Data Loss Prevention (DLP) tools are used by businesses to track and audit company files and prevent users from stealing or intentionally deleting data.
DLP tools are designed to protect your proprietary data, see who accessed certain files, and avoid downtime when trying to replace what went missing.
Here’s our list of the best data loss prevention tools.
- SolarWinds Access Rights Manager (FREE TRIAL) An intuitive and easy way for sysadmins to protect their data and build custom rules based on policies and past behavior or incidents.
- Code42 Cloud-based data protection with long term data retention.
- Teramind DLP solutions with granular user-based analytics and productivity reports.
- Broadcom Symantec Data Loss Prevention In-depth data discovery and customizable data policies.
- Forcepoint Uses real-time user behavior to assign risk scores and prevent data loss based on changing rulesets.
The best data loss prevention tools
Access Rights Manager was built specifically for system administrators who need to track which users are accessing certain files and comply with regulatory requirements such as GDPR, HIPAA, and PCI-DSS.
Through an intuitive file structure design, you can quickly see a file or folder’s permission and change it on the fly. Under the Permissions tab, you can sort by mapped drive, folder structure, or even individual user to see exactly what permissions each object has.
Under the graph section, you’ll get a comprehensive view of all inherited permissions linking to a specific object in a flow chart form. This makes it simple to visually see permissions and eliminates the need to manually check access rights manually through Active Directory.
The graphical interface makes it easy to see how a user’s credentials are being used and if any permissions had been changed. This feature allows you to quickly spot potentially malicious behavior and shut it down before it becomes a problem.
The Home screen makes it easy to navigate the Access Rights Manager and accomplish what you need. Menus and functions are grouped around what you want to achieve and make getting to where you need to go simple.
You can set up security alerts to be sent to you, or your IT team to investigate suspicious activity such as unauthorized access or privilege escalation. The built-in auditing tools help you establish a baseline of accessible access and help your form and support a data forensic timeline.
You can configure Access Rights Manager to automatically document actions from Sharepoint, Exchange, Microsoft Dynamics, or any of your Windows-based servers. These actions can be compiled into audit-ready reports, or accessed from a logbook view to breakdown files access by time and date.
Templates make assigning or removing the proper permissions easy across multiple servers and file systems. In a few clicks, you can remove or assign permissions to dozens of objects for an individual user or group using Access Rights Manager.
If protecting your data and auditing your users is a priority for your organization, Access Rights Manager is one of the most intuitive and feature-rich tools to accomplish just that. You can test out all of the Access Rights Manager’s features for free on a 30-day trial.
Code42 is a cloud-native DLP tool that focuses heavily on protecting data while not interfering with user productivity. The system automatically collects all files from multiple endpoints such as servers, PCs, and laptops and securely stores every version of them in the Code42 cloud.
Any modifications to data are indexed and updated as they are changed in realtime. Every file version is saved for long term data restoration. This ability to roll back and recover missing or modified files is a key function of Code42.
The second aspect of Code42 is data monitoring and auditing. Administrators can easily see what data was changed, moved, or deleted. You can view reports or get alerts for specific actions such as media being copied to a flash drive, or file permission changes. Audits and investigations can take place even when the endpoint in question is offline.
Code42 gives you the option to be alerted to risky activity and can help you identify potential data breaches or risks. You can sort activity by file movement to gain visibility to see where your data is moving.
You can automatically detect when your files are being copied off the network, on to removable media, or added to a file upload service. Code42’s risk analysis system automatically prioritizes users who need further investigation based on their actions.
When configuring Code42 you can prioritize specific files or folders to mitigate risk against data loss. Within the data protection dashboard, Code42 will automatically highlight your risk exposure to certain assets based on file type and its access history. This makes adjusting access and finding internal threats a simple and quick process.
You can test Code42 free for 60 days when you sign up for a trial.
Teramind is a user monitoring and data loss prevention tool that can be configured both via the cloud or housed on-premises. Like Access Rights Manager you can view and customize permissions to specific resources on your network based on user, folder, or group.
There are two distinct dashboards that break down Teramind’s findings, the Enterprise Dashboard and the Focus Dashboard. In the Enterprise Dashboard, you get a top-down overview of users that are online, their daily activity, and what files they accessed.
You’ll also see company level security metrics graphed out showing any risks that were detected as well as any data that had left the network. Next to security metrics are productivity metrics which chart work times verse idle time and break down productivity based on groups, machine, or individual.
Teramind can get very granular and even see what specific commands users have executed on their machines. These types of insights are vital at identifying insider threats and malware that could be looking for ways to navigate throughout your network. You can configure rules to either completely block specific actions, report actions, or send a message to the user that what they are attempting to do is against company policy.
