Data Loss Prevention

Hello

DLP 10.5

i have endpoint module installed,i have one concern ,my scenario is the following:

i have attached a confidential document and send it to my address , i mean from YYY@YYY.com TO YYY@YYY.com,

i have gone to my home and from OWA i have downloaded the confidential document ,does this could happen or the attach even if it is for my address is blocked ,

could you please reply or if you need any clarification let me know

Regards

In order to give you a proper answer i'll start by reminding that the Endpoint agent could only block DCM rules (strings of data), and not IDM (documents).

Because you are sending the main internally it would not go trough the DLP Mail prevent, meaning that it wont be blocked by the DLP system (even if the Endpoint would trigger an IDM incident which is possible when connected to the Endpoint server which could examine IDM rules, it wont be proactively blocked, it would just trigger an incident).

Now, unless you define a proper DCM rule there wont be any trigger. when you connect from home with the OWA, you would be able to download the file, and again unless you define a proper DCM rule there wont be any trouble taking the document out.

Kind Regards,

Naor Penso

Hello Naor

thank you for your geat answers always,

note that i do not want the document to be downloaded from home ,i want this action to be blocked ,it seems that i must have network prevent integrated with  MTA to get this solution right ???

does defining a DCM rule on this document content would prevent from sending him internally !!!????

does defining an IDM rule on it (endppoint server) would generate an incident that it has been downloaded even if the PC at home do not have an agent ?

Regards

One thing at a time.

I know that you don't want to be able to download the file when you are at home.
The issue is that since the file is already at your mailbox, the MTA won't have anything to do with it. the MTA only scans mails going outside the organization, since you sent the mail internally, the MTA wont be able to block the download (it doesn't go through the MTA at all).
Basically, the way your suggesting could be a way to "bypass" the DLP, and there is no DLP that could cope with this issue.

BUT, If you are at work or at home, your laptop is still a corporate property, which means that downloading the file to the computer is not an issue. In order to block the file transfer outside of the computer (which is the issue, preventing data leakage from corporate computers), you will need to create a DCM rule that would block the file transfer from the computer outside (to the web/removable devices etc.).

About the DCM rule, unless you suggest otherwise, the DLP has the ability to block the file transfer within the corporate LAN (meaning you would block transfers internally). Most corporate implementations I have seen acts in 2 ways (depending on the methodology used):

1. Allow all internal communications and data transfer - you define that within the corporate LAN (192.X.X.X, 10.X.X.X etc.)
2. Monitor internal communication and data transfer and create role based/group based/ user based rules - you define user groups/entities inside the corporate, and create rules based on them (for example: finance data could only be sent to finance group etc.)

If the PC at home doesn't have an agent, an incident would not be trigged.
And now that I have re-read your comment, I understand you are talking about your home computer and not your corporate computer. That's an issue that I cannot help you with since there is no control over the flow of data (no agent), the solution in that matter is a strict company policy and maybe Microsoft provides security methods to block attachments on OWA, but DLP won't help you on that matter.

Hope is helps,

Naor Penso

hello again

thank you so much,

Regards