Data Loss Prevention

 View Only

  • 1.  [DLP] IDM, EDM, VML detection and blocking for all modules, except Endpoint

    Posted Nov 27, 2013 09:47 PM

    Hello everyone!

    Working in another DLP solution. This time, i'm having a group of files with high level security information and i'm planning to use IDM for such.

    However, I know for a fact that IDM and EDM won't work on Endpoint Servers.

    My questions is: Will IDM, EDM methods of detection (whether for detection or blocking) work with Network Prevent/Protect/Discover or Monitor???

    Thanks in advance

     



  • 2.  RE: [DLP] IDM, EDM, VML detection and blocking for all modules, except Endpoint

    Broadcom Employee
    Posted Nov 27, 2013 11:01 PM

    it will work on endpoint , however the performance might take a hit.

    you can implement it , however test it with the document.



  • 3.  RE: [DLP] IDM, EDM, VML detection and blocking for all modules, except Endpoint

    Posted Nov 27, 2013 11:36 PM

    Hello pete,

    Could you tell me briefly how to enable this option for Endpoint Prevent??

    I'm not able to get the IDM policy worked with Endpoint Server. I got the "Warning" message, saying it's not compatible.

    Thanks!



  • 4.  RE: [DLP] IDM, EDM, VML detection and blocking for all modules, except Endpoint
    Best Answer

    Trusted Advisor
    Posted Nov 29, 2013 08:04 PM

    Haroldvm..

    EDM/IDM and VML will work perfectly for BOTH detection and blocking when it comes to any other Symantec DLP product except Endpoint. So it will work on the Email Prevent, Web Prevent, Network Discover and the like. It will detect with Network Monitor but NOT prevent anything. (monitor is passive).

    When it comes to Endpoint EDM/IDM are considered 2 tier detections. So you would need to have a policy that can ONLY create an incident on the Enforce console, the user will see nothing. If you want to do this, you will need to write the policy with an AND statement. (2 Tier detection)

    For example if you had an EDM with SSN's and First and Last Name. You would have the policy look for an SSN pattern AND then have a rule for the EDM. This way the endpoint would first have to find the pattern of the SSN (which the endpont can do) and then send it up to the Endpoint server for further detection. The idea is that the endpoint will have to pass the first rule (SSN) before sending it up the the Endpoint server for a 2nd tier.

    If you did not do this the endpoint agent would send EVERY file up to the Endpoint Server. This would tax the laptop and cause an impact to performance.

     

    Hope this makes sense.

    If this solves your questions please marked as solved.

    Ronak



  • 5.  RE: [DLP] IDM, EDM, VML detection and blocking for all modules, except Endpoint

    Posted Jan 08, 2014 09:45 PM

    Thanks you very much! smiley