Data Loss Prevention

 View Only

  • 1.  DLP

    Posted Nov 08, 2011 07:02 AM

    Hi,

    Just want to know if DLP monitors emails that is stored on users webmail as organization's webmail is mostly accessible from outside.

    What if someone saves confidential information on draft and tries to access it from outside the organization.Can it be possible to track via DLP.



  • 2.  RE: DLP

    Posted Nov 08, 2011 08:46 AM

    When you say user's webmail I'm assuming you're referring to something like Hotmail, Gmail, etc.

    Ideally, the company's DLP policy should block any confidential email from being saved onto non-company mail servers in the first place. If the company's mail server is being used, this can be monitored and blocked using a Network Prevent Mail server.

    If for some reason, the company allows confidential data to be stored on Hotmail when the user is on site, blocking off-site will be close to impossible. Using the Endpoint Agent, you may be able to get some degree of protection by saying that you can't use HTTP POST with any webpage that matches the policy, but if for example the user is on the mail homepage and hits "forward", the HTTP POST message won't have confidential data in it and the mail will be sent. (It will work for constructing an email from scratch).

    So in summary, the policy should only allow confidential data to be submitted via HTTP POST on websites that match your company's address (mail.yourcomanyname for example) and block every other web page.

    Hope that helps a bit! Any other questions, feel free to post =)

    Regards,
    ~Xavier



  • 3.  RE: DLP

    Posted Nov 08, 2011 01:51 PM

    Xavier is dead on for the hotmail and like. 

    If you are referring to something like Outlook Web Access, the situation is very different.

    The webmail storage might be searchable like DLP can search an Exchange server.

    The email outbound from a webmail app still has to go through the corporate MTAs and an SMTP Monitor or Prevent solution would work there.

    Assuming that the webmail is accessible from outside the company's network, an HTTP prevent can stop the presentation of protected data, but I suspect that would be unacceptable.

    Hope that helps!

    JGT



  • 4.  RE: DLP
    Best Answer

    Posted Nov 08, 2011 02:30 PM

    I have customers who do this for OWA, which is really the use case you're explaining (user saves sensitive file to Draft folder and then accesses that file through Outlook Web Access from outside the organization).  Basically, it involves directing all of your OWA traffic through a reverse proxy, then setting up HTTP Prevent as an ICAP service on that proxy.  With this, I can detect the request of that document through the proxy, inspect it, and block it.

    ~Keith



  • 5.  RE: DLP

    Posted Nov 10, 2011 02:15 AM

    Thanks Keith for providing the information



  • 6.  RE: DLP

    Posted Nov 15, 2011 02:22 AM

    Can anyone tell me the exact steps to prevent users from saving sensitive data in outlook web access while accessing it from outside the organization.



  • 7.  RE: DLP

    Posted Nov 17, 2011 04:25 AM

    OWA or any Web mail specific information can be  via the Endpoint HTTP / HTTPS. The moment the file is uploaded to the site, it will trigger an incident.

    Information saved in the drafts folder of and Exchange or Domino mailbox, can also be monitored by the Endpoint agent (Outlook and Lotus Notes monitoring).