Data Loss Prevention

Can DLP 14.6 monitor Native Bluetooth or just bluetooth traffic over USB?

If not, is there a timeframe when we could expect native bluetooth monitoring.

The Endpoint Agent still doesn't support Native Bluetooth monitoring and prevention in my opinion. Bluetooth over USB is supported is because Bluetooth devices expose themselves as USB devices and the OS does not distinguish between them. So its behaviours is similar to that of a standard USB device.

To further elaborate: the current DLP product does not analyze content in transmissions via Infra Red or Bluetooth. Most customers do not see this type of connectivity requirement for typical business interactions (unlike USB). So its recommended to disable these devices on the endpoints as there is not a typical use case that is required for business interactions.

However there are other measures you could take, for example use DLP Endpoint's Application File Access Monitoring & identify the process/service used by Bluetooth (for example: fsquirt.ext) which could then be blocked.

It depends on how that transmission is being sent. The highest risk avenue via bluetooth would be via Media Transfer Protocol (MTP) which we can monitor with some success in the current product. It depends on how that transfer is initiaated and what driver path it takes. If it take the built in Windows MTP device driver then we should be able to block it as part of removable media. Many providers do as Leadvue suggests and as such it becomes like a USB device for us. For the others I would also recomend using Applicaiton File Access Control and then block the parent process.