Data Loss Prevention (DLP) is a must-have security function for all organizations. Used to identify and prevent the theft or misuse of sensitive data (e.g., social security numbers, financial information, account credentials…), to inspect content for anomalies and to identify user activities that do not comply with company guidelines or government regulations, it is an essential first line of defense. Its performance, however, depends on the level and quality of the traffic intelligence it receives and therefore on the deep packet inspection (DPI) technology it uses.
Whether your DLP product is deployed as a standalone solution, embedded within security components like SWG, CASB and NG Cloud FWs, or deployed as a central, shared resource in an umbrella solution like Security Service Edge, to ensure success, you need to provide it with reliable, accurate and detailed traffic information.
Enea’s Qosmos ixEngine® is the DPI engine of choice for Tier 1 DLP providers. It provides accurate recognition of 3700 protocols, more than any other DPI engine on the market, and thousands of unique types of metadata that add crucial context-awareness to support DLP functions, including:
Use file hashing to detect a subtle discrepancy between a classified, internal use-only file and a file sent out of the organization via email.
Extract and inspect an emailed file and sender and device data.
Identify a data loss source and gather the contextual evidence required for incident investigation and remediation.
Use L7 classification and metadata extraction to rebuild only objects that are relevant for further analysis, e.g., rebuild HTTP objects when the flow is a targeted blog, not YouTube.