How to make a DLP system work. Data Loss Prevention Technologies for preventing leaks of confidential information from an information system to the outside Data loss prevention system for preventing leaks

Before studying and discussing the DLP systems market in detail, you need to decide what this means. DLP systems usually mean software products that are created to protect organizations and enterprises from leaks of classified information. This is how the abbreviation DLP itself is translated into Russian (in full - Data Leak Prevention) - “avoidance of data leaks”.

Such systems are capable of creating a digital secure “perimeter” for analyzing all outgoing or incoming information. The information controlled by this system is Internet traffic and numerous information flows: documents taken outside the protected “perimeter” on external media, printed on a printer, sent to mobile devices via Bluetooth. Since sending and exchanging various types of information is an inevitable necessity these days, the importance of such protection is obvious. The more digital and internet technologies are used, the more security guarantees are needed on a daily basis, especially in corporate environments.

How it works?

Since the DLP system must counteract leaks of corporate confidential information, it, of course, has built-in mechanisms for diagnosing the degree of confidentiality of any document found in intercepted traffic. In this case, there are two common ways to recognize the degree of confidentiality of files: by checking special markers and by analyzing the content.

Currently, the second option is relevant. It is more resistant to modifications that may be made to the file before it is sent, and also makes it possible to easily expand the number of confidential documents that the system can work with.

Secondary DLP Tasks

In addition to its main function, which is related to preventing information leakage, DLP systems are also suitable for solving many other tasks aimed at monitoring the actions of personnel. Most often, DLP systems solve a number of the following problems:

• full control over the use of working time, as well as working resources by the organization’s personnel;
• monitoring employee communications to detect their potential to cause harm to the organization;
• control over the actions of employees in terms of legality (prevention of the production of counterfeit documents);
• identifying employees who send out resumes to quickly find personnel for a vacant position.

Classification and comparison of DLP systems

All existing DLP systems can be divided according to certain characteristics into several main subtypes, each of which will stand out and have its own advantages over the others.

If it is possible to block information that is recognized as confidential, there are systems with active or passive constant monitoring of user actions. The first systems are able to block transmitted information, unlike the second. They are also much better able to deal with accidental information passing to the side, but at the same time they can stop the company’s current business processes, which is not their best quality in comparison with the latter.

Another classification of DLP systems can be made based on their network architecture. Gateway DLPs operate on intermediate servers. In contrast, hosts use agents that work specifically on employee workstations. At the moment, a more relevant option is the simultaneous use of host and gateway components, but the former have certain advantages.

Global modern DLP market

At the moment, the main places in the global DLP systems market are occupied by companies widely known in this field. These include Symantec, TrendMicro, McAffee, WebSense.

Symantec

Symantec maintains its leading position in the DLP market, although this fact is surprising since many other companies could replace it. The solution still consists of modular components that allow it to provide the latest capabilities designed to integrate DLP systems with the best technologies. The technology roadmap for this year was compiled using information from our clients and is today the most progressive available on the market. However, this is far from the best choice of a DLP system.

Strengths:

• significant improvements to Content-Aware DLP technology for portable devices;
• Improved content retrieval capabilities to support a more comprehensive approach;
• improving the integration of DLP capabilities with other Symantec products (the most striking example is Data Insight).

What you need to pay attention to (important disadvantages in the work that are worth thinking about):

• despite the fact that Symantec’s technology roadmap is considered progressive, its implementation often occurs with hitches;
• Even though the management console is fully functional, it is not as competitive as Symantec claims;
• Often clients of this system complain about the response time of the support service;
• the price of this solution is still significantly higher than that of competitors' designs, which over time may take a leading position thanks to small changes in this system.

Websense

Over the past few years, developers have been regularly improving Websense's DLP offering. It can safely be considered a fully functional solution. Websense has provided the modern user with advanced capabilities.

Winning sides:

• Websense is offering a full-featured DLP solution that supports endpoints and data discovery.
• Using the drip DLP function, it is possible to detect gradual information leaks that last quite a long time.

What deserves special attention:

• You can only edit data while you are at rest.
• The technological map is characterized by low power.

