Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Prevent data from being copied to unmanaged computers?

Created: 13 Mar 2013 • Updated: 17 Mar 2013 | 5 comments
This issue has been solved. See solution.

We will have unmanaged computers on our LAN.  Users can copy data from either a file server or a managed workstation to an unmanaged workstation as long as they have the required user credentials.

Data could be blocked going out of the local network to the Internet via email etc, but if the unmanaged system is a laptop, they could easily take it away from our network and upload it anywhere from some other network connection.

What are the methods available to prevent DLP flagged data stored on file servers from being copied to workstations that do not have a DLP endpoint agent installed and also prevent copying from a workstation with DLP Endpoint agent to one without the agent via any kind of network file transfer between them?

Also, instead of try to "block" this, is it possible to have these types of events logged into daily reports and pop up a message on the computer with the DLP agent that says something like:  "We see that you are copying this data to an unmanged system.  Pleae submit your explanation before completing the file transfer."

Operating Systems:

Comments 5 CommentsJump to latest comment

pete_4u2002's picture

storage protect is the one you can think of stopping unmanaged computers to copy the file from the fileserver/servers

DLP Solutions2's picture

NetUser,

There is you can do whenit comes to recording or stopping this from happening, without a DLP agent installed.

The only option from a forensic perspective is to use Data Insight. This will be able to tell you who accessed that file and when. Though you will need to know the file to be able to query the DI console.

Please mark solved if possible!

Ronak

Please make sure to mark this as a solution

to your problem, when possible.

NetUser's picture

There are no plans to purchase additional products such as Stoage Protect or Data Insight.

Can Network Monitor create reports on dlp-flagged data being copied around the local network to devices that do not have the DLP Endpoint agents installed instead of only data going out to the Internet?

stephane.fichet's picture

hi netuser,

 i think it is not possible to do exactly what you describe in your first post. But you can imagine that copying a dlp-flagged data to any systems require an explanation so you will be able to configure DLP agent to warn end user about his action.

if your unamanaged system connected to your internal network are on specific IP range, may be you can detect that sensitive information are copied to this type of asset and then be more restrictive in your DLP agent related policy.

 regards

SOLUTION