DLP – Data Leakage Prevention

The challenge of data leaks and theft has become an increasing threat for organizations, with the advance of online communications and data sharing platforms such as cloud computing and social networks.

DLP tools available today normally work at the file level (for example, by scrutinizing outgoing mail or stopping data transfers through computer drives), stopping users at the “gate” when they are actually sending out the data.

These tools, however, have substantial shortcomings:

  • DLP tools are targeted at unintentional data leaks. Users leaking data intentionally can easily sidestep these tools once they gain access to the sensitive data.
  • DLP systems require laborious and error prone process for defining the protected data.
  • DLP systems require constant juggling between overly strict controls (resulting in overburdening IT systems and hampering business processes) and slack ones (resulting in data leakage).

The Intellinx Difference: Protection at the Application layer

Intellinx adds a previously unavailable protection layer that monitors what users are doing on the application, and alerting to behavior that may indicate intent to tamper or leak data.

The Intellinx unique patented technology monitors all communication between users and the application, records and analyzes it – in real-time – for actions that may indicate intent to leak data. This way, Intellinx stops data leakage even before it is attempted – while the user accesses the data before he/she tries to leak it through the “gate”.

Genuine User Behavior Analysis

Since Intellinx tracks the behavior of all end-users, it can discern unusual behavior by comparing it with that same person’s historical behavior patterns, as well as with peers. Another added layer of protection is our set of pre-installed rules, based on experience with over 150 implementations worldwide.

Following is a simple example: the system builds a detailed profile of behavior patterns for each user. One of the indicators maintained in this profile is the average number of customer accounts accessed by this user during business hours, and the standard deviation for this specific user. Based on this profile, the system can immediately detect a user who accesses an excessive number of accounts. The risk score for the alert may vary, depending on the level of deviation for this specific user behavior pattern and the hours during which the access is performed.

A more comprehensive example may include other indicators detected for the end user, such as access to VIP accounts, etc. Each indicator may increase the risk score for the suspected user.

Full Visual Replay of user activity

Intellinx records all user behavior using various applications: including screen viewings, aborted actions and data deletions. So security personnel and investigators have a full forensic audit trail for each user and application, which can be visually replayed by investigators and potentially used in legal proceedings.

A Comparison of Intellinx with standard DLP systems:

Standard DLP Systems Intellinx
Stop data leaks at the file level. Stops data leaks at the field level.
Stop data leaks when they happen. Stops data leaks before they happen
Alerts are based on actual attempted data leaks Alerts are based on changes to user behavior, as well as attempted leaks.
Stop mainly non-intentional data leaks. Stops mainly unintentional data leaks.
Do not create an audit trail of user actions.

Creates a forensic audit trail of user actions that can be easily recreated and viewed.