McAfee DLP

The McAfee DLP security system also managed to undergo many positive changes. It is not characterized by the presence of special functions, but the implementation of basic capabilities is organized at a high level. The key difference, aside from integration with other McAfee ePolicy Orchestrator (EPO) console products, is the use of storage technology in a centralized database of captured data. This framework can be used to optimize new rules to test against false positives and reduce deployment time.

What attracts you most about this solution?

Incident management can easily be called a strength of the McAfee solution. With its help, documents and comments are attached that promise benefits when working at any level. This solution is able to detect non-text content, for example, a picture. It is possible for DLP systems to deploy a new solution from this developer to protect endpoints, for example, stand-alone.

Functions aimed at developing platforms, presented in the form of mobile communication devices and social networks, have performed quite well. This allows them to beat competitive solutions. New rules are analyzed through a database containing the captured information, which helps reduce the number of false positives and speed up the implementation of rules. McAfee DLP provides core functionality in a virtual environment. Plans regarding their development have not yet been clearly formulated.

Prospects and modern DLP systems

The overview of the various solutions presented above shows that they all work in the same way. According to experts, the main development trend is that “patch” systems containing components from several manufacturers involved in solving specific problems will be replaced by an integrated software package. This transition will be carried out due to the need to relieve specialists from solving certain problems. In addition, existing DLP systems, the analogues of which cannot provide the same level of protection, will be constantly improved.

For example, through complex integrated systems, the compatibility of various types of “patch” system components with each other will be determined. This will facilitate easy change of settings for huge-scale arrays of client stations in organizations and, at the same time, the absence of difficulties with transferring data from components of a single integrated system to each other. Developers of integrated systems are strengthening the specificity of tasks aimed at ensuring information security. Not a single channel should be left uncontrolled, because it is often the source of probable information leakage.

What will happen in the near future?

Western manufacturers trying to take over the market for DLP systems in the CIS countries had to face problems regarding support for national languages. They are quite actively interested in our market, so they strive to support the Russian language.

The DLP industry is seeing a move towards a modular structure. The customer will be given the opportunity to independently select the system components he or she requires. Also, the development and implementation of DLP systems depends on industry specifics. Most likely, special versions of well-known systems will appear, the adaptation of which will be subordinated to work in the banking sector or government agencies. The relevant requests of specific organizations will be taken into account here.

Corporate Security

The use of laptops in corporate environments has a direct impact on the direction of development of DLP systems. This type of laptop computer has many more vulnerabilities, which requires increased protection. Due to the specific nature of laptops (the possibility of theft of information and the device itself), manufacturers of DLP systems are developing new approaches to ensuring the security of laptop computers.

28.01.2014 Sergey Korablev

Selecting any enterprise-grade product is a non-trivial task for technical specialists and decision makers. Choosing a Data Leak Protection (DLP) data loss prevention system is even more difficult. The lack of a unified conceptual system, regular independent comparative studies and the complexity of the products themselves force consumers to order pilot projects from manufacturers and independently conduct numerous tests, determining the range of their own needs and correlating them with the capabilities of the systems being tested

Such an approach is certainly correct. A balanced, and in some cases even hard-won, decision simplifies further implementation and allows you to avoid disappointment when using a particular product. However, the decision-making process in this case may drag on, if not for years, then for many months. In addition, the constant expansion of the market, the emergence of new solutions and manufacturers further complicate the task of not only choosing a product for implementation, but also creating a preliminary shortlist of suitable DLP systems. In such conditions, current reviews of DLP systems are of undoubted practical value for technical specialists. Is a particular solution worth including on the testing list, or will it be too complex to implement in a small organization? Can the solution be scaled to a company of 10 thousand employees? Will a DLP system be able to control business-critical CAD files? An open comparison is not a substitute for thorough testing, but it will help answer basic questions that arise at the initial stage of choosing a DLP.

Participants

The most popular DLP systems on the Russian information security market from the companies InfoWatch, McAfee, Symantec, Websense, Zecurion and Infosystem Jet were selected as participants (according to the Anti-Malware.ru analytical center as of mid-2013).

For the analysis, commercially available versions of DLP systems were used at the time of preparation of the review, as well as documentation and open reviews of products.

