6 Replies Latest reply: Aug 13, 2014 12:16 PM by vimalnavis RSS

    General DLP questions

      Hi,

      I would like to know about some of DLP features.

       

      1) As I understand there is possibility to collect all emails with their contents and attachments and store them as evidence, is this possible only with outlook (and other email clients) or will this also work with webmail? (exchange or zimbra for example).

       

      2) Can I store history of where users are browsing? Just a list of URL's per User.

       

      3) Can I store files as evidence sent via instant messengers like Skype and store messengers chat history as evidence?

       

      4) Am I not mistaking that DLP can store screenshots taken by users as evidence, can it also take periodic snapshots of users desktops?

       

      5) Can all of the above evidences be stored on client computers or only on server? (for the purpose of saving network traffic).

       

      Message was edited by: complexxl9 on 5/25/11 7:14:09 AM CDT
        • 1. Re: General DLP questions
          geek

          1) Only Outlook and Lotus Notes

          2) I don`t know exactly but i think no

          3) "Can I store files as evidence sent via instant messengers like Skype" -yes "store messengers chat history" -no

          4) no

          5) only on server (you can limit network bandwith from agent to server)

          • 2. Re: General DLP questions
            amiyabisoi

            1) As I understand there is possibility to collect all emails with their contents and attachments and store them as evidence, is this possible only with outlook (and other email clients) or will this also work with webmail? (exchange or zimbra for example).

             

            Yes - HDLP can store evidences for outlook, lotus (e-mail protection) and web mails like gmail, yahoo, OWA etc (web protection)

             

            2) Can I store history of where users are browsing? Just a list of URL's per User.

             

            No - You need a proxy or web/URL gateway - Check out McAfee Web Gateway. I think if you have McAfee Network DLP, that might help to some extent in storing web traffic

             

            3) Can I store files as evidence sent via instant messengers like Skype and store messengers chat history as evidence?

             

            Storing evidence - Yes, chat history - No. Again Network DLP or McAfee Web Gateway might be of help

             

            4) Am I not mistaking that DLP can store screenshots taken by users as evidence, can it also take periodic snapshots of users desktops?

             

            No. It doesn't do any type of backup or snapshot of the end-point.

             

            5) Can all of the above evidences be stored on client computers or only on server? (for the purpose of saving network traffic).

             

            Server or NAS or SAN. When the endpoint is offline, all the evidence get stored locally encrypted and those goes to evidence storage when machine goes online in network.

             

            Let me know if you have any other questions/queries/concerns related to HDLP.

             

            -AB

            • 3. Re: General DLP questions

              Thank you for answers, I have additional questions.

              What are pricinciple differences between HDLP and Network DLP ? Can they work together or you have to pick one?

              Are the above answers true for both DLP 3.0 and DLP 9.0 ? Do I need to purchase anything to upgrade from 3.0 to 9.0?

               

              on 5/26/11 7:07:22 AM CDT
              • 4. Re: General DLP questions
                aurelius

                Remark for 1) and 3):

                 

                1) It works only in IE (web post rule). For other browsers - there is another rule "Application file protection rule" that is ineficient (capture file on its opening/attaching and actualy capture other files from folder opened in dialog box).

                 

                3) Everyone says about the impossibility capture encrypted messages, but how other DLP solutions do that (for example TrendMicro do that excelent)?    McAfee should take measures...

                • 5. Re: General DLP questions
                  rplolo

                  hi,

                   

                  can I block/disallow file transfer through skype via DLP endpoint solution?

                  • 6. Re: General DLP questions
                    vimalnavis

                    Unless the keys are available for decryption and/or the solution has analyzed the contents before encryption, no product can read encrypted files.

                    Defeats the purpose of encryption.

                     

                    You can block/disallow file transfer through Skype using Network Communication Protection Rule.

                    This rule works with Tags only.