Solved

DLP and Encryption

Posted on 2015-02-03
9
264 Views
Last Modified: 2016-02-25
In order to become compliant my small business needs to incorporate DLP and Encryption -
Data Loss Prevention while files on fileservers are at rest, in use, and in motion
Encryption while files on fileservers are at rest and in motion.

Has anyone had experience with this? I see that Symantec Endpoint offers a suite of products that might work or might be overkill,
Cisco Ironport has also popped up in searches,
and Sophos gateway.

anyone have any experience or suggestions on how to accomplish this?
Windows Server domain controller...
0
Comment
Question by:dnetsol
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40587789
DLP is easily bypassed if someone knows your running DLP. Changing a document from a normal font to windings for instance bypasses all DLP products I tested. Saving documents to the draft folder of your email client can also be a bypass. DLP's use case is to "catch stupid" or laziness. I'm not familiar with regulations or laws that require you to run DLP, esp since they are in their infancy. Symantec does have DLP, many organizations use it, again it does not catch insiders, it catches people emailing data they shouldn't, it catches people sharing documents or ftp'ing them when they shouldn't. A zip file and a password can get past any DLP.
Read this article about encryption to better understand that subject: http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html
Can you list the mandate or law you are trying to comply with?
-rich
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40588051
DLPs can also be setup this way: only tagged documents may leave the company network. The tagging would have to be done by authorized persons of course. So you would have a piece of hardware between your company and the internet gateway that does content inspection - what is not tagged, may not get out.
Years ago, I saw a presentation about this, it was the product mimesweeper, if I remember correctly.
0
 
LVL 17

Expert Comment

by:Learnctx
ID: 40588435
We've implemented McAfee DLP (regulator requirement). Here are a bunch of demo videos and other info:

http://www.mcafee.com/us/products/total-protection-for-data-loss-prevention.aspx#vt=vtab-DemosTutorials

There are others as well like Symantec, RSA, etc.

But really DLP is really best effort and easily bypassed (password protected/encrypted files for example). Unless you block them going out which comes with its own problems like admin overhead... You need to look at SSL interception to pick up data transfers going back and forth, you can be selective like targeting known cloud storage sites or cloud storage classified sites if you have a next gen firewall.

Even after you end up spending all this money, with the prevalence of personal smart phones that have great cameras (not to mention CHEAP high resolution spy cameras) you could have a staff member sit there and video or take photos of documents. To this end for some of our sites we basically ban any equipment coming or going. They walk in for a check with their clothes on and they leave with just their clothes on.

In the end though, if a trusted insider REALLY wants your data...they're going to get it if they have the access. Your best best is detection of abnormal behaviour or unexpected or unauthorised data access. Consider DLP as an OK first line of defence and don't tell your staff you have it to avoid people going to far to bypass it :)
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:dnetsol
ID: 40588778
Thanks for the replies! I understand that DLP can easily be bypassed.
Many of my clients are trying to achieve all these standards for ALTA Best Practices (Title companies) and this requires DLP & encryption.
So any more suggestions on ways to achieve this would be appreciated instead of all the ways I can tell a client why it's stupid :)
0
 
LVL 55

Accepted Solution

by:
McKnife earned 500 total points
ID: 40588832
I thought I  did tell you they are nit easy to fool and I also named one: Clearswift minesweeper.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40589721
Why did you already close the question - was it answered? Did I even touch the second topic "encryption"?
0
 

Author Comment

by:dnetsol
ID: 40591391
i think we might go with native bitlocker for encryption. do you have any suggestions for encryption?
0
 

Expert Comment

by:Joe Bene
ID: 40596476
We use GTB Technologies DLP - excellent solution with complete channel coverage (not just TCP traffic), detection accuracy is great plus you get content visibility to SSL transmissions. (haven't seen that with the others.)  We just upgraded to their full on premise, off premise (network scanning included) agent solution.
Worth checking out
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40596695
What is important for you concerning the capabilities of an encryption software?
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question