The criteria for comparing DLP systems were selected based on the needs of companies of various sizes and different industries. The main task of DLP systems is to prevent leaks of confidential information through various channels.

Examples of products from these companies are shown in Figures 1–6.

Figure 3. Symantec product

Figure 4. InfoWatch product

Figure 5. Websense product

Figure 6. McAfee product

Operating modes

The two main operating modes of DLP systems are active and passive. Active is usually the main operating mode, which blocks actions that violate security policies, such as sending confidential information to an external mailbox. Passive mode is most often used at the system setup stage to check and adjust settings when the proportion of false positives is high. In this case, policy violations are recorded, but restrictions on the movement of information are not imposed (Table 1).

In this aspect, all the systems under consideration turned out to be equivalent. Each of the DLPs can operate in both active and passive modes, which gives the customer a certain freedom. Not all companies are ready to start using DLP immediately in blocking mode - this is fraught with disruption of business processes, dissatisfaction on the part of employees of controlled departments and complaints (including justified ones) from management.

Technologies

Detection technologies make it possible to classify information that is transmitted via electronic channels and identify confidential information. Today, there are several basic technologies and their varieties, similar in essence, but different in implementation. Each technology has both advantages and disadvantages. In addition, different types of technologies are suitable for analyzing different classes of information. Therefore, manufacturers of DLP solutions try to integrate the maximum number of technologies into their products (see Table 2).

In general, the products provide a large number of technologies that, if properly configured, can provide a high percentage of recognition of confidential information. DLP McAfee, Symantec and Websense are rather poorly adapted for the Russian market and cannot offer users support for “language” technologies - morphology, transliteration analysis and masked text.

Controlled channels

Every data transmission channel is a potential leak channel. Even one open channel can negate all the efforts of the information security service that controls information flows. This is why it is so important to block channels not used by employees for work, and control the remaining ones using leak prevention systems.

Despite the fact that the best modern DLP systems are capable of monitoring a large number of network channels (see Table 3), it is advisable to block unnecessary channels. For example, if an employee works on a computer only with an internal database, it makes sense to completely disable his Internet access.

Similar conclusions are valid for local leakage channels. True, in this case it can be more difficult to block individual channels, since ports are often used to connect peripherals, I/O devices, etc.

Encryption plays a special role in preventing leaks through local ports, mobile drives and devices. Encryption tools are quite easy to use and their use can be transparent to the user. But at the same time, encryption eliminates a whole class of leaks associated with unauthorized access to information and loss of mobile storage devices.

The situation with the control of local agents is generally worse than with network channels (see Table 4). Only USB devices and local printers are successfully controlled by all products. Also, despite the importance of encryption noted above, this feature is only present in certain products, and the feature of forced encryption based on content analysis is present only in Zecurion DLP.

To prevent leaks, it is important not only to recognize confidential data during transmission, but also to limit the spread of information in the corporate environment. To do this, manufacturers include tools in DLP systems that can identify and classify information stored on servers and workstations on the network (see Table 5). Data that violates information security policies should be deleted or moved to secure storage.

To identify confidential information on corporate network nodes, the same technologies are used as to control leaks through electronic channels. The main difference is architectural. If network traffic or file operations are analyzed to prevent leaks, then stored information – the contents of network workstations and servers – is examined to detect unauthorized copies of confidential data.

Of the DLP systems under consideration, only InfoWatch and Dozor-Jet ignore the use of tools for identifying information storage locations. This is not a critical feature for preventing electronic leakage, but it does significantly limit the ability of DLP systems to proactively prevent leakage. For example, when a confidential document is located within a corporate network, this is not an information leak. However, if the location of this document is not regulated, if the location of this document is not known to information owners and security officers, this can lead to a leak. Unauthorized access to information may occur or appropriate security rules may not be applied to the document.

Ease of management

Characteristics such as ease of use and management can be no less important than the technical capabilities of the solutions. After all, a truly complex product will be difficult to implement; the project will take more time, effort and, accordingly, finances. An already implemented DLP system requires attention from technical specialists. Without proper maintenance, regular audits and adjustments of settings, the quality of recognition of confidential information will drop significantly over time.

