Data Loss Prevention

 View Only

  • 1.  Reporting on Recipient senders vontu version 11.6 going to 11.5 soon

    Posted Sep 14, 2016 01:14 PM

    Hello!  I would like to thank everyone for your help in advance!

    Please note we are on 11.6.4 going to 14.5 or 14.6 we will do a new install we will not be upgrading this 2 tier environment. That being said I am wondering if the reporting feature is enhanced in 14.5 regarding recipient emails?

    We are looking to generate reports based on incoming emails that are logged in Vontu.

    I / We realize that is not necessarily how the vontu product is designed to work but we would like to be able to max out any of the abilities that vontu would have with regards to incoming emails and what business unit is the recipient.

     

    What we are looking to report on is “Incoming” emails containing Credit Card data pertaining to the Policy - Payment Card Industry Data Security Standard.

     

    We are trying to get a summary for any length of time, could be week, a month, a quarter but by Recipient Business Unit or to put this another way incoming emails going to business units we want to filter and report on this

    Ideally we would like to send an Email report to Business Units leader’s example:

     

    This past month there were 100 incoming emails to people in your department (ie: ABC, DEF etc..) that received emails that triggered the CC policy (emails incoming to “our Company” that contained peoples CC or credit card numbers).

     

    Without going into to much detail we do see incidents depending on the mix of Email senders and CC people and recipients and senders. So for example if an email gets bounced back and forth and the email originated at our facility and went to company “x” – we may log this if it had NPI etc. We also see that when this email comes back from company “x” via a reply we do get a hit or incident logged.

    We want to be able to report on this.

     

    I was thinking that we needed to enhance some settings like the following:

    Edit Lookup Plugin Properties and selecting everything we only have Incidnet and Message and Recipient and Sender now I want to Add Policy and ACL and possible Status I am currently researching what these will offer

     

    Thank You ! Eddie



  • 2.  RE: Reporting on Recipient senders vontu version 11.6 going to 11.5 soon
    Best Answer

    Posted Sep 14, 2016 08:35 PM

    Have you looked into IT Analytics at all?  That should be able to get you some of the more advanced reporting you are looking for.  IT Analytics is really built around adding additional reporting to the system.

    If you aren't aware of what IT Analytics is then it is built around Microsoft SQL Reporting and Analysis services to perform drag and drop based reporting to DLP.  THere are additional cubes and reports that can be done.

    If you are capturing the correct attributes and you are monitoring inbound email corectly one of the cubes hsould be able to pull in the information.

     

    BTW IT Analytics is FREE as long as you have a license of a Symantec Security Product.



  • 3.  RE: Reporting on Recipient senders vontu version 11.6 going to 11.5 soon

    Posted Sep 16, 2016 12:00 PM

    Jonathan Jesse

    Hi Jonathan,

    Thanks for your help, 

    I have a few basic questions about IT Analytics

    Is IT analytics very processor / resource intensive?

    Can we install the IT Analytics server on a VM?

    Can I put IT Analytics on a standalone workstation with server OS just for proof of concept?

    Once I can show value well get the real deal Server VM and shared SQL instance etc.

    Can we install the IT Analytics Database on a shared SQL instance?

    Does this have to be full blown SQL or MSSQL?

    How much disk space does the DB require I realize this depends on my enfoce db size and amount of queries I do? Ex: 500GB or 1TB?

    Jesse Thank you so much for your help!

    Eddie



  • 4.  RE: Reporting on Recipient senders vontu version 11.6 going to 11.5 soon
    Best Answer

    Posted Sep 16, 2016 04:13 PM

    So that's a lot of questions:

    1. IT Analytics itself is just a web front end for SQL Reporting and Analysis Services.  I can do the smae thing directly through SRAS itself, IT Analytics put a better fron  end on things
    2. IT Analytics can be put on a VM, it requires IIS and some other features.  QUESTION:  Where does the SQL server/sevices exist?  THat is where the work is done.
    3. So if its a large organzitaion I would put the IT Analytics server on its own server ad then SQL Database, Reporting and Analysis Serivces on a seperate system.  Then everyting would be segrated and work together
    4. You can leverage a shared SQL server for IT Analytics.  A use case there was a customer had SEP and DLP.  On the SEP SQL server we put Reporting and Analysis services and the IT analytics db on the same box.  So the SEP database, IT Analytics database and the IT Analytics Cubes and Reports were all on the same box.
    5. THis requires full blown SQL, Analysis SErvices and Reporting SErvices