Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 8988 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Protection and SSL

JSWVLCM

Hi, I was wondering if anyone could tell me whether or not Data Protection works with SSL-encrypted traffic on the endpoints.  For example, will a properly configured Data Protection policy prevent designated sensitive information from being transmitted from an endpoint to an external source if the mechanism providing the transport is encrypted via SSL?  I had a customer recently ask about this and wasn't sure what to tell them.  I also searched through the associated guides and haven't found confirmation of this.

Any insight on this would be appreciated.

Thanks!

:54501


This thread was automatically locked due to age.
  • 0

    Hello JSWVLCM,

    DLP (Data Loss Prevention - or whatever it is called at the moment, names change) basically works by intercepting file opens/reads. Access to the file is blocked before transmission/transfer, thus SSL doesn't come into play here.

    There are two major scenarios

    Transfer to external storage devices - here all writes are blocked except those by Explorer. If Explorer attempts to copy a file the source is determined and if necessary blocked.

    Transmission by specific applications - if a supported application attempts to open a file the file is checked and potentially blocked. There are some limitations though where DLP doesn't "see" the source and can't interfere. Apart from this it only works for the supported applications (all others would have to be blocked by Application Control).

    BTW: There's a dedicated board for DLP

    Christian

    :54513
  • 0

    Thanks Christian that helps explain things.  I guess maybe what the customer was thinking is if you have the Data Protection (DLP) policy enabled in SEC and enforced on your endpoints, if someone copies/pastes sensitive information that's been defined in your Data Protection policy into an SSL-protected application like Gmail or maybe an email message in Outlook that's been configured for SSL/TLS via Microsoft's Office 365, will it be blocked on the endpoint and/or prohibited from leaving the customers network?  If you think it would be better for me to ask about this on the DLP board I can do that.

    :54531
  • 0
    Hello JSWVLCM,

    as said, DLP prevents that files (about to be copied, attached, uploaded) are read. It can not prevent that contents are pasted and subsequently transmitted. DLP uses the on-access scanning component (BTW, AFAIK the defined on-access exclusions still apply to DLP as well).
    As we know, there're always ways to sneak out data. A near ideal solution would require a tightly controlled endpoint (to block portable applications), scanning on the gateways (which is also possible for TLS), and a defined set of permitted protocols.

    Christian
    :54535
  • 0

    Ok great that really helps answer this.  I really appreciate the quick response and helpful information.  I know that the DLP functionality built into SEC/Endpoint Protection doesn't include the capabilities of some of the expensive + full-blown DLP solutions out there and I always try to explain that to our customers.  For basic DLP it does a pretty good job and will address most customers needs expecially when combined with other features like application/device control and other existing perimeter protection equipment customers are using.

    Thanks again!  :smileyhappy:

    :54537