I am a little bit confused regarding which option to go for if we can do each and every thing from the DLP Endpoint.
If we just purchase the McAfee DLP Endpoint don't we cover all the options. Let me compare each appliance of it with the DLP Endpoint to get in detail:
1) DLP Discover - Why do we need the DLP Discover appliance when we do already have a discovery option in DLP Endpoint. We can deploy the DLP agent on each device and run the discovery option from the DLP endpoint and it can classify the data and tag it so what is the need to purchase the DLP Discover appliance.
2) DLP Manager - Why do we need the DLP Manager appliance when DLP Endpoint can simply be integrated with the ePO and we can control all its features from the ePO window?
3) DLP Monitor - When we deploy the DLP Endpoint on the ePO we have the DLP Monitor feature installed with it and we have a separate console for DLP Monitor which is a really useful one to monitor the DLP activity. So again why do we need to purchase a separate DLP Monitor Appliance when this feature is already available with the DLP Endpoint.
4) DLP Prevent - We can apply the Network Protection Rules in the DLP Endpoint for the data loss from email, webmail, instant messenger, wikis, blogs, portals, HTTP/HTTPS. or FTP transfers then why we should go with a separate appliance of DLP Prevent.
Awaiting a quick response.
This is a great question for the sales representative.
1 - DLP endpoint runs a discover scan against the endpoint's local disk or Outlook pst. NDLP Discover supports scanning of CIFS shares, databases, sharepoint, including the endpoint's shared drives.
2 - The DLP Manager is used to coordinate between all connected NDLP appliances and collects all incident data into a single database. An example: this can allow content found as sensitive from a Discover scan to be distributed thru to the other appliances and have the NDLP Prevent stop an email being sent.
The manager is not neccessary if running in standalone mode, such as a single Discover, Monitor or Prevent appliance being used. The single appliance becomes its own Manager. The NDLP Manager can also be integrated into EPO for management and reporting features.
3 - The monitor feature you speak of in EPO for DLPE is more like what the Manager in 2 refers to. The NDLP Monitor captures network traffic thru a SPAN or TAP and creates incidents based off criteria provided, in rules. Essentially all data in motion.
4 - Network Protection rules help prevent leaking data from the desktop where DLP Endpoint has been installed. NDLP Prevent can work with an ICAP proxy (web gateway) or an MTA to forward traffic to the Prevent to be classified. The Prevent then sends a header back to the referred appliance to take the appropriate action.
Really great detail to clear my confusions.
Hi all, i have questions about when unified DLP.
- "The DLP Manager is used to coordinate between all connected NDLP appliances and collects all incident data into a single database" so every database on every appliances (discover, monitor, prevent) that doesn't have incident, information... save on it's own?
- When DLP unified that managed by ePO so which database will be used for all events DLP or use two databases for HDLP and Network DLP?
Message was edited by: smalldog on 3/14/13 10:39:53 PM CDT