Data loss prevention (DLP) solutions - endpoint and network-based recommendations

Hello - customer is looking for DLP solutions to address internal security concerns such as copying sensitive information to local USB drives, network shares, etc. They already have solutions in place for the edge, which include Cisco e-mail/web appliances. I reached out to RSA, but they've evidently dropped their network DLP solutions.

Any recommendations for the above?

Thank you
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Better to have the DLP at the endpoint with agent guarding those accesses. Devicelock is one of it. But if you have Windows machines you may want to consider use of GPO to lockdown USB and WPD installation and usage. Also applocker comes to ensure authorise appl can execute based on certain path, hash or even trusted publisher. They are added layer for deterrence..

There are other HIPS solution from Sophos, Symantec and McAfee that does DLP which is agent based. There are useful if you already have their AV running and probably is to enhance your existing package with the principals.
cfan73Author Commented:
@btan - thank you for your response, and I agree on the endpoint approach for limited access to USB drives.

What about the network issue, though? User wants to save something sensitive out to a network file share for someone with higher (administrative) authority to access/share/steal?

Thanks again
btanExec ConsultantCommented:
I see it beyond DLP as the preferred approach is more to have some sort if right management that is embedded with the document to govern the user permission and the dlp policy in the company. Titus has some neat solution in this.

Also I advised not to use file share as SMB is flawed with older version using weak security controls at protocol etc hence sharepoint or collaborative platform to safeguard file sharing will be preferred. But it may be major exercise to exit totally out of network file shares. So EFS can still be consider for multiple user but it is no DLP and likewise for other solution like in Symantec File share encryption.

For network DLP aspect, I understand that there is also Symantec Data Loss Prevention Network Monitor. There is another from codegreennetworks on network DLP in their DLP suite.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
madunixChief Information Officer Commented:
We have implemented Fortigate as DLP;  Its an automated preventive device that can block sensitive information from leaving the internal network, while at the same time logging the offenders.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.