Data Loss Prevention

 View Only
  • 1.  DLP Endpoint Agent alerting for incoming emails/attachments

    Posted Nov 16, 2018 02:28 PM

    Hello All,

    I know this is kind of weird question mostly because the idea of DLP is to prevent sensitive data from leaving the enterprise network/system.

    But, I have been asked to check the feasibility of implementing policy which looks for incoming emails and its attachements for PII/PCI data and alert on it. 

    Protocol and endpoint monitoring does that for outgoing SMTP/HTTP traffic but I am not sure how can we tune this to look the other way around. 

    Any suggestions? 



  • 2.  RE: DLP Endpoint Agent alerting for incoming emails/attachments

    Posted Nov 16, 2018 03:51 PM

    Hi AKcyber,

    As you know DLP is only responsible to prevent sensitive data from leaving the organization.

    But for incoming mails/traffic there is no way to monitor that in DLP. Protocol and endpoint monitoring is only monitor outgoing traffic.

    I would suggest, to monitor incoming traffic you can try with Symantec Email.Security.Cloud, it will give you all content filtering functionalities like DLP. You can make Policies which looks for PCI/PII data in attachments. You can discover and Protect sensitive data and help address legal and compliance requirements through tight integration with Symantec Data Loss Prevention.

    • Discover, monitor, and protect sensitive data wherever it's used—in email, on endpoints, in your network, in storage, and even in cloud apps.
    • Accurately identify confidential data with advanced detection technologies including vector machine learning, exact data matching, and indexed document matching etc.

    Hope this is usefiul information.

    Regards

    Axay Cumar



  • 3.  RE: DLP Endpoint Agent alerting for incoming emails/attachments

    Posted Nov 16, 2018 04:26 PM

    Thanks a lot Axay this help!

    On the side note cant even Network DLP sitting inline with the mail servers achieve this or does it have to be Symantec cloud solution for it to work? 



  • 4.  RE: DLP Endpoint Agent alerting for incoming emails/attachments

    Posted Nov 17, 2018 02:57 AM

    Akcyber

    Network DLP can sitting inline only for outgoing mail traffic. For inline incoming mail traffic DLP can't help.

    You can integrate it with on premises DLP as well, it's not manadatory to have Symantec Cloud Solution.

    It works in both environments on-premises as well as Cloud.

    If you find this information useful plz mark it as solution.