The management interface in the native language of the security officer is the first step to simplify the work with the DLP system. It will not only make it easier to understand what this or that setting is responsible for, but will also significantly speed up the process of configuring a large number of parameters that need to be configured for the correct operation of the system. English can be useful even for Russian-speaking administrators to clearly interpret specific technical concepts (see Table 6).

Most solutions provide quite convenient management from a single (for all components) console with a web interface (see Table 7). The exceptions are the Russian InfoWatch (no single console) and Zecurion (no web interface). At the same time, both manufacturers have already announced the appearance of a web console in their future products. The lack of a single console for InfoWatch is due to the different technological basis of the products. Development of its own agent solution was discontinued for several years, and the current EndPoint Security is the successor to the third-party EgoSecure (formerly known as cynapspro) product the company acquired in 2012.

Another point that can be attributed to the disadvantages of the InfoWatch solution is that to configure and manage the flagship DLP product InfoWatch TrafficMonitor, knowledge of the special scripting language LUA is required, which complicates the operation of the system. Nevertheless, for most technical specialists, the prospect of improving their own professional level and learning an additional, albeit not very popular, language should be perceived positively.

Separating system administrator roles is necessary to minimize the risks of preventing the emergence of a superuser with unlimited rights and other fraud using DLP.

Logging and reporting

The DLP archive is a database in which events and objects (files, letters, http requests, etc.) recorded by the system’s sensors during its operation are accumulated and stored. The information collected in the database can be used for various purposes, including analyzing user actions, saving copies of critical documents, and as a basis for investigating information security incidents. In addition, the database of all events is extremely useful at the stage of implementing a DLP system, since it helps to analyze the behavior of DLP system components (for example, find out why certain operations are blocked) and adjust security settings (see Table 8).

In this case, we see a fundamental architectural difference between Russian and Western DLPs. The latter do not maintain an archive at all. In this case, the DLP itself becomes easier to maintain (there is no need to maintain, store, backup and study a huge amount of data), but not for operation. After all, the event archive helps to configure the system. The archive helps to understand why information transfer was blocked, check whether the rule worked correctly, and make the necessary corrections to the system settings. It should also be noted that DLP systems require not only initial configuration during implementation, but also regular “tuning” during operation. A system that is not properly supported and maintained by technical specialists will lose a lot in the quality of information recognition. As a result, both the number of incidents and the number of false positives will increase.

Reporting is an important part of any activity. Information security is no exception. Reports in DLP systems perform several functions at once. Firstly, concise and understandable reports allow information security service managers to quickly monitor the state of information security without going into details. Second, detailed reports help security officers adjust security policies and system settings. Thirdly, visual reports can always be shown to the company’s top managers to demonstrate the results of the DLP system and the information security specialists themselves (see Table 9).

Almost all competing solutions discussed in the review offer both graphical reports, convenient for top managers and heads of information security services, and tabular reports, more suitable for technical specialists. Only DLP InfoWatch lacks graphical reports, which is why it received a lower rating.

Certification

The question of the need for certification for information security tools and DLP in particular is an open one, and experts often argue on this topic within professional communities. Summarizing the opinions of the parties, it should be recognized that certification itself does not provide serious competitive advantages. At the same time, there are a number of customers, primarily government organizations, for which the presence of one or another certificate is mandatory.

In addition, the existing certification procedure does not correlate well with the software development cycle. As a result, consumers are faced with a choice: buy an outdated, but certified version of the product or an up-to-date, but not certified one. The standard solution in this situation is to purchase a certified product “on the shelf” and use the new product in a real environment (see Table 10).

Comparison results

Let us summarize our impressions of the considered DLP solutions. Overall, all participants made a favorable impression and can be used to prevent information leaks. Differences between products allow us to specify their scope of application.

The InfoWatch DLP system can be recommended for organizations for which it is fundamentally important to have an FSTEC certificate. However, the latest certified version of InfoWatch Traffic Monitor was tested at the end of 2010, and the certificate expires at the end of 2013. Agent solutions based on InfoWatch EndPoint Security (also known as EgoSecure) are more suitable for small businesses and can be used separately from Traffic Monitor. Using Traffic Monitor and EndPoint Security together may cause scaling issues in large enterprise environments.