For example, if certain data is to not leave the network and Teramind detects a user is attempting to move it to a flash drive, you can configure a rule to block that action from happening and send a message to the user warning them against that action.
You’ll have plenty of details based on user behavior to build out your own rules and alerts around what you’re looking for. For example, creating alert templates around specific clipboard monitoring actions, commands run on a machine, or search history can help you highlight a disgruntled employee and stop an insider threat before any real damage is done.
While you can configure your own rules there are compliance-based rules built in such as PCI-DSS detection, PHI data detection, and other common rules you can enable out of the box to immediately start checking for user compliance.
If you want to get granular in your user’s online behavior and are interested in productivity metrics as well as data protection then Teramind might be the DLP solution you’re looking for.
Teramind DLP starts at $150.00 (£121.55) per month for 10 endpoints and is available for a free trial.
Broadcom Symantec DLP combines data endpoint scanning that actively monitors user behavior and file access to assess risk and automatically take corrective action. Similar to Code42, Symantec DLP works by deploying endpoint agents that scan company machines for specific data to identify those who have the highest risk of data loss, or discover who has access to files they’re not authorized to.
The DLP solution is broken down into two parts, DLP Endpoint Discover, and DLP Endpoint Prevent. Together these agents work on actively identifying where data is stored, how many versions there are, and if those machines or users are allowed access to that data.
DLP Endpoint Discover utilized three points of detection technology to find, match, and track files across a network. Description based scanning looks for matching keyphrases, patterns, or expressions as well as other signature-based forms of detection.
Fingerprinting looks for partial or exact matches of files coming from structured sources or databases. In the meantime, the Learning metric builds an understanding of unstructured data such as intellectual property, source code, and company secrets.
The agent can then build an understanding of how this data is accessed and provide you with recommendations and a report ready overview of how some of your company’s most sensitive files are being accessed.
Like most DPL solutions you can restrict specific data to be copied to other forms of media such as flash drive, cell phone, CD, or DVD. However, with Symantec DLP you have even more granular control and can white list specific forms of media through Trusted Device Support. This enables organizations to define certain media that can be used with confidential or restricted data within the company.
Symantec takes an analytic approach to DLP and does a great job at providing an actionable discovery process and giving sysadmins the tools they need to lock down data and provide company-wide compliance.
Forcepoint DLP is an agent-based data discovery and loss prevention SaaS solution aimed to keep data secure, and compliance requirements met. Forcepoint utilizes user behavior metrics to map out and identify rogue or malicious actions and stop them before data is compromised.
Forcepoint focuses heavily on sorting data and identifying real threats to reduce the number of false positives that are reported by so many of DLP solutions. Forcepoint combines standard rules with technology that learns over time to understand the difference between a data breach, and an employee who might have mistakenly moved a file somewhere they shouldn’t have.
This looks at the types of data and patterns that users have used in the past and compares them to the realtime actions they are taking now. This same system can also highlight data breaches and identify hijacked accounts or malicious data-stealing software.
You’ll have granular control over not just your data, but exactly how it’s shared and with whom. Much like networking firewalls you can create rule sets based around the Who, What, Where, and How your data is moving across the network, and then assign a specific action to that exact scenario.
For example, if the system detects that Human Resources is sending personal data to another business partner via email, you can create a rule that automatically encrypts that email. If that same data is moved to Dropbox or a file transfer service, you could configure Forcepoint to block that action and warn the end-user.
Each user can be assigned a risk score based on their current and past actions. The higher the score the more likely it is that the account is a risk to data. For each file or area of your network, you can assign threat thresholds to lock out users or restrict access to your network based on the risk factors.
If you’re interested in Forcepoint DLP you can request a free trial at Forcepoint’s office site.
Choosing a DLP tool
No matter what software you choose it’s critical to have a DLP system in place to keep your companies IP protected and your data secure from theft or deletion.
For most corporate environments SolarWinds Access Rights Manager will provide you the protection and tools your company needs to secure data, change access rights, and monitor real-time data access without impeding productivity or working through a steep learning curve.
For organizations more focused on their users’ behavior and productivity insights, Teramind DLP combines detailed reporting down to the specific user and can highlight internal threats while also alerting and preventing data loss through behavior risk analysis.
Lastly, if you’re looking for a solution that can both control access to your data, and provide quick file recovery, Code42’s long term file retention can restore missing or delete files in a few clicks.
Does your organization have a data loss prevention tool in place? Let us know in the comments below.