Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 8990 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Protection and SSL

JSWVLCM

Hi, I was wondering if anyone could tell me whether or not Data Protection works with SSL-encrypted traffic on the endpoints.  For example, will a properly configured Data Protection policy prevent designated sensitive information from being transmitted from an endpoint to an external source if the mechanism providing the transport is encrypted via SSL?  I had a customer recently ask about this and wasn't sure what to tell them.  I also searched through the associated guides and haven't found confirmation of this.

Any insight on this would be appreciated.

Thanks!

:54501


This thread was automatically locked due to age.
Parents
  • 0

    Hello JSWVLCM,

    DLP (Data Loss Prevention - or whatever it is called at the moment, names change) basically works by intercepting file opens/reads. Access to the file is blocked before transmission/transfer, thus SSL doesn't come into play here.

    There are two major scenarios

    Transfer to external storage devices - here all writes are blocked except those by Explorer. If Explorer attempts to copy a file the source is determined and if necessary blocked.

    Transmission by specific applications - if a supported application attempts to open a file the file is checked and potentially blocked. There are some limitations though where DLP doesn't "see" the source and can't interfere. Apart from this it only works for the supported applications (all others would have to be blocked by Application Control).

    BTW: There's a dedicated board for DLP

    Christian

    :54513
Reply
  • 0

    Hello JSWVLCM,

    DLP (Data Loss Prevention - or whatever it is called at the moment, names change) basically works by intercepting file opens/reads. Access to the file is blocked before transmission/transfer, thus SSL doesn't come into play here.

    There are two major scenarios

    Transfer to external storage devices - here all writes are blocked except those by Explorer. If Explorer attempts to copy a file the source is determined and if necessary blocked.

    Transmission by specific applications - if a supported application attempts to open a file the file is checked and potentially blocked. There are some limitations though where DLP doesn't "see" the source and can't interfere. Apart from this it only works for the supported applications (all others would have to be blocked by Application Control).

    BTW: There's a dedicated board for DLP

    Christian

    :54513
Children
No Data