Hello all,
I want to ask if anyone has a solution or work around. I have talked to Sophos support and their answer is "not capable" and "cannot cover all the leaks currently".
Currently, DLP condition for destination is not really destination. It is transport mechanism, ie, email client, browser, etc. I asked if I could restrict by hostname or domain name and they said no. However, Opera is not one of the browsers and ftp is not listed. Therefore, my user can easily download a portable version of Opera or Filezilla portable and send anything out anywhere and totally bypass the DLP rules without being logged, needless to say blocked.
I believe blocking by transport mechanism is flawed because there must be 100 ways you can "send" out a file to the internet and trying to block all transport mechanism is not practical, that even Sophos can list all of them.
So how would I be able to block sending of files to true destinations (host or domain) instead of destining transport mechanism? I still can't believe Sophos's definition of a destination is transport mechanisms.
This thread was automatically locked due to age.