I've been looking into the correlation between identity monitoring and data loss prevention technologies. Can you clarify if these two go hand-in-hand and if so, the best ways to use them to get maximum efficiency?

Many companies are examining the relationship between identity monitoring and data loss prevention (DLP), driven by the need to know who is on the network, what data are they seeing, and which actions are they taking with that data. This need to know comes from the confluence of several trends: the increase in the number of insider threats, the increase in monitoring for compliance purposes, and the adoption of identity management technologies.

Identity monitoring is about correlating the user information stored in identity management systems with user information stored elsewhere in the enterprise, then connecting that single user view with the broad activities that the person actually performs. Why is this hard to do? Consider the typical identity and access management application. It is well-suited for controlling and tracking access to Web applications. It is just okay at controlling and tracking access to packaged applications. It is pretty bad at controlling access to legacy custom applications, and it is unable to control access to desktops, file shares, print servers, and the many other systems that a typical user touches each day. Identity monitoring uses the very broad collection and correlation abilities of SIEM products, plus the role and rights modeling of identity management products, to create a comprehensive view of user activity.

Now, how does DLP fit in? In some ways, the term data loss prevention is a misnomer. DLP products often do not block sensitive data from leaving the premises. Instead, these products are designed to identify sensitive or confidential data, either in place or as it moves around the network. These products use a variety of methods to identify data, such as pattern matching (e.g. do the rows in this e-mail appear to contain something that looks like a Social Security Number, i.e. XXX-XX-XXXX?), dictionary lookups (e.g. does this e-mail contains words related to common medical conditions?), and file fingerprinting (e.g. does a hash of this file substantially match a hash of a file on a protected file server?).

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports