New Data Loss Prevention? Not Really

It’s been a busy and exciting time here at Sophos over the past few weeks with the release of the latest version of our endpoint software.

Amongst the many new features is the introduction of data loss prevention (DLP) functionality. This helps administrators protect against accidental loss of sensitive information.

The idea is simple really, SophosLabs provide a set of content control lists (CCLs) that identify different types of sensitive information, email addresses, credit card details, social security numbers etc, and administrators can create rules that prevent (for example) such data being uploaded to web browsers, or copied onto unencrypted USB keys. All brilliantly simple.

Great stuff, and a departure from what SophosLabs normally do. Well actually no. We’ve been doing this for the past 20 years!

Think about it for a moment. Traditional ‘anti-virus’ looked for signatures or patterns in files to identify them as malware. The techniques have moved on from the early days but in it’s most basic form it involves looking for things inside a wide variety of file formats and identify characteristics or combinations of characteristics.

The CCLs we are producing are basically doing the same task, it’s only the management that has changed. When a Word document is opened it gets scanned, the various streams within the file are examined looking for macro’s. Why not look for sensitive information at the same time. Obvious really.
This is just another extension of what we do, just like Application Control (generically identifying particular applications) we use the same skills and techniques.

There’s more to come, we may have just released the new version, but we are already working hard on the next pieces to the jigsaw.