Data Loss Prevention in short for endpoints (Desktop/Laptop/VDI)

Data Loss Prevention, or short DLP, is one of the futures in OfficeScan. The basic of DLP is  prevent certain data from leaving your organisation either via mail, usb, file copy, ect. The type of data that we are refering to can be any type of data. Examples of these are :

  • Credit Card Information
  • Home Address Information
  • International Bank Account Numbers
  • Social Security Numbers
  • National Insurance Numbers
  • South African ID Number (Just cause I live in SA)

The basics of how this work is that as part of the OfficeScan deployment another agent is deployed that will monitor for these types of data leaving you device. When deployed to your endpoints you will see an additional service as below :

DLP_01

But lets start by showing how to install, configure and activate DLP in your OfficeScan environment.

First we need to install the DLP component. This is done by means of the Plug in Manager inside OfficeScan and then to install the OfficeScan Data Protection module. Click on the Install button and once installed then on the Manage Program. This will ask you for your Licence key. Enter the DLP Key.

DLP_02

Next step is to ensure that DLP is enabled for a Group of servers. This is done by clicking on : Network Computers -> Client Management and selecting a Group. Then Click on Settings -> DLP Settings.

DLP_03

In the DLP Setting tab ensure you have enabled DLP for Internal Clients (and External if you have)(Will come back here later to add a Rule)

DLP_04

Next is to either use or create Data Identifiers. Data Identifiers is used to create an expression / key words /file type that should be protected. Some use cases includes :

  • Source Code protection (C#, Java, C++…)
  • Files : ppt, xls,  jpeg , PDF
  • Numbers, date formats, credit card details

This can all be configured from here :

DLP_05

Next is to create a Template. A template is simply a selection of Data Identifiers. Below you can see I created one with a few Expressions.

DLP_06

Now we can go back and enable this rule for a group of clients. Click on Client Management -> The Group -> Settings -> DLP Settings. Here you can select the Templates that you want to add. Then we need to select the Channel. Below is the list of all the Channels that we monitor:

DLP_07

The last point is to select the action. Typical this would be to “Block” and “Notify the client”. Also ensure that you “Enable” the rule.

I tested a rule where I had my SA ID Number and Credit card information stored. I saved this file to a network drive and got the following message :

DLP_CreditCard_Test

The key takeaways is the following :

  • Know the data you want to protect
  • Know the method of the data leaving your network (Mail, USB, HTTP …)
  • Inform users that you are not just protecting them(Personal Data) but also company assets (in the case of source code )
  • Dont take security for granted…..
  1. SecureBeans data loss prevention aims to make sure that the clients end users do not partake in sending critical and private information over the network. The DLP term is also used in describing software that controls what these types of users can send and transfer over the network. Visit at http://securebeans.com/it-solutions/

Leave a Reply