Data Loss Prevention and anti-virus for SSH, SFTP and Remote Desktop
Data loss prevention (DLP) systems are employed to counter the risk of valuable or sensitive data ending up in possession of unauthorized parties. Network Data Loss Prevention (DLP) tools and anti-virus products typically monitor the network traffic at designated network entry/exit points and use predefined criteria to filter the sensitive data from the flow of traffic. Once identified the DLP tool takes action to stop the data transfer in real time, and typically triggers an alert on the detected attempt.
ContentsEncrypted Protocols and Data Loss Prevention tools Enhancing DLP systems to cope with Encrypted Traffic
Encrypted Protocols and Data Loss Prevention tools
While the approach above works for most normal traffic, it struggles when encrypted network protocols (such as SSH (Secure Shell), SFTP (SSH File Transfer Protocol), RDP (Windows Remote Desktop), or SSL/TLS) are used. Encryption blinds the data loss prevention software's interception and filtering tools and renders them incapable of reacting to illegitimate transfers of protected data.
Encrypted communications protocols, such as the SSH protocol, utilize modern encryption algorithms to hide the transferred data. While this guarantees data privacy and confidentiality, it also prevents traditional data loss prevention tools and anti-virus systems from seeing the transferred data and files.
Enhancing DLP systems to cope with Encrypted Traffic
Modern malware is sophisticated, and the trend is towards more and more complex attacks that combine multiple protocols, approaches and techologies. Attackers are well aware and educated in modern information security technologies. They make extensive use of the same tools their counterparts at corporate IT departments use.
Data Loss Prevention solutions that do not address encrypted connections are not sufficient to meet the real-life demands of today. Most DLP solutions can be significantly improved by extending their reach into encrypted protocols.
There is significant demand, particularly in finance and other heavily regulated industries, for non-disruptive transparent solutions that monitor, control and audit encrypted connections - with integration to data loss prevention systems.