1. Detection rules are used to define the content you want to protect and the context that it’s being used in to determine if a security policy is being violated. DLP finds data using 3 categories of detection technologies:
Describing protects structured and unstructured data by looking for content matches on keywords, regular expressions or patterns (describes set of strings), and data identifiers.
Fingerprinting protects structured and unstructured data by looking for exact or partial content matches on indexed data sources and documents.
Learning protects unstructured textual data by building a statistical model using example documents and determining content similarity.
2. Response rules are used to define the actions to take when the system has detected an incident or policy violation. There are a number of different ways to remediate a data loss incident:
Notify an end user of a policy violation via email or an onscreen pop-up
Require a user to justify an action that violates a policy via an onscreen pop-up
Redirect an unencrypted email containing sensitive data to an encryption gateway for secure delivery
Prevent information from leaving the network by blocking web post or instant message; or from being wrongly exposed on your network by quarantining or relocating files containing confidential data to an encrypted folder on a secure server.