San Francisco Bay Area Data Loss Prevention User Group

Just curious if anyone has modified the bandwidth throttling setting on their endpoint agents?  If so, what did you set it to and what are you detecting on your agents, SSN's, CCN's or are you using EDM's and IDM detection on the endpoints?

Hi RHI,

Please see the below for understand this,

1)         Reduced the “Bandwidth Throttle” on agent-to-server communication to 1 mbps.  This throttle can be adjusted in the “Agent Configuration” tab of the “Configure Server” page.  This has the effect of reducing the rate at which agents upload incidents to the server.

2)         In the Aggregator.properties file on the endpoint server, set TCPRecvBufferSize = 4.  This reduces the amount of kernel memory dedicated to storing data received from agents, and in doing so, it reduces the amount of contiguous time that the server will spend servicing requests from a single agent.  Thus, the server will more fairly service each agent.

3)         On the advanced server settings page, set EndpointServer.Discover.ScanStatusBatchInterval = 120000.  This reduces the frequency with which the endpoint server will attempt to send status updates to the enforce server.