Definition
Data Loss Prevention (DLP) detects and prevents unauthorized exfiltration of sensitive data - credit card numbers, social security numbers, customer records, intellectual property, source code, board documents. DLP operates across multiple layers: endpoint (USB, clipboard, print, application controls), network (outbound web, email, FTP), storage (file shares, SharePoint, repositories), cloud (SaaS via CASB integration), and email (outbound mail gateway). Detection uses regex patterns (DCM), structured data fingerprinting (EDM), document fingerprinting (IDM), and machine learning (VML). Symantec DLP is the most-deployed enterprise DLP platform, particularly in regulated industries (financial services, healthcare, defense, government). The hardest part of DLP isn't the technology - it's the policy design, fingerprinting, and incident workflow. See our DLP deployment checklist.
Symantec products that implement this
- Symantec Data Loss Prevention - Discover, monitor, and protect sensitive data across endpoints, network, storage, cloud, and email - the most comprehensive enterprise DLP platform on the market.
Related terms
- EDM (Exact Data Matching) - DLP detection technique that fingerprints structured data sources (databases, CSV exports) and detects exact matches in outbound content.
- IDM (Indexed Document Matching) - DLP detection technique that fingerprints unstructured documents and detects when copies or substantial portions appear elsewhere.
- DCM (Described Content Matching) - DLP detection technique using regex patterns, dictionaries, and keywords - fast but high false-positive rate.
- VML (Vector Machine Learning) - DLP detection technique using trained ML classifiers for categories where rules and fingerprints don't scale.
- CASB (Cloud Access Security Broker) - Security layer between users and cloud apps; provides visibility, governance, and DLP for SaaS.
- CDR (Content Disarm and Reconstruction) - Threat prevention technique that strips active content from files (macros, scripts, exploits) and rebuilds them as safe versions.
Deep-dives on DLP
- Symantec DLP deployment checklist: 14 things to do before you turn it on - The deployment-readiness checklist nobody publishes - what to settle before the first policy fires. Detection engines, fingerprinting, incid…
- Implementing EDM and IDM in Symantec DLP: fingerprinting that actually works - EDM and IDM are what separate Symantec DLP from cheaper alternatives - and the most under-budgeted parts of every DLP project we see. A prac…