Products from Western manufacturers (McAfee, Symantec, Websense), according to independent analytical agencies, are significantly less popular than Russian ones. The reason is the low level of localization. Moreover, it’s not even a matter of the complexity of the interface or the lack of documentation in Russian. Features of technologies for recognizing confidential information, pre-configured templates and rules are “tailored” for the use of DLP in Western countries and are aimed at meeting Western regulatory requirements. As a result, in Russia the quality of information recognition is noticeably worse, and compliance with the requirements of foreign standards is often irrelevant. At the same time, the products themselves are not bad at all, but the specifics of using DLP systems on the Russian market are unlikely to allow them to become more popular than domestic developments in the foreseeable future.

Zecurion DLP is distinguished by good scalability (the only Russian DLP system with confirmed implementation on more than 10 thousand jobs) and high technological maturity. However, it is surprising that there is no web console, which would help simplify the management of an enterprise solution aimed at various market segments. Zecurion DLP's strengths include high-quality recognition of confidential information and a full line of products for leak prevention, including protection at the gateway, workstations and servers, identification of storage locations and tools for data encryption.

The Dozor-Jet DLP system, one of the pioneers of the domestic DLP market, is widespread among Russian companies and continues to expand its client base due to the extensive connections of the system integrator Jet Infosystems, which is also a DLP developer. Although DLP is technologically somewhat behind its more powerful counterparts, its use can be justified in many companies. In addition, unlike foreign solutions, Dozor Jet allows you to maintain an archive of all events and files.

DLP ( Digital Light Processing) is a technology used in projectors. It was created by Larry Hornbeck from Texas Instruments in 1987.

In DLP projectors, the image is created by microscopically small mirrors that are arranged in a matrix on a semiconductor chip called a Digital Micromirror Device (DMD). Each of these mirrors represents one pixel in the projected image.

The total number of mirrors indicates the resolution of the resulting image. The most common DMD sizes are 800x600, 1024x768, 1280x720, and 1920x1080 (for displaying HDTV, High Definition TeleVision). In digital cinema projectors, the standard DMD resolutions are considered to be 2K and 4K, which correspond to 2000 and 4000 pixels along the long side of the frame, respectively.

These mirrors can be quickly positioned to reflect light onto either a lens or a heatsink (also called a light dump). Rapidly rotating the mirrors (essentially switching between on and off) allows the DMD to vary the intensity of light that passes through the lens, creating shades of gray in addition to white (mirror in the on position) and black (mirror in the off position). ).

Color in DLP projectors

There are two main methods for creating a color image. One method involves the use of single-chip projectors, the other - three-chip ones.

Single chip projectors

View of the contents of a single-chip DLP projector. The yellow arrow shows the path of the light beam from the lamp to the matrix, through the filter disk, mirror and lens. The beam is then reflected either into the lens (yellow arrow) or onto the radiator (blue arrow).

External images
	Optical design of a single-matrix DLP projector
	Micromirror suspension and control circuit

In projectors with a single DMD chip, colors are produced by placing a rotating color disk between the lamp and the DMD, much like the Columia Broadcasting System's "sequential color television system" used in the 1950s. The color disk is usually divided into 4 sectors: three sectors for the primary colors (red, green and blue), and the fourth sector is transparent to increase brightness.

Due to the fact that the transparent sector reduces color saturation, in some models it may be absent altogether; in others, additional colors may be used instead of the empty sector.

The DMD chip is synchronized with the spinning disk so that the green component of the image is displayed on the DMD when the green sector of the disk is in the path of the lamp. Same for red and blue colors.

The red, green and blue components of the image are displayed alternately, but at a very high frequency. Thus, it seems to the viewer that a multi-colored picture is being projected onto the screen. In early models, the disk rotated once every frame. Later, projectors were created in which the disk makes two or three revolutions per frame, and in some projectors the disk is divided into a larger number of sectors and the palette on it is repeated twice. This means that the components of the image are displayed on the screen, replacing each other up to six times in one frame.

