The modern enterprise is a veritable ocean of unmanaged information. Despite many years and many dollars invested in gaining some control over the massive volumes of content generated by employees, customers, and business operations, few organizations have a clear idea where their sensitive information is located or how it is secured. While some content happens to reside in protected servers, document management systems, and databases, far more is scattered across email files, endpoints, and completely unknown file shares. Enterprises are at risk of compliance violations, insider abuse, and external attacks—not because they cannot protect their sensitive data in known locations, but because they have very little understanding of where the content is actually located, how it is protected, and how it is being used. One of the most promising techniques to help reduce this risk is known as Data Loss Prevention (“DLP”). While DLP involves monitoring data in motion (i.e., monitoring network traffic), DLP tools are also used to protect data at rest (i.e., performing DLP scans of network devices).
Conventional DLP solutions may perform periodic full scans of network devices to discover sensitive data. Unfortunately, full DLP scans may be time and resource intensive. Thus, organizations may only schedule full DLP scans of endpoint devices at infrequent intervals, leaving the possibility that sensitive data may not be discovered on a network device for an extended period of time. Failure to discover sensitive data in a timely manner results in increased risk of data loss.