Data Loss Prevention

 View Only

  • 1.  Network Discover

    Posted Jul 10, 2012 09:13 PM

    Hi,

     

    Just trying to understand capabilities of Network Discover (DLP-Vontu) and Data Insight products.

     

    We have a requirement to run a report (daily or weekly) on certain directories on NetApp CIFS fileshares to report on access violations. An access violation constitutes any user (NOT in a list of approved users) accessing a file in those directories. These directories are actually home directories of users and no one except the user and his/her delegated person should open/read the files. I am not sure on a few things here:
    1) Can DLP/DI scan certain directories selectively (as opposed to the whole share/server)?
    2) Can a rule be created to detect access violations automatically? Not sure how complicated the rules/policies will look like.
    3) Can this scanning/discovery be scheduled?
    4) Is there a performance issue due to scans running so frequently?
    5) Can the daily/weekly reports of access violations be emailed?

     

    Would appreciate if anyone can comment on these. Thanks in advance.

     



  • 2.  RE: Network Discover

    Posted Jul 11, 2012 09:33 AM

    Data Insight can in fact answer these requirements.  You setup at the filer level to either scan the whole share (\\servername\Users\) or the specific folder (\\servname\users\jjesse$) and you can schedule this to happen.

     

    The alerts that then come out of the system come out of the system come from a specific time, not as the violations are happening (in my use of the product, might be wrong).  So if setup the policy/alert to say person X shouldn't be accessing it, that alert will come out at a predefined time, not when the access happens (w/ Data Insight, thought I could be wrong).

    Daily and/or weekly reports could be emailed out to the correct people of these violations 

    There is throttling you can setup in the Data Insight scan to help limit the bandwidth and performance impact on the system



  • 3.  RE: Network Discover
    Best Answer

    Posted Jul 11, 2012 11:16 AM

    I can confirm that point on the alerting interval from Data Insight...it happens at a pre-defined time each day (midnight).  And according to the documentation and training, cannot be configured to happen at any other time or interval.

    That said, I concur with the above post in that all of the requirements you state in the original post can be satisfied with Data Insight.  DLP would come into play if you wanted to scan those shares to identify specific content based on your DLP policies, but you don't mention that specifically.

    ~Keith



  • 4.  RE: Network Discover

    Posted Jul 12, 2012 10:19 AM

    Thanks for your replies. I have the information now that I was looking, for from your replies. Thanks again.