Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

DLP Capabilities Check

Created: 29 Jun 2012 | 5 comments
Mohammad Ashkaibi's picture

 

Hello Everyone,

There’s a prospect that is interested in Endpoint DLP and has two requirements that I’m currently unable to answer due to lack of knowledge. Here they are:

  • Create a rule so that emails with attachments can be sent if and only if the data it contains conform to a specific standard, pattern, etc. (as if DLP would do a validation check of the data against a database or certain format, etc.)
  • Create a workflow so that user actions can be accomplished after they have been approved by their respective managers, or they will be postponed otherwise and eventually denied (e.g., block copying an Excel sheet that contains employee salary info to a removable storage until finance manager reviews and accepts the action)

Also I need to know whether the above can be achieved using DLP Standard (instead of Endpoint DLP) since the customer already has SEP and may renew with us, so upgrading them to SPSEE for Endpoints which includes DLP Standard will be a great fit here.

 

Thanks a lot!

 

- Mohammad

Comments 5 CommentsJump to latest comment

Jsneed's picture
  • Create a rule so that emails with attachments can be sent if and only if the data it contains conform to a specific standard, pattern, etc. (as if DLP would do a validation check of the data against a database or certain format, etc.)

This is possible.

 

  • Create a workflow so that user actions can be accomplished after they have been approved by their respective managers, or they will be postponed otherwise and eventually denied (e.g., block copying an Excel sheet that contains employee salary info to a removable storage until finance manager reviews and accepts the action)

This is probably possible through Symantec workflow and custom response plugins, but I don't believe it is possible out of the box.

 

Jeremy

Mohammad Ashkaibi's picture

But can you tell me how to do this validation? Would it be using EDM, DCM, IDM, etc. or something else And speaking of which, can I achieve this validation using DLP Standard?

Thanks Jeremy...

Jsneed's picture

This can be done any number of ways.  The way I was thinking of it, you would write a rule that blocks all e-mail and then write an exception to the rule that allows e-mail through based on your criteria.  For your criteria, you could use EDM, IDM, VML, content matching, or all of them together.  One thing I should point out is that on the endpoint agent you can't perform actions (Block, User Cancel, User Notify) based on EDM, IDM, VML, since that validation happens on the endpoint server.  I also am not familiar with DLP standard, we have the entire dlp suite but do not have any other symantec products.

 

Jeremy

rp20010's picture

DLP Standard was intended to compete with the cheap/free endpoint DLP solutions the likes of McAfee give away with their Endpoint Security Suite. It's used to takeout the competition and introduce the customer to the full blown Symantec DLP hence it's very limited.

DLP Standard can only perform DCM and doesn't have any remedidation workflow capabilities.

xlloyd's picture

Can you give an example of what you mean by checking if it conforms with a pattern? Meaning it will detect a credit card like 1234-5678-3456-7890 but not like 1234567834567890? Need some clarification here.

For matching data in a database, you need to configure the database to create a dump of the tables you need to inspect, then set DLP to inspect that text dump. DLP won't query the database for data.

I don't know of any workflow capability that allows someone to accomplish an action once approved by their manager. If the security policy states that credit card info should be sent encrypted, a manager who allows this is facilitating a broken business process and should encrypt the data before sending. I think this is what the DLP team had in mind when creating the product.

If this post has helped you, please vote up or mark as solution