Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
423 Views 3 Replies Latest reply: Oct 2, 2013 12:36 PM by vimalnavis RSS
robg3381 Newcomer 3 posts since
Apr 8, 2013
Currently Being Moderated

Sep 25, 2013 3:45 PM

DLP 9.3 & USB Copy Slowness with Removable Storage Protection

We're relatively newer to DLP and upgrade from 9.2 to 9.3 a month or so ago.  We recently switched our policy to full protection mode and now users are complaining of slowness when doing file copies.  From talking to Platinum support, this is due to the fact that DLP scans all the files for content before it allows it to copy to the device.  In some of the cases, we have real business needs to copying this data to the drives so the users need to be able to perform this in a decent amount of time.  In some cases, they may copy 50MB to a USB drive and at times it will take 8 minutes or so due to the number of files being copied, etc.

    

How can we better manage this so we don't alienate the userbase?

 

Our intent is to scan documents and all files and log it (not block), without impacting users as much as possible.

 

Any advice or guidance is much appreciated!

  • vimalnavis McAfee SME 204 posts since
    Feb 23, 2010

    8 minutes for 50MB sounds like a lot. Are these zip files?

    Depending on whether you are using Tags or Content Categories and other configuration items in the policy, there may be scope for improvement.

     

    In order to scan files, depending on the system hardware the application is going to take some time.

    It eventually comes down to this: Security vs. Usability. If you want to be more secure, be prepared for some delays / performance impact (just like with any other security product, e.g. antivirus).

    As long as there is good Governance in place i.e. backing from the Management Team on the data protection initiatives (the way it is supposed to be) and security awareness training, users would eventually understand why companies need to protect their data (and how that affects performance).

  • vimalnavis McAfee SME 204 posts since
    Feb 23, 2010

    I wouldn't be surprised if in your case the delay is because of a bug. 8 minutes for 50MB sounds a lot to me. What interests me more is that the files are proprietary image files.

    Unless these files contain content there is nothing for DLPe to analyze.

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points