Open Source

Open Source DLP – Data Leak/Loss Prevention Application: MyDLP

MyDLP is an Open Source Data Loss/Leak Prevention (DLP) application.

You could also listen to the above embedded Youtube podcast of this article. Direct Youtube link: http://youtu.be/4cVuQm76cQk

Why would anyone want to use a DLP application?

MyDLP-1

How much ever it might hurt, we need to admit that human beings make mistakes.

What if, one of your colleagues or employees accidentally attaches a file containing confidential data (like customer info, prospect list, credit card numbers, etc.) and sends it to a customer? Or worse, sends it to an entire mailing list?

Let’s admit that even the best of our people can (and will) invariably make such mistakes. And when they attach the wrong file, it’s always some secret info, like a price list.

The second (and more dangerous) thing about human beings is – They are GREEDY and MOODY. You never know who will do what & when.

What if, one of your employees has been fired and wants to take the source code of an important project along with them? What if, a partner is using one of your computers and accidentally spots some confidential document? They might be tempted to copy it to their pen-drive or carry a printed copy outside, and use it against you.

Knowledge is money!

These are unnecessary & difficult situations to handle. But, they could have been prevented in the first place.

And a free open-source product will help you do just that – It’s called MyDLP.

Impressed?

How would you steal confidential data?

MyDLP-2

If you want to steal some confidential data and you have access to a system inside the company, what are the methods you’d try to employ? Let’s think of some –

  • Attach it from the company mail and send it to your personal email address.
  • Attach it in a personal mail ID (if Internet access is allowed) and send it to yourself, so that it can be retrieved from anywhere.
  • Upload it to online personal cloud and data storage applications (or) upload it to social media sites.
  • Copy it into a removable storage medium like pen-drives, external hard-drives, etc.
  • Print it out on an attached printer and sneak out a hard copy.
  • Take a screen shot and copy innocent-looking images (instead of files) into your thumb-drive.

Well, don’t bother to do all that in future. Because your actions can easily be monitored, blocked and even reported. The tool that enables administrators to do all that is called DLP (Data Leak Prevention).

What is MyDLP?

MyDLP-3

MyDLP is an open-source software (server and client) application that can monitor confidential data stored in servers and systems across the network. It can prevent anyone from accidentally sending confidential data out of the network or deliberately stealing it via email, web, external storage devices, printers, etc.

While the community edition of MyDLP is free of cost, the enterprise edition has a price-tag (based on the no. of users). The community edition has a number of features and offers comprehensive DLP capability. I guess this should be sufficient for many companies, or it can be used on a trial basis for evaluation purpose.

The main differences between the two editions and the supported features can be found here.

What are the limitations of the open source version?

MyDLP-4

Based on the information gathered from their website, I find that, while the server edition (of the tool) is a standalone package and doesn’t need any particular OS to run, the client version (to be installed on individual computers) requires that you have a Windows OS installed on each computer. Not sure why they don’t support a Linux or Mac based computer, yet.

Among other features, the open source version doesn’t support Active Directory & Syslog integration, but it can integrate with  database, ICAP and SMTP applications. Also, email notifications are off and you need to register with them, get a key and only then you’ll be able to activate the software.

But, for the rich DLP features it offers, I feel that the open source version is still a very good option.

Disclaimer: I have not tried/used this software myself.

Embedded below is the introduction video created by the vendor (MyDLP): 

excITingIP.com

You could stay up to date on the various Computer Networking/IT technologies & news by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’

Bitnami