Some recent high-end models have replaced the rotating color disk with a block of very bright LEDs in three primary colors. Due to the fact that LEDs can be turned on and off very quickly, this technique allows you to further increase the refresh rate of the colors of the picture, and completely get rid of noise and mechanically moving parts. Refusal of the halogen lamp also facilitates the thermal operation of the matrix.

"Rainbow Effect"

Rainbow DLP effect

The rainbow effect is unique to single-chip DLP projectors.

As already mentioned, only one color is displayed per image at a given time. As the eye moves across the projected image, these different colors become visible, resulting in the perception of a "rainbow" by the eye.

Manufacturers of single-chip DLP projectors have found a way out of this situation by overclocking the rotating segmented multi-color disk, or by increasing the number of color segments, thus reducing this artifact.

Light from LEDs made it possible to further reduce this effect due to the high frequency of switching between colors.

In addition, LEDs can emit any color of any intensity, which has increased the gamma and contrast of the image.

Three-chip projectors

This type of DLP projector uses a prism to split the beam emitted by the lamp, and each of the primary colors is then directed to its own DMD chip. These rays are then combined and the image is projected onto a screen.

Triple-chip projectors are capable of producing more shade and color gradations than single-chip projectors because each color is available for a longer period of time and can be modulated with each video frame. In addition, the image is not subject to flickering and the “rainbow effect” at all.

Dolby Digital Cinema 3D

Infitec has developed spectral filters for the rotating disc and glasses, allowing the projection of frames for different eyes in different subsets of the spectrum. As a result, each eye sees its own, almost full-color image on a regular white screen, in contrast to systems with polarization of the projected image (such as IMAX), which require a special “silver” screen to maintain polarization upon reflection.

see also

Alexey Borodin DLP technology. Portal ixbt.com (05-12-2000). Archived from the original on May 14, 2012.

Display technologies
Video displays
Following generation displays
Not a video
3D displays
Static
see also

Wikimedia Foundation. 2010.

See what "DLP" is in other dictionaries:

DLP- Saltar a navegación, búsqueda Digital Light Processing (en español Procesado digital de la luz) es una tecnología usada en proyectores y televisores de proyección. El DLP fue desarrollado originalmente por Texas Instruments, y sigue siendo el... ... Wikipedia Español

DLP- is a three letter abbreviation with multiple meanings, as described below: Technology Data Loss Prevention is a field of computer security Digital Light Processing, a technology used in projectors and video projectors Discrete logarithm problem,… … Wikipedia

These days you can often hear about such technology as DLP systems. What is it and where is it used? This is software designed to prevent data loss by detecting possible irregularities in data transmission and filtering. In addition, such services monitor, detect and block its use, movement (network traffic), and storage.

As a rule, leakage of confidential data occurs due to the operation of equipment by inexperienced users or is the result of malicious actions. Such information in the form of personal or corporate information, intellectual property (IP), financial or medical information, credit card information and the like requires enhanced protection measures that modern information technologies can offer.

The terms “data loss” and “data leakage” are related and are often used interchangeably, although they are somewhat different. Cases of information loss turn into information leakage when a source containing confidential information disappears and subsequently ends up in the hands of an unauthorized party. However, data leakage is possible without data loss.

DLP categories

Technological tools used to combat data leakage can be divided into the following categories: standard security measures, intelligent (advanced) measures, access control and encryption, as well as specialized DLP systems (what these are is described in detail below).

Standard measures

Standard security measures such as intrusion detection systems (IDS) and antivirus software are commonly available mechanisms that protect computers from outsider as well as insider attacks. Connecting a firewall, for example, prevents unauthorized persons from accessing the internal network, and an intrusion detection system detects intrusion attempts. Internal attacks can be prevented by checking with an antivirus that detects those installed on PCs that send confidential information, as well as by using services that operate in a client-server architecture without any personal or confidential data stored on the computer.

Additional Security Measures

Additional security measures use highly specialized services and timing algorithms to detect abnormal data access (i.e., databases or information retrieval systems) or abnormal email exchanges. In addition, such modern information technologies identify programs and requests with malicious intent and perform deep scans of computer systems (for example, recognizing keystrokes or speaker sounds). Some such services can even monitor user activity to detect unusual data access.

