Data Loss Prevention

 View Only
  • 1.  Detailed information required on Vontu and its capabilities

    Posted Dec 01, 2009 05:22 AM
     Hi,

    I am currently conducting a Data Privacy Assessment in a large telecom company and have found that even though they have installed Vontu, they have not used it to its maximum limit. Hence, creating a lot of room for Data leakage. After assessing the enterprise, i want to suggest designing Vontu to meet all the requirement as follows:

    1. Encrypt all data being transferred by email ( automatically encrypt email and email attachments).
    2. Enforce strict policy on Third party systems.
    3. Enforce strict policy throughout the enterprise.

    Could you please suggest as to how (if any) Vontu can be helpful here and what steps would ensure the best results.

    Also, I do have other clarification on Vontu Endpoint security. I want to suggest installing Vontu Endpoint Agents on all system connecting to the network. So,

    a. Is it possible to push (or install) the agent automatically from the admin control?
    b. Is it possible to set agent (installed) with a master password to disable config changes and ultimately uninstalling the agent. (i want to know if we install the agent on 3rd party systems (owned by them), they are not able to remove it without permission.

    Awaiting your response.

    Regards
    Nikhil Sreekumar



  • 2.  RE: Detailed information required on Vontu and its capabilities

    Posted Dec 02, 2009 01:52 PM
    here are some answers:
    1) Vontu is not an encryption system, by design. what you can do is:
    • user sends mail (mail subject is: secret mail)
    • the MTA transfers the mail on to the Vontu Prevent for mail
    • Vontu prevent identifies the information as confidential
    • Vontu prevent adds a new header to the mail (from secret mail it will become "secret mail encypted")
    • when the MTA receives the new mail with the word encrypted, the MTA itself encryptes the content and sends it over.
    in the situation i have presented the MTA did all the work of encrypting, but the Vontu orderd the MTA to encrypt the mail.
    2) If the regulations and company rules allowes you to install an agent on the third party systems then you can enforce policies on those systems.
    3) Same here, there is no problem enforcing policies troughout the enterprise.

    a. Symantec offers with the Vontu pack a connector for Altiris, meaning that you could use the Altiris management system for free delivery of the agents to the endpoints. Altiris (within the Vontu package) offers also basic computer inventory and some more features. You can also deploy the agents with any deployment system (GPO or any other). the agent is just an MSI file.
    b. it's not possible to configure a master password to the agent, but you should understand that in order to uninstall the agent you need administrative capabilities. moreover, if you are using SEP as your endpoint protection system on your corporate network you could use the SEP Application control in order to prevent the Agent uninstall.
    About killing the agent, it wont be possible because the agent is operated by 2 processes and 2 services in order to provide a fail-over defence.

    I hope it help.
    Kind Regards,
    Naor Penso


  • 3.  RE: Detailed information required on Vontu and its capabilities

    Posted Mar 03, 2010 08:09 AM

     Hello,

    Please I need more information on the following tasks I want to perform on Vontu .

    1. Under Incident remediation,  I want to configure Vontu to block e-mails that violates our e- mail encryption policy, then it should auto-respond by sending an e-mail to the sender and his/her manager (e-mail address) that the message was blocked because it contains materials the violate the company's policy.

    My question is : Is it possible for me to configure Vontu to allow the manger to release /allow the message to be released i.e. unblocked by Vontu even if it has not been encrypted.

    or is this not possible?

    Any tip(s) will be appreciated.

    Kind regards,

    Jide Akinyemi






  • 4.  RE: Detailed information required on Vontu and its capabilities

    Posted Mar 25, 2010 08:30 PM
    There is a possibility to preform the thing you are asking but not as a part of Symantec DLP.
    what you need is to integrate the Symantec DLP and Brightmail.
    There is an option to queue forbidden mails until said otherwise.
    In order to allow the manager of the employee to release the mail, you will also need to integrate with Process Automation which is a module of Symantec Workflow.
    The workflow would be as followed:
    1) mail violated the policy
    2) mail entered the Brightmail queue
    3) Vontu DLP sends mail to the Process Automation Module,
    4) manager receives mail from the Process Automation Module with an explanation of the incident and a link to allow the transfer.
    5) Process Automation Module receives the authorization and sends a command to the Brightmail to release the mail


    Kind Regards,
    Naor Penso


  • 5.  RE: Detailed information required on Vontu and its capabilities

    Posted Apr 16, 2010 10:50 AM
    I have emails which contain PCI or PII auto encrypt by policy when it hits Voltage.