EMEA Data Loss Prevention User Group

 View Only
  • 1.  Extending DLP agent for Google Drive monitoring

    Broadcom Employee
    Posted Mar 05, 2013 07:50 AM

    Hi,

    I would like to get more details about the files the user uploads to the Google Drive over HTTPS, using the Internet Explorer. I have configured successfully the policy to catch such an activity based on URL (drive.google.com), but because of magical AJAX-ed Google upload in progress, I am not able to get any valuable details from the request. Especially the name and path of the source file being uploaded is missing.
    Do you know, is there any customization of DLP agent available to be able to extract such a details?
    In general, DLP is blind here. I can only block everything on my proxy. Which is not the required state.
    Thank you in advance,

    Pavel


     



  • 2.  RE: Extending DLP agent for Google Drive monitoring

    Posted Mar 05, 2013 02:14 PM

    Hi Pavel,

    please refer below

    https://www-secure.symantec.com/connect/forums/dlp-solution-dropbox-and-skydrive

    https://www-secure.symantec.com/connect/forums/does-symantec-dlp-block-data-leakage-dropbox-googledrive-etc

    https://www-secure.symantec.com/connect/forums/do-symantec-dlp-block-data-leakage-dropbox-googledrive-etc

    https://www-secure.symantec.com/connect/ideas/dlp-application-file-access-control-app-grouping



  • 3.  RE: Extending DLP agent for Google Drive monitoring

    Broadcom Employee
    Posted Mar 06, 2013 05:14 AM

    Hi,

    I am sorry, I have already searched through the forums. I do not want to block it, I want to monitor it and the DLP Agent is unable to get the details now.

    Regards,

    Pavel



  • 4.  RE: Extending DLP agent for Google Drive monitoring

    Posted Mar 06, 2013 06:44 AM

    Hi PavelB,

    I read ur query and understand ur query. I think this might be hapened due to poor policy defination and  config. U need to chcek ur policy rules to find the problem.  As on endpoint u can monitor and block all ftp,http and https communication but on networkk for https u need web DLP.

    IF even ur policy is perfect and u need to find required details which u want then I best way I recommend integrate it with SSIM .this will answer ur question.



  • 5.  RE: Extending DLP agent for Google Drive monitoring

    Broadcom Employee
    Posted Mar 06, 2013 07:23 AM

    Hi,

    I know this is not an easy topic. I have a good policies collecting events for example inside HTTP communication on Google Mail through proxy. But, when it comes to the local DLP Agent based ability, when monitoring the HTTPS inside IE, it is weak. It can get some easy POST's (don't know for PUT's), but it is not able to get details from the complex async upload dialog of Google Drive. (Even, I think the SPDY is not supported in IE 8 - internal business requirement.)
    I personally think, the HTTP network probe can do more and this may be missing from the local DLP Agent, unfortunately. I have tested it with this result.

    Regards,

    Pavel



  • 6.  RE: Extending DLP agent for Google Drive monitoring

    Posted Mar 06, 2013 11:21 AM

    Hi pavel ,

    please let me know what exactly u expect or required ?