SSH.COM is one of the most trusted brands in cyber security. We help enterprises and agencies solve the security challenges of digital transformation with innovative access management solutions.
Data loss prevention (DLP) systems are employed to counter the risk of valuable or sensitive data ending up in possession of unauthorized parties. Network Data Loss Prevention (DLP) tools and anti-virus products typically monitor the network traffic at designated network entry/exit points and use predefined criteria to filter the sensitive data from the flow of traffic. Once identified the DLP tool takes action to stop the data transfer in real time, and typically triggers an alert on the detected attempt.
While the approach above works for most normal traffic, it struggles when encrypted network protocols (such as SSH (Secure Shell), SFTP (SSH File Transfer Protocol), RDP (Windows Remote Desktop), or SSL/TLS) are used. Encryption blinds the data loss prevention software's interception and filtering tools and renders them incapable of reacting to illegitimate transfers of protected data.
Encrypted communications protocols, such as the SSH protocol, utilize modern encryption algorithms to hide the transferred data. While this guarantees data privacy and confidentiality, it also prevents traditional data loss prevention tools and anti-virus systems from seeing the transferred data and files.
Modern malware is sophisticated, and the trend is towards more and more complex attacks that combine multiple protocols, approaches and techologies. Attackers are well aware and educated in modern information security technologies. They make extensive use of the same tools their counterparts at corporate IT departments use.
Data Loss Prevention solutions that do not address encrypted connections are not sufficient to meet the real-life demands of today. Most DLP solutions can be significantly improved by extending their reach into encrypted protocols.
There is significant demand, particularly in finance and other heavily regulated industries, for non-disruptive transparent solutions that monitor, control and audit encrypted connections - with integration to data loss prevention systems.