Data loss prevention (DLP) solutions - endpoint and network-based recommendations

cfan73
cfan73 used Ask the Experts™
on
Hello - customer is looking for DLP solutions to address internal security concerns such as copying sensitive information to local USB drives, network shares, etc. They already have solutions in place for the edge, which include Cisco e-mail/web appliances. I reached out to RSA, but they've evidently dropped their network DLP solutions.

Any recommendations for the above?

Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
btanExec Consultant
Distinguished Expert 2018

Commented:
Better to have the DLP at the endpoint with agent guarding those accesses. Devicelock is one of it. But if you have Windows machines you may want to consider use of GPO to lockdown USB and WPD installation and usage. Also applocker comes to ensure authorise appl can execute based on certain path, hash or even trusted publisher. They are added layer for deterrence..
http://www.devicelock.com/products/features.html

There are other HIPS solution from Sophos, Symantec and McAfee that does DLP which is agent based. There are useful if you already have their AV running and probably is to enhance your existing package with the principals.

Author

Commented:
@btan - thank you for your response, and I agree on the endpoint approach for limited access to USB drives.

What about the network issue, though? User wants to save something sensitive out to a network file share for someone with higher (administrative) authority to access/share/steal?

Thanks again
Exec Consultant
Distinguished Expert 2018
Commented:
I see it beyond DLP as the preferred approach is more to have some sort if right management that is embedded with the document to govern the user permission and the dlp policy in the company. Titus has some neat solution in this.
http://www.titus.com/mobile/solutions-data-loss-prevention_m.php

Also I advised not to use file share as SMB is flawed with older version using weak security controls at protocol etc hence sharepoint or collaborative platform to safeguard file sharing will be preferred. But it may be major exercise to exit totally out of network file shares. So EFS can still be consider for multiple user but it is no DLP and likewise for other solution like in Symantec File share encryption.

For network DLP aspect, I understand that there is also Symantec Data Loss Prevention Network Monitor. There is another from codegreennetworks on network DLP in their DLP suite. https://www.codegreennetworks.com/products/network-data-loss-prevention/network-dlp-technical-detail/
Commented:
We have implemented Fortigate as DLP;  Its an automated preventive device that can block sensitive information from leaving the internal network, while at the same time logging the offenders.

DLP1
DLP2
DLP3
Untitled.jpg

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial