Data Loss Prevention

Dear All,

I am stuck in a practical scenario need to integrate two products for my client, Provide him Presentation on it, POC on it, and i myself need deep understanding of the outcomes. Following are some queries if you can reply and give me refernce links to study on.

how would we integrate DLP and PGP?

What would be the traffice flow then?

How it can be achieved in best way?

What are the best practices in it?

What can be the limitations while integration?

Which components/Features of both products can be intergrated?

 

HI,

Check this artical may be help.

Products that support integration with Protection Center

http://www.symantec.com/business/support/index?page=content&id=DOC4806

Is there any diagramateic presentation with which can know that how different Symantec PGP and DLP components are integrated.

HI Kashif,

Check this thread

https://www-secure.symantec.com/connect/forums/benefits-dlp-integration-other-symantec-products

Mirza,

There are some variables in some of the situation you are describing which could change some answers, but the below answers are the generic and or more common scenarios.

• DLP and PGP can be integrated in 2 areas, Netshare and PGP EMail encryption.
• Netshare will help in securing Discover scan results, whereas Email will help aid in securing information going outside the organization.
• Best way to achieve it, and the traffic flow, would involve simply configuring the customer MTA to route traffic with an X-Header (X-Encrypt for example) to the PGP Mail Gateway for encryption, which would then route encrypted mail back out the MTA. DLP would simply have a response rule triggered on incidents that will need encryption, to add the X-Header to the email.
• Limitations of integration are few if nay really. It's really a matter of understanding architecture and appropriately configuring the flow to handle the required flow.
• The components that would really use the integration, would be DLP Network Protect or DLP Endpoint Prevent and PGP Mail Gateway.

There are other sources as well that some others here have described to help get you further information. You might also want to speak to your Symantec account team to get a copy of the updated 11.6 feature decks which outline the integrations that currently exist. This would probably be the most beneficial information.

Hi,

i'm also interested to implement PGP together with DLP, both netshare and email encryption.

i'm just not sure where i can find the right documentation for deployment, as well as necessary infrastructure/hardware prerequisites and licensing.

thank u in advance.

regards,

Jana

Jana,

 

here are the hardware specs for  also attachedd are the install guides and admin guide

 

Does anyone know if it is possible with DLP to inpspect the conternts of a PGP encrypted file. If there is a universal PGP key available to inpect the contents of the file?

Then based on content we can block the email transmission using the headers.

DLP, at this point no it is not... DLP is unable to check out keys from the KMS to look at the encrypted data. take a lokk at the new SYmantec Encryption powered by PGP that came out yesterday... it is going to incorpate PGP mail into the flow.. http://www.symantec.com/encryption hope this helps...

Hey team,

I am attempting to do the DLP and PGP Netshare intergration.

Can anyone assist? Has anyone completed this intergration?

To note I am using the ERM service for the SSL communication.

Hi Mirza and Adanso,

Please refer below attached docs.

K S Sharma,

Thank you for the attachment, but we are looking to do the intergration for encrypting after Discover Scan has identified a file on a Netshare.

 

From the Enterprise Rights Management Service Implementation Guide, we note the below:

 

As an FYI to everyone, I have created a custom Flex Response plugin that works with Voltage Encryption SW. This allows you to either manually or automatically encrypt files based on DAR incidents.

The Encrypt FlexResponse plugin will perform the following:

1. Validate that it is a DAR incident
2. Check to make sure the file still exists
3. Encrypt the file and leave a marker file
4. Update Custom attributes with a new status and also update a custom attribute with the Encryption date and time

The De-Crypt/Re-Encrypt FlexResponse plugin will perform the following:

1. Validate that it is a DAR incident
2. Check to make sure the file still exists
3. De-Crypt the file and delete the marker file
4. Update Custom attributes with a new status and also update a custom attribute with the De-cryption date and time
5. If there is a Re-Encryption account specified in a custom attribute, it will re-encrypt the file to the new owner
6. Update Custom attributes with a new status and also update a custom attribute with the Re-encryption date and time

It has been fully tested at a few customer sites, but can also be modified to run other commands if necessary.

If inerested, please contact me on sales and support.

Ronak

Hi Mirza and Adanso,

Please refer above steps given by DLP solution (Ronak).

To do this intergrations requires a lot of work.

The bottom line is as of now this can only be done with Client Key Mode (CKM), Guarded Key Mode (GKM) and Server Client Key Mode (SCKM). I attempted this process for all key modes in PGP Server and only was successful with these modes.

If you would like the How to, please email me. The How to is very long and I can not post it here.

 

Thank you Ronak, and everyone else who helped.