Its performance, however, depends on the level and quality of the traffic intelligence it receives and therefore on the deep packet inspection (DPI) technology it uses.

Whether your DLP product is deployed as a standalone solution, embedded within security components like SWG, CASB and NG Cloud FWs, or deployed as a central, shared resource in an umbrella solution like Security Service Edge, to ensure success, you need to provide it with reliable, accurate and detailed traffic information.

Strengthening DLP Solutions with Enea Qosmos NG DPI

STRENGTHENING DLP SOLUTIONS WITH ENEA QOSMOS DPI ENGINE

Enea’s Qosmos ixEngine® is the DPI engine of choice for Tier 1 DLP providers. It provides accurate recognition of 3700 protocols, more than any other DPI engine on the market, and thousands of unique types of metadata that add crucial context-awareness to support DLP functions, including:

  • Expanded visibility into user identifiers and actions
  • Insights into links and attached files in email
  • Extraction of files and/or file metadata (e.g., file extension, size, type, name, content)
  • Access to security metadata that enables the identification of tunneling on protocols like DNS or ICMP
  • Classification of encrypted and evasive traffic

EXAMPLES
DLP FUNCTIONS ENABLED BY QOSMOS IXENGINE

  • Use file hashing to detect a subtle discrepancy between a classified, internal use-only file and a file sent out of the organization via email.

  • Extract and inspect an emailed file and sender and device data.

  • Identify a data loss source and gather the contextual evidence required for incident investigation and remediation.

  • Use L7 classification and metadata extraction to rebuild only objects that are relevant for further analysis, e.g., rebuild HTTP objects when the flow is a targeted blog, not YouTube.

BENEFITS
FOR DLP SOLUTIONS

  • Detect advanced exfiltration techniques like MITM, file spoofing, and tunneling over standard protocols.
  • Enhance rules and monitor usage with application-specific user action metadata (in proxy mode).
  • Reduce forensic storage by up to 150x compared to full packet capture.
Qosmos ixEngine: Next-Generation Deep Packet Inspection (DPI) for Maximum Traffic Visibility
How SSE Leaders Use Next Generation DPI for Market Success
Improve Suricata’s Ability to Detect Threats in Evolving Networks with Enea Qosmos Traffic Intelligence
Traffic Visibility: The Fast Path to SASE Success