Data Loss Prevention (DLP)
What is Data Loss Prevention (DLP)?
Data Loss Prevention (DLP)A set of technologies and policies that detect and block unauthorized exfiltration of sensitive data across endpoints, networks, email, and cloud services.
Data Loss Prevention (DLP) is a control category that inspects content in motion, at rest, and in use, then enforces policies to keep regulated or confidential data inside trusted boundaries. DLP engines combine pattern matching, lexical rules, exact data matching, machine learning, and document fingerprinting to recognize PII, payment data, source code, or intellectual property. Typical enforcement actions include blocking an outbound email, quarantining a file, requiring justification, or redacting content before it leaves the environment. Mature deployments link DLP to data classification, IAM, and SIEM/SOAR so that incidents are triaged, evidence is preserved, and policies are tuned to cut false positives while supporting GDPR, HIPAA, and PCI DSS obligations.
● Examples
- 01
An endpoint agent blocks a user from copying a customer database to a USB drive.
- 02
A cloud DLP rule strips credit-card numbers from outgoing support-portal attachments.
● Frequently asked questions
What is Data Loss Prevention (DLP)?
A set of technologies and policies that detect and block unauthorized exfiltration of sensitive data across endpoints, networks, email, and cloud services. It belongs to the Privacy & Data Protection category of cybersecurity.
What does Data Loss Prevention (DLP) mean?
A set of technologies and policies that detect and block unauthorized exfiltration of sensitive data across endpoints, networks, email, and cloud services.
How does Data Loss Prevention (DLP) work?
Data Loss Prevention (DLP) is a control category that inspects content in motion, at rest, and in use, then enforces policies to keep regulated or confidential data inside trusted boundaries. DLP engines combine pattern matching, lexical rules, exact data matching, machine learning, and document fingerprinting to recognize PII, payment data, source code, or intellectual property. Typical enforcement actions include blocking an outbound email, quarantining a file, requiring justification, or redacting content before it leaves the environment. Mature deployments link DLP to data classification, IAM, and SIEM/SOAR so that incidents are triaged, evidence is preserved, and policies are tuned to cut false positives while supporting GDPR, HIPAA, and PCI DSS obligations.
How do you defend against Data Loss Prevention (DLP)?
Defences for Data Loss Prevention (DLP) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Data Loss Prevention (DLP)?
Common alternative names include: Information Leak Prevention, Data Leakage Prevention.
● Related terms
- privacy№ 818
Personally Identifiable Information (PII)
Any data that can identify a specific individual on its own or when combined with other information, such as names, identifiers, or biometric records.
- privacy№ 276
Data Classification
The process of labeling data by sensitivity and value so that the right protection, handling, and retention controls can be applied consistently.
- privacy№ 279
Data Masking
Replacing sensitive data with realistic but fictitious values so that downstream users, applications, or environments can use the data without exposing the originals.
- network-security№ 984
Secure Email Gateway
A perimeter or cloud service that filters inbound and outbound email for spam, phishing, malware, data leakage, and policy violations before it reaches user mailboxes.
- privacy№ 210
Consent Management
The processes and tooling used to collect, record, refresh, and honor user permissions for processing personal data and setting cookies, in line with privacy law.
- privacy№ 280
Data Minimization
A privacy principle requiring organizations to collect, process, and retain only the personal data that is strictly necessary for a defined, lawful purpose.