Endpoint Protection

 View Only

  • 1.  Data Leakage Prevention

    Posted Oct 05, 2009 11:54 AM
    Does SEP have the ability to monitor and apply security policies on interfaces such as USB devices (external hard drivers), Firewire, PCMCIA, SD card, Bluetooth, etc...? And does have the ability to alert (through email) of any activities that attempt to break the security policy? If yes, how would I go about implementing it?

    Thank you.


  • 2.  RE: Data Leakage Prevention
    Best Answer

    Posted Oct 05, 2009 12:15 PM
     The Application and Device Control feature of SEP would help you in acheiving this.
    You can block,Log Acess,Read,write atempts and it will send you an email alert of the same. ( needs to be configured)
    However Symantec (Vontu) DLP would be the best software to acheive this.

     

    Symantec Endpoint Protection Manager - Application and Device Control - Policies explained

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008032010523548

    How to configure Application Control in Symantec Endpoint Protection 11.0
    http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/7049d06ba3c9e86f802573620054d9c2?OpenDocument



  • 3.  RE: Data Leakage Prevention

    Posted Oct 05, 2009 12:31 PM
    How to configure Application Control in Symantec Endpoint Protection 11.0

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092616264848



    Title: 'How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.'
    Document ID: 2008102008020548
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008102008020548?Open&seg=ent



  • 4.  RE: Data Leakage Prevention

    Posted Oct 05, 2009 12:34 PM
    Although I agree with Vikram, the fellow who never sleeps, you have to be careful when you say "data leakage" as what SEP can NOT do is prevent transmission of social security numbers or addresses or anything matching that format, but it CAN monitor or control connection of devices, even specific brands/vendors, model numbers, etc. - and prevent or monitor FILE types, such as blocking writes of DOC files to a thumbdrive. But it can't allow DOC files but block DOC files that contain certain content. It's goes by file name and/or type, and devices.
    So you can block all thumbdrives but allow a thumbdrive model AAA by PNY for example.
    You can allow thumbdrives, but alert you if someone either reads a file matching *.DOC or saves a file named *.DOC to such a drive.
    VERY flexible, IMO - but won't manage or watch for specific content inside of files.
    So if you need to get that granular or specific, yes, he's got a solution for that, too.


  • 5.  RE: Data Leakage Prevention

    Posted Oct 08, 2009 05:18 AM
    I agree with ShadowsPapa Data Leakage Prevention ( DLP ) is all together a diffrent product which ..yes SEP does a little bit of it but not in details are mentioned above.