This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP Limitations

I have come to the realization that DLP has some pretty signifigant limitations.

For instance: I have a policy in place that blocks "Highly sensitive data" from being sent to external drives and all monitored applications. This works well with everything but email clients. We use Outlook and if you try to attach the file, it gets blocked. However, the user can right click and send to email and bypass the policy. If it is in an office document, they can click send to email as attachment and bypass the policy.

Is this something that Sophos is looking to implement  into DLP in the furure, or am I stuck trying to find another avenue?

:25521


This thread was automatically locked due to age.
  • Hi,

    This is a known limitation of the host DLP implementation which is highlighted in the policy configuration guide. The challenge is that when a "send as" process is initated the file is passed into the Outlook client without touching the file system and data control currently works by monitoring transfers made from the file system. We have discussed internally implementing an Outlook plugin but at the moment this feature is not a high priority.

    Our recommendation is to implement email DLP using a gateway solution such as the Sophos Email Appliance. The appliance is now available in both physical and virtual appliance form factors so you could put a virtual appliance in place simply to carry out outbound DLP analysis without replacing any existing email gateway security software or appliances. This will provide analysis of email body content as well as attachments and enables file based encryption of emails (using a PDF wrapper) to be used as an action. For more information speak to your Sophos account manager or partner.

    http://www.sophos.com/en-us/products/email/email-appliances.aspx

    Best regards,

    John Stringer (Product Manager)

    :25587
  • Hello Muhammad Mahmood Jamal,

    can't speak for Sophos, I'm just an observer.
    It seems that after a long period of dormancy work on DLP has been resumed. As far as I can see it pertains only to detection and its accuracy, not DLP's architecture.

    Christian