This is a great question for the sales representative.
1 - DLP endpoint runs a discover scan against the endpoint's local disk or Outlook pst. NDLP Discover supports scanning of CIFS shares, databases, sharepoint, including the endpoint's shared drives.
2 - The DLP Manager is used to coordinate between all connected NDLP appliances and collects all incident data into a single database. An example: this can allow content found as sensitive from a Discover scan to be distributed thru to the other appliances and have the NDLP Prevent stop an email being sent.
The manager is not neccessary if running in standalone mode, such as a single Discover, Monitor or Prevent appliance being used. The single appliance becomes its own Manager. The NDLP Manager can also be integrated into EPO for management and reporting features.
3 - The monitor feature you speak of in EPO for DLPE is more like what the Manager in 2 refers to. The NDLP Monitor captures network traffic thru a SPAN or TAP and creates incidents based off criteria provided, in rules. Essentially all data in motion.
4 - Network Protection rules help prevent leaking data from the desktop where DLP Endpoint has been installed. NDLP Prevent can work with an ICAP proxy (web gateway) or an MTA to forward traffic to the Prevent to be classified. The Prevent then sends a header back to the referred appliance to take the appropriate action.
Hi all, i have questions about when unified DLP.
- "The DLP Manager is used to coordinate between all connected NDLP appliances and collects all incident data into a single database" so every database on every appliances (discover, monitor, prevent) that doesn't have incident, information... save on it's own?
- When DLP unified that managed by ePO so which database will be used for all events DLP or use two databases for HDLP and Network DLP?