Why starting at the application level is important
Unlike traditional data leak prevention solutions, which work at the network or desktop level, Attachmate Luminet software monitors end-user activity at the application level. This solution brief explains the value of application monitoring and tells how Luminet can meet your needs without impacting system performance.
Data leaks can be detected and prevented at three levels: the application level, the network level, and the desktop level. At the network and desktop levels, the tools work by looking for sensitive data created in outbound messages (e.g., email and instant messages) or in media created at the desktop (e.g., via printing, writing to USB flash disks, or writing to CDs). While these solutions may effectively curtail unintentional data leaks, they are not effective against intentional data leaks for two reasons:
- Malicious users can view sensitive information on the screen and then copy it to a piece of paper or take a picture of it, without printing it or sending it via email.
- Network data leak prevention (DLP) solutions typically look for combinations of customer fields (e.g., SSN, account numbers, and credit cards) loaded from the corporate database. But this process can be easily bypassed by users with no technical background. All they need to do is use the ‘PrintScreen’ commandof the pages to be leaked and then paste them as pictures into an outbound email, where they cannot be analyzed by the DLP solution.
- Conduct powerful full-text searches through current or recorded activity, visually playing back every screen and keystroke relevant to an alert or a case.
- Profile user behaviour based on activity at the application level. The Luminet link analysis tool reveals user activity patterns, trends, and complex relationships across diverse enterprise applications.