Data Loss Prevention

 View Only
  • 1.  DLP , PDFs, and MIME types

    Posted Dec 10, 2010 12:00 PM

    I don't really know much about MIME types but I did a bit of reading before making this post. Now I know that DLP can have response rules that govern PDFs and their content, but can it tell the difference between a PDF with text content as opposed to one without text content?

    Basically, if someone had a PDF with confidential information that should show up in a policy, but the PDF was created with the text as pictures instead of readable text, is there a way to have DLP pick up that it's an image-based PDF and not a text-based one?

    I'm not expecting it to be able to block the image-based one based on the confidential information, but possibly an organisation would prefer to just block sending those kinds of PDFs on a whole. Kinda excessive but just a scenario that I was playing around with in my head. They would have to block all sending of images too if they wanted the policy to be useful anyway...print screen is an easy workaround in some cases...or find some way to disable the print screen button =P

    Right now, the only way I can think of making DLP stop it is if I were to write a policy that identified all PDFs with absolutely no text in it, combine that with a rule to identify PDFs with confidential information, then just  block all of them.

    I was just wondering if there was a way for DLP to identify those kinds of PDFs at a lower level.



  • 2.  RE: DLP , PDFs, and MIME types

    Broadcom Employee
    Posted Dec 10, 2010 09:28 PM

    you can use the IDM for fingerprint to save such documents from leaving the network/endpoint.



  • 3.  RE: DLP , PDFs, and MIME types

    Broadcom Employee
    Posted Dec 10, 2010 11:20 PM

    There is a tool named File Type Analyzer. This tool can be use to analyze almost all file type. But, if you want to detect a special file type, such a CAD file, suggest you to contact the Technical Support.



  • 4.  RE: DLP , PDFs, and MIME types

    Posted Dec 13, 2010 11:17 AM

    I  downloaded File Type Analyzer and tried it out with different pdf files. It couldn't really tell the difference between the picture-based ones and the text-based ones...but it could tell the difference with the version numbers. It seems like a really handy tool though.

    Is it possible for me to write a script to use this tool in writing policies?



  • 5.  RE: DLP , PDFs, and MIME types

    Posted Dec 13, 2010 12:44 PM

    I know I can use IDM for stuff leaving the network...but there's a general suggestion to not use IDM or EDM for endpoint policies because of the impact it would have on the network and the less than satisfactory response time you'd get.

    I suppose depending on the situation though, it should work



  • 6.  RE: DLP , PDFs, and MIME types

    Broadcom Employee
    Posted Dec 13, 2010 10:15 PM

    If you want to write a script to use this tool, it means that this tool open some API for your to call. But, I don't think the File Type Analyzer open such API for a script, such VBS, Perl or Python to call.



  • 7.  RE: DLP , PDFs, and MIME types

    Posted Dec 14, 2010 08:47 AM

    Ooh...I was hoping that I could write a script simply because you use the command line to run it. I didn't think it woulda needed an API as well *sigh*

    ah well lol