Data Leakage Prevention (DLP) tools are critical components in the arsenal of information security for organisations worldwide. These tools aim to prevent unauthorised access and transmission of sensitive data, thus safeguarding intellectual property, personal data, and other confidential information. However, the deployment of DLP tools, particularly their blocking functionality, presents significant challenges. This paper explores the issues surrounding the blocking capabilities of DLP tools, why most Chief Information Security Officers (CISOs) hesitate to activate this feature, and how solutions like ShadowSight can drive a positive information security cultural change.

The Role of DLP Tools

DLP tools are designed to monitor and control data flows within and outside an organisation. Their primary functions include:

  1. Detection: Identifying sensitive data through predefined patterns and rules.
  2. Monitoring: Tracking data movement and user activities.
  3. Blocking: Preventing unauthorised data transmission by interrupting actions that violate security policies.

While detection and monitoring are generally well-received and implemented, the blocking functionality often remains unused. This hesitation stems from various operational and cultural challenges associated with blocking capabilities.

The Blocking Functionality Challenge

False Positives and Alerts Overload

One of the most significant issues with DLP tools' blocking functionality is the high rate of false positives. DLP tools often generate thousands of alerts, many of which are false positives. This results in:

  • Alert Fatigue: Security teams become overwhelmed by the sheer volume of alerts, reducing their ability to respond effectively.
  • Operational Disruption: Legitimate business activities may be mistakenly flagged and blocked, causing frustration among employees and potential loss of productivity.

Impact on Business Functions

Blocking data transmission can severely impact day-to-day business operations. Key areas affected include:

  • Employee Efficiency: Blocking legitimate actions can hinder employees’ ability to perform their jobs, leading to decreased productivity and morale.
  • Customer Relations: Interruptions in data flow can affect customer service, leading to dissatisfaction and potential loss of business.
  • Business Continuity: Critical business processes might be interrupted, affecting the organisation’s overall functionality.

Negative Experience for Stakeholders

The consequences of enabling blocking functionality can extend to various stakeholders within the organisation:

  • Staff: Frequent false positives and the inability to carry out legitimate tasks can lead to frustration and resentment towards security measures.
  • Executive Leadership: Board members and executives may experience disruptions in their workflow, leading to scepticism about the effectiveness and necessity of DLP tools.
  • Security Teams: Overburdened with managing false positives and justifying the interruptions, security teams might struggle to maintain their credibility and effectiveness.

A Different Approach – Drive a Positive Information Security Culture

The Role of ShadowSight the Innovative DLP and Insider Risk platform

ShadowSight exemplifies a new generation of DLP tools designed to foster a positive information security culture while ensuring compliance and security. Key features and benefits include:

  • Comprehensive Alert Management: ShadowSight effectively reduces the typical ongoing alert "noise" by filtering out known good activities, thereby allowing security teams to focus on genuine threats. This improves efficiency and accuracy in threat detection.
  • Enhanced Monitoring Capabilities: The platform offers an easy-to-use enhanced monitoring feature that ensures continuous and detailed oversight of user activities. This proactive monitoring helps in early detection and mitigation of insider risks.
  • Integrated Workflow Solutions: ShadowSight's built-in workflow integrates seamlessly with existing security processes, streamlining response. This integration enhances the overall security posture by ensuring swift and coordinated actions.

Driving Greater Compliance

Implementing a tool like ShadowSight can drive compliance through:

  • User Awareness: Educating users in near real time about the importance of data security and how their actions impact overall security.
  • Positive Reinforcement: Encouraging good practices through recognition and rewards rather than punitive measures.
  • Streamlined Processes: Ensuring security measures are integrated seamlessly into daily operations, minimising disruptions and enhancing user acceptance.


While the blocking functionality of traditional DLP tools presents significant challenges, the adoption of advanced solutions like ShadowSight can transform the approach to data security. By focusing on reducing false positives, engaging users, and minimising operational disruptions, organisations can foster a positive information security culture. This not only enhances compliance but also ensures that security measures support rather than hinder business operations. As CISOs look towards more effective and user-friendly DLP solutions, the balance between security and usability becomes increasingly attainable.

Christopher McNaughton

Strategic Advisor, ShadowSight

Who is Christopher McNaughton

Chris is a proficient problem solver with a strategic aptitude for anticipating and addressing potential business issues, particularly in areas such as Insider Threat, Data Governance, Digital Forensics, Workplace Investigations, and Cyber Security. He thrives on turning intricate challenges into opportunities for increased efficiency, offering pragmatic solutions derived from a practical and realistic approach.

Starting his career as a law enforcement Detective, Chris transitioned to multinational organisations where he specialised and excelled in Cyber Security, proving his authority in the field. Even under demanding circumstances, his commitment to delivering exceptional results remains unwavering, underpinned by his extraordinary ability to understand both cyber and business problems swiftly, along with a deep emphasis on active listening.

What is ShadowSight

ShadowSight is a data leakage prevention and insider risk management platform. It combines behavior analytics, SEIM and an integrated workflow to dynamically adjust to business risk. Staff activity is risk rated and reviewed to highlight risky events.

This Australian developed platform streamlines threat detection with user-friendly interfaces, eliminates ongoing professional services, and integrates seamlessly into business processes. It efficiently filters activities, applies custom rules, and offers comprehensive visibility through a single pane. ShadowSight provides a smarter, cost-effective approach to safeguarding against data leakage and insider risk, distinguishing itself as a leader in adaptive security solutions.