Chicago (Midwest) Data Loss Prevention User Group

Is there ann reason NOT to deploy the DLP endpoint agent on servers? Has anyone deployed the agent on servers and had any problems?

Thanks,

We do not deploy the agents on servers. We do discovery scans on them instead. You should not have users logging directly into any server. Shares on the server are different which is where the discovery scans come in.

now if you suspect someone is misusing the server than the agent will not hurt.

Although the DLP agent can work with the Windows 2008/2003 server smoothly, we suggest you not to deploy the DLP agent into the server OS for some security concern. Such as, you need to change your firewall settings for these servers in order to make the DLP agent work properly. And, actually, after install DLP agent in the server, the performance of the server will be impacted.

I just want to clarify my last comments.

Actually, if you want to deploy DLP agent into the Windows 2003/2008 Server, you need some extra care to be taken with regards to what monitoring channels are used (ie. Local disk monitoring, copy to/from network) and file filters need to be implemented in order to limit performance impact.

For example, if you use the Windows 2003 Server as a iIntranet File Sharing Server, a best practice of deploying and using the DLP agent on this server is: install DLP agent, run a endpoint discover scan to find out where the confidentail data locate, enable to monitor the channels that these data maybe leak out, then create the policy according.

Security Issue.