DLP techniques
The security of sensitive data is a top priority for organizations. A range of techniques and tools are used to maintain the confidentiality and accessibility of data.
The following table describes some of the industry standard techniques that are used for data loss protection, and if they can be configured in the GUI or CLI.
Technique |
Description |
GUI |
CLI |
---|---|---|---|
IDM creates unique fingerprints for your organization’s crucial documents that hold sensitive information. This process involves analyzing the content of these documents and generating a checksum for each one. See DLP fingerprinting for more information. |
|
✓ |
|
EDM identifies particular data values within an indexed data source that require safeguarding. See Exact data matching for more information. |
✓ |
✓ |
|
DCM scans through data to identify the presence of specific patterns using regular expressions (Regex). See DLP data type for more information. |
✓ |
✓ |
|
Optical Character Recognition (OCR) |
OCR scans and analyzes the content embedded within images for sensitive information, extending data protection to image‑based content. You can enable OCR and configure the OCR activation threshold when configuring an image analysis profile in the GUI or CLI. |
✓ |
✓ |
Default DLP patterns that classify private and confidential data that should be regulated in accordance with regulatory compliance requirements. See DLP data type for more information. |
✓ |
✓ |
|
FortiProxy allows you to create patterns for your custom data type. See Custom DLP data type for more information. |
✓ |
✓ |
|
Identify a file by the data type in its meta data. See DLP file pattern for more information. |
✓ |
✓ |
|
Identify a file based on its size. See Block HTTPS downloads of EXE files and log HTTPS downloads of files larger than 500 KB for an example. |
|
✓ |
|
Sensitivity labels provide a mechanism to categorize and safeguard your data. They function as identifiers and highlight the significance of the data that they are attached to. See Sensitivity labels for more information. |
✓ |
✓ |
|
FortiGuard DLP service |
A database of predefined DLP patterns, such as data types, dictionaries, and sensors, that are dynamically managed by FortiGuard. A valid DLP license is required. |
✓ |
✓ |