Please use this thread to post any requests for new Content Control Lists or additional file type support here. If you prefer to keep your request private then please place the request via Sophos support and we'll follow up. The types of requests we've received in the past include: Additional country support for PII (personally identifiable information) and confidential document markers. Support for industry specific regulations, for example PCI DSS (payment card industry) and HIPAA (US health care). Support for national or industry specific identifiers. Support for additional file formats e.g. CAD; encrypted formats; industry specific image formats When you place a request with Sophos product management and SophosLabs please provide as much information as possible to help in the creation of the Content Control List. For example, often identifiers will use a inbuilt checksum (commonly Mod 10 or Mod 11 based) or will be displayed alongside what we refer to "qualifying terms". An example of a qualifying term might be "DOB" next to a date of birth format or "MRN" next to a medical record number. For filetype requests please provide a selection of samples so the labs can use these for analysis. :10795

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

REQUESTS: post any requests for new Content Control Lists or additional file type support here

Johnstringer over 13 years ago

Please use this thread to post any requests for new Content Control Lists or additional file type support here.

If you prefer to keep your request private then please place the request via Sophos support and we'll follow up.

The types of requests we've received in the past include:

Additional country support for PII (personally identifiable information) and confidential document markers.
Support for industry specific regulations, for example PCI DSS (payment card industry) and HIPAA (US health care).
Support for national or industry specific identifiers.
Support for additional file formats e.g. CAD; encrypted formats; industry specific image formats

When you place a request with Sophos product management and SophosLabs please provide as much information as possible to help in the creation of the Content Control List. For example, often identifiers will use a inbuilt checksum (commonly Mod 10 or Mod 11 based) or will be displayed alongside what we refer to "qualifying terms". An example of a qualifying term might be "DOB" next to a date of birth format or "MRN" next to a medical record number.

For filetype requests please provide a selection of samples so the labs can use these for analysis.

This thread was automatically locked due to age.

Parents

0 Johnstringer over 12 years ago

Hi,

As QC states the TFT functionality detects file type based on the structure of the file so renaming the file won't "hide" it. You can also manually add file detecting based on the file extension.

We have no immediate plans to take a "shadow" copy of a file that triggers a rule. I can see the value in having the option but it is complicated to implement in a consistent manner - for example you'd probably need to enable the administrator to configure where the "shadow" file was stored and ensure that store was appropriately secure. We are looking at how we can optionally collect more information on content that triggers a rule. One option is to collect additional information on each match and send that back to the management console for review (the table in the SEC database would need to be encrypted). I'd welcome other ideas.

We've also had requests for monitoring files being copied from network drives onto local storage (at the moment we can monitor files copied from networked storage onto monitored media e.g. removable storage). This type of capability arguably strays from the current remit of detecting outbound data streams but it is on our feature request list.

In the V10 / 10.1 releases were are planning to add the following capabilities:

* Coverage for Google Chrome, Skype and Microsoft Lync

* Report file size back for data control events

* New content analysis engine with support for identifier validation e.g. Luhn checksum on credit card numbers (this is the same engine that has been used in the email appliance since we integrated DLP)

Best regards,

John
:16085
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Johnstringer over 12 years ago

Hi,

As QC states the TFT functionality detects file type based on the structure of the file so renaming the file won't "hide" it. You can also manually add file detecting based on the file extension.

We have no immediate plans to take a "shadow" copy of a file that triggers a rule. I can see the value in having the option but it is complicated to implement in a consistent manner - for example you'd probably need to enable the administrator to configure where the "shadow" file was stored and ensure that store was appropriately secure. We are looking at how we can optionally collect more information on content that triggers a rule. One option is to collect additional information on each match and send that back to the management console for review (the table in the SEC database would need to be encrypted). I'd welcome other ideas.

We've also had requests for monitoring files being copied from network drives onto local storage (at the moment we can monitor files copied from networked storage onto monitored media e.g. removable storage). This type of capability arguably strays from the current remit of detecting outbound data streams but it is on our feature request list.

In the V10 / 10.1 releases were are planning to add the following capabilities:

* Coverage for Google Chrome, Skype and Microsoft Lync

* Report file size back for data control events

* New content analysis engine with support for identifier validation e.g. Luhn checksum on credit card numbers (this is the same engine that has been used in the email appliance since we integrated DLP)

Best regards,

John
:16085
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data