Data Loss Prevention

Anyone have any ideas how I can configure DLP to identify location better?  The only two options is IP address range/ Domain or automatic based on the agents ability to talk to the DLP server.  We have DLP 12.5.2 endpoint publically accessible to the agent so the agent typically can always talk to the server. I want to try to configure policy to only monitor certain things when they are off the network and let network monitors handle some of the detection while the agent is on our network.  If I use IP range it is possible that a person can go to another location and get an IP that is similar to our internal range so IP would not work.

I wish there were other options like "Ping an IP address, or communication with the enforce server rather than the endpoint server" 

Anyone got any ideas on how to make this work better?

Hello,

Dont know if you are aware but you can create an Automated Response Rule based on location, in or out network.

Endpoint location=on/off the corporate network

Yes Morgado.  I am aware, but first you have to ientify if a computer is on or off the network.  The server settings to determine this are not very granular.  If you have a endpoint server in the DMZ then almost all of the time the computer can communicate.  The choices are IP range,  If the endpoint can talk to the endpoint server, or domain name.