Data Loss Prevention

 View Only
  • 1.  Mac Agent DLP Detection

    Posted 18 days ago
    1. can DLP agent for mac supports to detect watermark in video?
    2. is there an approval workflow when file is detected put on hold/quarantined needs to be approved by admin for the release/transfer of the file?

  • 2.  RE: Mac Agent DLP Detection

    Broadcom Employee
    Posted 14 days ago

    Hi All; 

    I'll take a stab at this. 

    There are going to be several factors to take into consideration. The biggest is how the video is watermarked. Is it being watermarked by the user? Or is the user moving a file that has been watermarked, or protected by DRM?

    There is perceivable and imperceivable watermarks. 

    From the DLP Endpoint Agent for macOS, you need to understand that the agent for macOS can only detect using a few detection methods. The primary is Described Content Matching (DCM). With this detection method, you MUST describe what you are trying to detect. 

    If the video file has metadata, and you know how to describe the confidential data, it would be possible. In most cases, imperceivable watermarking could contain data such as user, IP address, timestamps of date of creation, or even device ID. What you'll need to dissect is a sample video file to see if you can extract this data using EXIF tools, since this would be stored as text. If the video has this type of data, it is theoretically possible. 

    Please understand that I like to work through questions, so I'll need to speculate. (IF ANYONE HAS INPUT, PLEASE LET ME KNOW TOO). If the video embeds the watermarks directly into the frames, I would have to say that the macOS DLP Agent wouldn't be able to detect it. 

    As a suggestion, you could possibly create a policy that detects file type. That is certainly a DCM rule. I'm just thinking on the fly, but, I am using the logic of the macOS DLP Agent capabilities. I do hope this is helpful. 

    Jesse Gonzales
    Technical Trainer/Education Services
    Symantec by Broadcom
    Data Loss Prevention, CloudSOC, Cloud SWG, Web Isolation, Endpoint Encryption, ITMS