Data Loss Prevention

Just wondering if it is possible to register a workstation with multiple DLP endpoint servers for testing purposes.

We have DLP endpoint servers in 7 locations, I recently took over administration of the product and its used primarily to detect PCI related activity.

I am located in Dublin, Ireland and when I want to test if PCI incidents are being detected I send myself an email with fake credit card details and DLP detects the incident.

I want to use the same workstation to test this scenario for the other DLP endpoint servers in our other locations and was wondering if I can register the same workstation with multiple endpoint servers to see if they detect the activity.

My initial idea was to setup 7 virtual machines and register each one with each respective DLP endpoint server and then test.

If I can do this on one workstation it would save me a lot of time and effort.

Many thanks in advance

Paolo,

Unfirtunately this is really not possible from a typical install standpoint. In the enforce UI you can move an endpoint agent to talk to a different Endpoint server. You will see this under the Agent Overview page. There is a drop down to change the Endpoint server. (this is only in the newere versions of DLP). This is the easiest way to do it rather than re-installing the agent.

Keep inmind that when you install the agent you canalso have multiple servers listed for failover capabilites.

You can also TRICK the endpoint agent by editting the HOST file on the laptop and change what server the endpoint Server is pointed to. This all depends on what hostname was in the insatllation file. So you can edit the host file in System32\Drivers\etc and have the name that is in the install file and poitn it to the NEW endpoint server you want it to connect to.

Hope this makes sense.

If this solves your questions please marked as solved.

Ronak