Would seem that the technology

rakhirhif8963 · Post by **rakhirhif8963** » Tue Feb 11, 2025 6:27 am

It probabilistic blocking helps, when the software considers everything that even slightly resembles it as an incident - for example, when not the entire client base is sent, but an excerpt from it. However, in real life, there are many situations when employees really need to send such a document - each of them will have to be dealt with manually. Otherwise, the Security Service will drown in complaints from users who are hindered by blocking.

The second negative point is that the active intervention of the system in the work of employees compromises the control methods. In some DLPs, you can set up warnings for users: “You are about to send an internal document. This violates security rules.” In other systems, there are no notifications, but users can still see a pattern: some letters do not go, some files are not copied to flash drives - and will be on guard in the future.

Both approaches are good against accidental leaks, when germany whatsapp data make a mistake in the address or try to take out sensitive information without knowing it. But for real attackers, this gives them an opportunity to learn: to avoid controlled channels, to invent new ways to bypass the rules and still leak information.

As a result, instead of automated protection, the company gets a system that is capable of "catching" only a small percentage of all incidents - random leaks or violations, the "composition" of which completely falls under the blocking rules. Such DLPs are not able to prevent more complex violations or detect real insiders. Therefore, the principle of active blocking is considered obsolete - although at classic "secure" facilities, where there are already uncompromising security rules, it will work like a charm.