Feedback

Chat Icon

DevSecOps in Practice

A Hands-On Guide to Operationalizing DevSecOps at Scale

Shifting Left with Security Policy as Code (SPaC)
87%

DLP Sensors: Protecting Sensitive Data

The Global Data Protection Index 2024 reveals that 92% of companies now see their data as a strategic asset, with 75% recognizing its real economic value. Yet, there's a twist—65% of organizations are unsure they can recover their systems in a crisis, and 75% believe their current security measures won't suffice in the future. This situation becomes even more alarming when you consider that IBM's Cost of a Data Breach 2023 report estimates an average data breach costs a staggering $4.45 million, and the Identity Theft Resource Center recorded a 72% rise in breaches, totaling 3,205 incidents in 2023. For these reasons, data loss prevention (DLP) capabilities can put your organization steps ahead in protecting sensitive data. When it comes to cloud-native environments, the complexity of managing data across multiple containers, pods, nodes, volumes, services, and other resources can be overwhelming. The traditional approach of securing data at rest, in transit, and in use is no longer sufficient, and a specialized solution is needed. NeuVector's DLP sensors provide a robust framework for detecting and preventing unauthorized data transmission, protecting personal data, financial records, and intellectual property from leaks and breaches.

Previously, we exported a security policy that included a dlp section. This section is used to define Data Loss Prevention (DLP) settings.

[...]

  spec:
    dlp:
      settings: []
      status: true

[...]

NeuVector's DLP rules help you monitor data flows to stop unauthorized exposure. By default, version 5.4 includes two predefined DLP rules:

  • sensors.creditcard: Detects credit card numbers.
  • sensors.ssn: Detects social security numbers.

Sensors operate in four locations:

  • Packet: Inspects packet payloads.
  • URL: Scans URL paths.
  • Header: Checks request headers.
  • Body: Examines request bodies.

For example, the sensors.ssn rule detects social security numbers using this regular expression at the body level:

\b(?!\b(\d)\1+-?(\d)\1+-?(\d)\1+\b)(?!123-?45-?6789|219-?09-?9999|078-?05-?1120)(?!666|000|9\d{2})\d

DevSecOps in Practice

A Hands-On Guide to Operationalizing DevSecOps at Scale

Enroll now to unlock all content and receive all future updates for free.

Unlock now ($29.99) Learn More
Previous Next