DLP: Introduction

Data Leak Prevention (DLP) is a feature that prevents certain information from leaving the organization via email. What information this is, is defined in the configuration of the DLP system. Typically, it includes credit card numbers, bank account numbers, excessive amounts of email addresses or other personal information in one email message, etc. DLP is implemented as a filter on outgoing email.

DLP can monitor email at various levels:

  • email body content
  • email headers
  • email attachments of various types
  • nested attachments of various types

CipherMail DLP currently filters email bodies, attachments and nested attachments of type text, html, xml and other text-based formats. Filtering attachments of type pdf, doc, xls etc. will be part of a future offering of CipherMail DLP.

Configuring DLP is done via the CipherMail Web GUI. You can specify keywords and sentences that outgoing email messages should not contain. More elaborate filtering is achieved via “regular expressions”, a specification format that allows you to specify virtually any combination of characters, words or sentences that should be filtered.

DLP scanning can be configured on three levels, similar to how encryption is configured: at gateway level, at domain level and at individual user level. The latter is useful in specific cases where some users can send out information via email that other users cannot.