Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 8990 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Protection and SSL

JSWVLCM

Hi, I was wondering if anyone could tell me whether or not Data Protection works with SSL-encrypted traffic on the endpoints.  For example, will a properly configured Data Protection policy prevent designated sensitive information from being transmitted from an endpoint to an external source if the mechanism providing the transport is encrypted via SSL?  I had a customer recently ask about this and wasn't sure what to tell them.  I also searched through the associated guides and haven't found confirmation of this.

Any insight on this would be appreciated.

Thanks!

:54501


This thread was automatically locked due to age.
Parents
  • 0
    Hello JSWVLCM,

    as said, DLP prevents that files (about to be copied, attached, uploaded) are read. It can not prevent that contents are pasted and subsequently transmitted. DLP uses the on-access scanning component (BTW, AFAIK the defined on-access exclusions still apply to DLP as well).
    As we know, there're always ways to sneak out data. A near ideal solution would require a tightly controlled endpoint (to block portable applications), scanning on the gateways (which is also possible for TLS), and a defined set of permitted protocols.

    Christian
    :54535
Reply
  • 0
    Hello JSWVLCM,

    as said, DLP prevents that files (about to be copied, attached, uploaded) are read. It can not prevent that contents are pasted and subsequently transmitted. DLP uses the on-access scanning component (BTW, AFAIK the defined on-access exclusions still apply to DLP as well).
    As we know, there're always ways to sneak out data. A near ideal solution would require a tightly controlled endpoint (to block portable applications), scanning on the gateways (which is also possible for TLS), and a defined set of permitted protocols.

    Christian
    :54535
Children
No Data