Data Loss Prevention (DLP) tools aim to avoid exfiltration of sensitive data from a network. A similar idea is Data Leak Prevention, which uses the same acronym. DLP can be deployed in various modes and in various positions on a network. DLP targets include:
Data in motion DLP solutions are comparable to network-based IDS or IPS, except that DLP filtering is targeted at traffic originating on the local network itself. Instead of using signatures based on attack vectors, data in motion DLP analyzes packets by means of regular expressions looking for confidential data that should not be traversing the network. For data at rest, DLP engines likewise apply data signatures to databases or file systems, looking for sensitive data outside of secure containers. Finally, data at end-points DLP employs agents at end user equipment like PCs to prevent the exfiltration of sensitive data via CD, DVD, USB, or printer.
References:
http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf
http://www.sans.org/reading_room/whitepapers/dlp/data-loss-prevention_32883
http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Data-Leak-Prevention.aspx