OpenDLP: Data loss prevention tool

OpenDLP is a free and open source, agent-based, centrally-managed, massively distributable data loss prevention tool. Given appropriate Windows domain credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems from a centralized web application. OpenDLP has two components: a web application and an agent.

Web application

• Automatically deploy and start agents over Netbios/SMB
• When done, automatically stop, uninstall, and delete agents over Netbios/SMB
• Pause, resume, and forcefully uninstall agents in an entire scan or on individual systems
• Concurrently and securely receive results from hundreds or thousands of deployed agents over two-way-trusted SSL connection
• Create Perl-compatible regular expressions (PCREs) for finding sensitive data at rest
• Create reusable profiles for scans that include whitelisting or blacklisting directories and file extensions
• Review findings and identify false positives
• Export results as XML
• Written in Perl with MySQL backend.

Agent

• Runs on Windows 2000 and later systems
• Written in C with no .NET Framework requirements
• Runs as a Windows Service at low priority so users do not see or feel it
• Resumes automatically upon system reboot with no user interaction
• Securely transmit results to web application at user-defined intervals over two-way-trusted SSL connection
• Uses PCREs to identify sensitive data inside files
• Performs additional checks on potential credit card numbers to reduce false positives.