Data Loss Prevention

 View Only

  • 1.  Endpoint Prevent on slow Networks

    Posted Apr 22, 2015 02:47 AM

    Hi guys

    I am currently facing the setup of two new DLP environments.
    Thing is, there are two potential possibilities to setup and run the servers (1x DB, 1xEnforce/Endpoint Prevent):

    Option 1:
    DB and DLP server locally installed.

    Option 2:
    DB and DLP server remotely installed at HQ and accessed from the agents over a slow network (4Mbps over all).
    Since the remote locations are truly on the other side of the world, I am unsure of how network latency will affect the performance of the local workstations.

    I am using Keyword Matching with Endpoint Prevent, providing the user a "user cancel" box if a detection took place. The policies get distributed daily.

    Preferred surely would be option 1, but ever since option 2 is the option with less financial impact (due to licences, no upgrade on hardwara and so on), it obviously is an option for the management.
    So, does anybody already have any kind of experience with environments like these in option 2?

    Any help and inputs appreciated!



  • 2.  RE: Endpoint Prevent on slow Networks

    Posted Apr 22, 2015 07:12 AM

     

    On the remote end of the WAN, I would install an Endpoint server on a small server or high-end workstation in the location where agents are concentrated. Have the agents report to your new remote server. 

     



  • 3.  RE: Endpoint Prevent on slow Networks

    Trusted Advisor
    Posted Apr 22, 2015 05:19 PM

    I would agree with Ethan.. put a VM of a server or someting in the remote site to manage the communication with the endpoints. Otherwise you will have a bunch of Endpints trying to talk to the server in HQ. It would be better for bandwidth to have the Endpoint Server in the reomte location to ONLY communciate with the Enforce server (1 thing as opposed to a bunch of them)

    How many Endpoints will you have in the remote location?

    Ronak

    If this answers your question splease marked as solved



  • 4.  RE: Endpoint Prevent on slow Networks

    Posted Apr 23, 2015 07:13 AM

    Hi guys

    Thanks for the input! I didn't think about that, but it obviously makes sense.
    Will consider this in the proposal.

    There will not be many endpoints. Around 200 over all.

    Although I suppose this is somehow solved with this input, I still am wondering if a setup with remote Endpoint server would affect the performance significantly.