Custom designed DLP systems - what is it?

Designed for information security, DLP solutions are designed to detect and prevent unauthorized attempts to copy or transfer sensitive data (either intentionally or unintentionally) without permission or access, typically by users who have access rights to the sensitive data.

In order to classify certain information and regulate access to it, these systems use mechanisms such as exact matching of data, structured fingerprinting, acceptance of rules and regular expressions, publication of code phrases, conceptual definitions and keywords. The types and comparison of DLP systems can be presented as follows.

Network DLP (also known as data in motion or DiM)

As a rule, it is a hardware solution or software that is installed at network points originating near the perimeter. It analyzes network traffic to detect sensitive data being sent in violation of

Endpoint DLP (data when using )

Such systems operate on end-user workstations or servers in various organizations.

As with other network systems, an endpoint can face both internal and external communications and can therefore be used to control the flow of information between types or groups of users (eg firewalls). They are also capable of monitoring email and instant messaging. This happens as follows - before messages are downloaded to the device, they are checked by the service, and if they contain an unfavorable request, they are blocked. As a result, they become uncorrected and are not subject to the rules for storing data on the device.

A DLP system (technology) has the advantage that it can control and manage access to physical devices (for example, mobile devices with storage capabilities), and sometimes access information before it is encrypted.

Some endpoint-based systems can also provide application control to block attempts to transmit sensitive information, as well as provide immediate feedback to the user. However, they have the disadvantage that they must be installed on every workstation on the network, and cannot be used on mobile devices (for example, cell phones and PDAs) or where they cannot be practically installed (for example, , at a workstation in an Internet cafe). This circumstance must be taken into account when choosing a DLP system for any purpose.

Data Identification

DLP systems include several methods aimed at identifying secret or confidential information. This process is sometimes confused with decryption. However, data identification is the process by which organizations use DLP technology to determine what to look for (in motion, at rest, or in use).

The data is classified as structured or unstructured. The first type is stored in fixed fields within a file (such as a spreadsheet), while unstructured refers to free-form text (in the form of text documents or PDF files).

According to experts, 80% of all data is unstructured. Accordingly, 20% are structured. is based on content analysis focused on structured information and contextual analysis. It is done at the place where the application or system in which the data originated was created. Thus, the answer to the question “DLP systems - what is it?” will serve to determine the information analysis algorithm.

Methods used

Methods for describing sensitive content are numerous today. They can be divided into two categories: accurate and inaccurate.

Accurate methods are those that involve content analysis and reduce false positive responses to queries to virtually zero.

All others are imprecise and may include: dictionaries, keywords, regular expressions, extended regular expressions, data meta tags, Bayesian analysis, statistical analysis, etc.

The effectiveness of the analysis directly depends on its accuracy. A DLP system with a high rating has high performance in this parameter. The accuracy of DLP identification is essential to avoid false positives and negative consequences. Accuracy can depend on many factors, some of which may be situational or technological. Accuracy testing can ensure the reliability of the DLP system - almost zero false positives.

Detection and prevention of information leaks

Sometimes the data distribution source makes sensitive information available to third parties. After some time, some of it will most likely be found in an unauthorized location (for example, on the Internet or on another user’s laptop). DLP systems, the price of which is provided by developers upon request and can range from several tens to several thousand rubles, must then investigate how the data was leaked - from one or more third parties, whether it was done independently of each other, whether the leak was provided by any then by other means, etc.

Data at rest

“Data at rest” refers to old archived information stored on any of the client PC's hard drives, on a remote file server, on a disk. This definition also applies to data stored in a backup system (on flash drives or CDs). This information is of great interest to businesses and government agencies simply because a large amount of data sits unused in storage devices and is more likely to be accessed by unauthorized persons outside the network.

Multimedia projectors help to display graphic and video information from various sources on a large screen. They are widely used not only in educational institutions, but also in business. The market for interactive multimedia devices is huge. Each technology used by manufacturers has its own advantages and features. Let's consider which digital equipment is preferable for different applications - LCD or DLP projector, their advantages and disadvantages.

Depending on the selected projector, image quality varies. The resulting image can be assessed by main parameters:

• brightness,
• color accuracy,
• contrast,
• color depth,
• update frequency,
• uniformity of lighting,
• optical efficiency,
• permission.

