Data Loss Prevention Ensures Sensitive Information does not Leak

All resources, such as applications, data and services, are protected and are inaccessible without going through the iboss Zero Trust Edge

The iboss Zero Trust Secure Service Edge has full content inspection capabilities for data loss prevention, including the ability to scrape spreadsheets, analyze Microsoft Word documents and inspect deep into web page content data. As information is exchanged between users, sensitive resources and the public cloud, the iboss Zero Trust Secure Service Edge is analyzing the transfers with full context to prevent data loss. Data Loss Prevention capabilities also include Exact Data Match, or EDM, to find exact records within content. With the ability of the iboss Zero Trust Secure Service Edge security to be close to the user and close to the resource, data loss prevention can be accomplished regardless of where the user works or the resource resides.

Inspect deep inside content for sensitive information and PII

The iboss Zero Trust Secure Service Edge inspects full content, including content on documents, spreadsheets, web pages and SaaS applications. With access to the full content when data is transferred between users and applications, the ability to apply data loss prevention rules that are capable of searching for PII and sensitive information is possible. The iboss platform inspects data as it moves between applications, devices and users and enforces policies that ensure data only resides where it is compliant and secure.

The data loss prevention algorithms run natively within the iboss cloud platform and are optimized for performance. They are applied to the full content during data transfers to ensure full context is available when searching for matches. With the iboss Zero Trust Secure Service Edge, users are able to connect directly to business-critical applications while data loss prevention policies are enforced in the cloud.

The data loss prevention engine has built-in algorithms for information such as:

  1. Credit Card Numbers
  2. Credit Card Stripe Data
  3. PII
  4. Phone Numbers
  5. Email Addresses
Inspect deep inside content for sensitive information and PII

Data Loss Prevention policies can be applied to users, groups and resources

The dynamic policy engine within the iboss Zero Trust Secure Service Edge allows data loss prevention policies to be applied effectively when needed. Data loss prevention policies can be linked to specific sensitive resources, to specific users or to specific groups of users. Different data loss prevention policies can also be applied depending on the protection or compliance scenario. Group membership is tied directly to Azure AD, Okta, Ping or any other identity provider that supports SAML so that data loss prevention policies can be created easily and effectively.

Data Loss Prevention policies

Reads document labels to apply data loss prevention rules, including labels from Microsoft Information Protection

Reads document labels to apply data loss prevention rules

The iboss Zero Trust Secure Service Edge is capable of extracting and reading document labels to apply data loss prevention rules depending on the type of labeled content that is being transferred. The content analysis engine can inspect labels from Microsoft Information Protection (MIP) or other document labeling systems such as Bolden James. When a specific label is encountered for sensitive data that is being transferred to a non-compliant location, the iboss can prevent the transfer eliminating the risk. Different data loss prevention rules can be created to match various document labels and take different actions depending on the situation being addressed.

Supports regular expressions to for custom match patterns

The iboss Zero Trust Secure Service Edge supports the use of regular expressions so that any type of content can be matched in cases that custom patterns are necessary. These search patterns will be applied to document text, including document formats such as Microsoft Word and Microsoft Excel. Regular expressions will apply to content within encrypted HTTPS connections when decryption of content is enabled within the iboss platform.

Supports regular expressions to for custom match patterns

The iboss Zero Trust Secure Service Edge also supports Exact Data Match, or EDM, so that specific words or phrases can be matched within content. This is a powerful solution for organizations that have specific database records, such as patient information or credit card numbers, and want to ensure those specific records to not leak resulting in data loss. The iboss Exact Data Match capability can handle hundreds of millions of records and is designed for scale and data security.

Offline data indexing is possible with the iboss indexing tool which will hash the sensitive records prior to being leveraged for Exact Data Match within the iboss platform. The indexing tool ensures that data is not plain text readable and is protected from brute force attacks. The indexer can process the data set offline and also upload the pre-indexed data automatically. It’s designed to run on any platform, including Linux and Windows, and can be included with bash script processing to eliminate human interaction with the indexed data.

Multiple Exact Data Match templates can be used as well with each template containing any number of columns with varying data types. There is no limit to the number of columns that can be configured and unlike Zscaler, the iboss Exact Data Match engine does not count each column as a row when considering maximum number of records. The iboss platform can do any number of columns and hundreds of millions of rows to support vast Exact Data Match data sets.

Exact Data Match also supports match criteria with boolean expressions so that a match is considered only when the boolean expression is met which derived from the multiple columns being matched. Complex boolean expressions are supported and multiple match criteria are supported as well. When a match criteria is met, a confidence score can be assigned to get more context in the likelihood of a breach.

Exact Data Match capable of handling extremely large data sets

Exact Data Match capable of handling extremely large data sets

Take the next step in shifting to the world’s largest security platform built for the future.

Sign up for a demo to see how the iboss Zero Trust Edge prevents breaches by making applications, data and services inaccessible to attackers while allowing trusted users to securely and directly connect to protected resources from anywhere.