Data Loss Prevention

 View Only
  • 1.  DLP Endpoint for preventing data transfer via SD Card off the network

    Posted Dec 04, 2012 01:26 PM

    I'm using DLP 11.1 Endpoint prevent. I would like to know if DLP can prevent data transfer via SD card while the laptop is off the network. And what exactly are the configurations that needs to be done at the enforce server to prevent data transfer via SD card.

     



  • 2.  RE: DLP Endpoint for preventing data transfer via SD Card off the network

    Broadcom Employee
    Posted Dec 04, 2012 10:13 PM

    Yes, DLP Endpoint can monitor and block the sensitive data to be transfer to SD card, no matter the laptop is on the cooperation network or off the network.



  • 3.  RE: DLP Endpoint for preventing data transfer via SD Card off the network

    Posted Dec 05, 2012 12:41 AM

    Yang: Couple of days back I had an incident wherein data was transfered to SD and it was captured by the DLP, but it was not prevented. Whereas all my data transfer to pen drives are blocked. So is there any special configuration for preventing data transfer via SD card.



  • 4.  RE: DLP Endpoint for preventing data transfer via SD Card off the network

    Posted Dec 05, 2012 07:25 AM

    yes, You can do the same. But what exactly you wanted to achieve. You completely wanted to block any data transfer to SD card or only SD card Since you can do it by disable by endpoint Protection policy setting .

    If you wanted to block only confidenhtail data than you should add class ID of that SD card devices. you should also take help of DLP application monitoring and control feature. 

    https://www-secure.symantec.com/connect/forums/dlp-bluetooth-prevention-endpoint-prevent

    https://www-secure.symantec.com/connect/forums/usage-media-transfer-protocol-transfer-data

    In short the services which helps to copy any data tranfer throgh some device driveres for medium bluetooth, wifi,usb,SD card can be blocked.



  • 5.  RE: DLP Endpoint for preventing data transfer via SD Card off the network

    Posted Dec 05, 2012 07:37 AM

    I want to block all data transfer via SD card and give exceptions only to Senior Mgmt. So where can I find this option of "Endpoint Protection Policy setting" in DLP?



  • 6.  RE: DLP Endpoint for preventing data transfer via SD Card off the network

    Posted Dec 05, 2012 08:41 AM

    @ vstanley : Possibly, the data which was transferred to the SD card was protected under an IDM policy.

    Endpoint Prevent cannot prevent the transfer of sensitive data under IDM Policy because it takes time for the DLP to match the sent data with the IDM Profile. However, the Admin or the concerned authorities will be notified with an Incident.

     



  • 7.  RE: DLP Endpoint for preventing data transfer via SD Card off the network

    Posted Dec 06, 2012 12:58 AM

     

    hiVstanely, you can find the applicatiom/serviices used by particular device to transfer data and need well configure DCM detcetion policy with block responce rule.
     
    Removable media monitoring
     
    Endpoint Prevent lets you block data transferring from your hard drive to a
    removable media device. Removable media includes the following devices:
    ■ USB flash drive
    ■ SD card
    ■ Compact flash card
    ■ FireWire connected device
    When the Symantec DLP Agent detects that a violation has occurred, the data is
    not transferred. An incident is created and sent to the Endpoint Server. When a
    violation occurs, the Symantec DLP Agent displays a pop-up notification to the
    user that informs the user that the violation has occurred. 


  • 8.  RE: DLP Endpoint for preventing data transfer via SD Card off the network

    Posted Feb 20, 2013 07:51 AM

    Off the networkd DLP agent work on DCM technology and u should either use Application Control or make responce rule based on DCM rule to block sensetive information transfer.