Showing results for 
Search instead for 
Did you mean: 

Using DLPe to protect the data at the Source

While protecting your sensitive data from leaving with Firewalls and Network DLP (a plus that Network DLP integrates into both the Firewall and Gateways a plus), the best solution is to protected your data where it lives in my opinion.  All the network DLP doesn't do you any good if they can A) burn it to DVD or transfer to a thumb drive or B) just send it out encrypted.

This is why DLPe (endpoint) is where I would start and if Intel Security would improve their Endpoint Encryption integration, even better.

1 Reply

Re: Using DLPe to protect the data at the Source

I'm not sure I understand the question?

To respond to your statements, it comes down to where sensitive data is stored on your network and within your organization.  Where it lives yes, but currently there are not viable (to my knowledge, correct me please if I'm wrong) agents for non-windows systems.   For example, many systems, developers, servers, run in non-windows systems or through various data-bases, storage types, etc.   Additionally some organizations are not able to put in a NAC to prevent non-sanctioned pc's without appropriate security controls to be installed from accessing the network.

While yes, in a perfect world, we'd have detection in every place the data is.... that would be so awesome.  

Also, network DLP can easily cover the encryption portion.   You just install certificates and run ICAP to an HTTP/S prevent system (like McAfee NDLP or Vontu or Websense) and deny/drop/alert on traffic matching the policy.   Your firewall then blocks any encrypted traffic to unsanctioned network locations which are not meeting the decryption requirements/etc.

There is always a way to try and bypass, but thats true with any security solution.  Look further and you'll see there is a way to address every method you mentioned for bypassing, so it can be at the very least alerted/tracked, if not blocked.   The biggest obstacle is time and money.  Businesses love setting those aside

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community