In order for multimedia images to look high quality, projector technology must provide a high level of basic parameters. However, not all projection systems are equally capable of achieving the optimum technical level.

Features of DLP technology

DLP technology (translated from English as “digital light processing”) is the most promising technical solution, which is based on the invention of the American scientist L. Hornbeck, digital micromirror device.

The device matrix consists of several thousand mirrors measuring no more than 16 microns. One part corresponds to 1 pixel and is made of aluminum alloy. Due to the peculiarity of the mirror surface, the material is highly reflective. The micromirror elements are attached to the bracket using an axis. It is attached to the matrix base with a special system of highly mobile plates. Thus, the mirrors are placed on top integrated circuit.

Under the micromirrors in 2 opposite corners there are electrodes that connect to the Sram static memory. Due to the action of the electric field, the microscopic mirrors take two positions, while deviating clearly from the central axis to the right or left by 10 degrees. As a result, reflecting from the LCD matrix, the light is focused using an optical system of micromirrors and positioned on the display.

Operating principle of a DLP projector

DLP technology allows you to create a digital DLP projector with a high degree of brightness. Such digital devices use a complex design consisting of three microcircuits.

Operating principle of the technology:

• a white beam of light is split by a prism into 3 components - red, blue and green;
• light fluxes are redirected clearly to their separate surface of the chip;
• Reflected from mirrors, colored rays are focused onto the screen using a projection lens.

These devices are most often used for broadcasting wide-screen images in cinemas.

A DLP projector uses digital technology, where pixels are binary elements that are in two positions: on or off. Thanks to this, there is no sensitivity of gray color to various environmental factors and ensures high degree of repeatability. Due to this feature, gradation of brightness and color shades are projected stably and evenly over the entire area.

Features of LCD technology

When using LCD technology, multimedia projectors are equipped with 3 polysilicon LCD screens. Each panel is responsible for its own color. Matrices consist of a collection of individual pixels. Between them there are control components that regulate their transparency. Next, the color beams are combined through a prism and, thanks to connecting lenses, projected onto the monitor screen.

New 3LCD digital projectors have improved technical characteristics. Three-matrix products use Texas Instruments brand chips. The distinctive characteristics of 3LCD Group products are that by projecting three colors of the spectrum onto the display, a bright color space is obtained, there is no “rainbow effect”, and the rendering of gray shades is as close to reality as possible.

Projectors using digital LCD technology operate on the following principle:

• Due to 2 dichroic micromirrors, the white light of the lamp is split into primary colors: green, red and blue;
• then each color is passed through the LCD matrix;
• a full-color image is formed.

Comparative characteristics of DLP or LCD projectors

Both technologies have developed and improved in recent years, so the differences between them are becoming less noticeable. The table summarizes the main pros and cons of the two systems.

	DLP-projectors	LCD-projectors
Advantages	high degree of equipment interchangeability; optimal optical efficiency; color accuracy; the gradation of brightness is uniform over the entire surface plane; equipment reliability; the ability to perform 3D projection on widescreen screens; high contrast ratio; light weight of equipment; Suitable for use in dusty and smoky environments	rich colors of the picture; low energy consumption; high brightness
Flaws	"rainbow effect" that appears on the projected display	it is necessary to periodically clean and replace the filter; less contrast; pixel visibility; reduction in image quality after use; equipment is more massive and heavier

Despite the existence of small shortcomings, both technologies are constantly improving, and the model range is periodically updated. Digital projector manufacturers are modifying the devices to improve image quality.

Conclusion

When choosing which digital devices are more suitable for business and will satisfy the expectations of viewers - DLP or LCD digital projectors, they take into account the operational parameters, reliability and functionality of the system.

To reproduce images on a widescreen screen in a cinema, broadcast videos and presentations, a projector with DLP technology is suitable. For home viewing a DLP projector is also more suitable. It has high color, contrast, and image stability characteristics. Digital portable DLP devices have proven themselves to be reliable and high-quality modern projection devices. For broadcasting with accurate color reproduction and for economical use of electricity choose LCD projectors.