Data Leakage and Loss Prevention

Browsers have joined—if not replaced—email and removable storage as one of the top enterprise data loss vectors. The proliferation of sensitive data across internal and SaaS web apps and cloud storage exposes organizations to increased risk of:

• Data leakage from accidental or negligent disclosure
• Data loss due to intentional theft by employees/ 3^rd parties (a.k.a. insider threats) or external actors

The confluence of hybrid work and Bring Your Own Device (BYOD)/ Bring Your Own PC (BYOPC) increase these risks even further, but these factors can also cause existing data loss prevention technologies to be circumvented.

Browser governance capabilities

Seraphic Security includes a comprehensive set of tools for stopping corporate data loss.

The built-in DLP Engine performs all scanning locally so no data is transmitted or stored outside the organization. It is capable of:

• Detecting and blocking encrypted file content
• Scanning and producing a verdict to allow or block password-protected compressed archives (e.g., .zip, .rar, .7z files)
• Using Optical Character Recognition (OCR) to inspect non-text files for sensitive data

Organizations can define and identify sensitive data using a combination of:

• Pre-defined patterns
  • Personally Identifiable Information (PII) such as names, addresses, dates of birth, international phone numbers, passport numbers, national ID numbers, Social Security Numbers, etc.
  • Financial information such as routing numbers, credit card numbers, International Bank Account Numbers (IBAN), SWIFT codes, etc.
  • Medical record details such as doctors’ names, patients’ names, or medical record ID numbers
  • Cryptographic material such as PGP private key blocks, RSA private keys, and SSH private keys
  • API keys
  • Account information such as Basic Auth username/ password combinations or OAuth tokens
  • IPv4 and IPv6 IP addresses
• Custom regular expressions (regex)

The rules for the data loss prevention policy support:

• Enabling and disabling user actions in the browser, including copy/ paste, print, screen capture, right click, and view page source
• Restricting file upload by size and extension
• Redacting / masking in web pages and downloaded files
• Watermarking internal and SaaS web app pages
• Controlling data sharing between sites/ apps based on data source and destination

Data loss prevention policies can be configured to operate in Passive Mode (generate event only) or Active Mode (generate alert and take action). All events and alerts can be exported to log aggregation systems for analysis, audit, or investigation.

Using Seraphic Security for enterprise data leakage and loss prevention

Seraphic Security is for any organization that:

• Needs to protect enterprise data in browsers and desktop clients for SaaS services that make up the modern, multi-channel digital workspace
• Needs consistent enforcement of their data loss prevention policies across a mix of employees and 3^rdparties using both managed and unmanaged devices
• Needs an accurate audit log of which enterprise apps and data were accessed, when, and by whom
• Wants to avoid the cost and complexity of proxies, Deep Packet Inspection (DPI), SSL interception, and API connectors

Seraphic Security fills the gaps left by legacy enterprise data loss prevention products that were designed to be deployed on-premises and control only email and endpoint storage.