REQUESTS: post any requests for new Content Control Lists or additional file type support here

We are deploying the data control to block design files from going out except for authorized users.

Can add in Unigraphics, Cocreate file type into the design file type? or better allow us as end user to add in our own file type since we may know more than sophos. :)

Quick update on CCLs coming out in response to requests made on this forum. Next month in the 4.80 data release we are adding country support for Denmark - including detection of the CPR number. The following month (4.81 data) will - finally - see the release of our CV and Resume CCLs for US, UK and Canada. We encourage you to try out the new CCLs and provide feedback either via this forum or by emailing "DLPrequests@sophos.com".

Best regards,

John

Product Manager

Steven,

I'll raise a suggestion and we'll kick off an investigation in the labs. We may focus on region specific CVs as I imagine formats vary between countries. My proposal would be to look at UK (CV) and US (Resume) first.

Thanks again for the suggestion.

John

Did anything become of the request for a CV (Curriculum vitae) Content Control List?

I can see the current lists do stop a lot of personal info that may be found on a CV but their is nothing specifically for a CV?

Cheers

Steven 

Hi,

We are in the process (coming in 10.1) of introducing a new version of our DLP engine (ConAn) into the endpoint which adds support for credit card validation using the Luhn checksum. This will the reduce the risk of FPs against your Merchant IDs. We've also discussed adding an ignore list capability to meet the requirement you describe i.e. add a regex to specify a number range to ignore.

Data discovery / data at rest is close to the top of the list for DLP enhancements. Although we have all the components parts it is a fair chunk of work to add this into the endpoint agent so it is really a question of prioritisation alongside the other endpoint enhancements we are considering. When the functionality is added the plan would be to provide the capability in both the Windows and Mac agents. In the mean time I'd recommend looking at a solution from a US company called Identity Finder it has a cost attached to it but will be a lot less painful and accurate than something like OpenDLP.

Best regards,

John (Product Manager)

I work in a PCI DSS environment and I've been tasked with implementing a DLP solution to cover our Windows user environment. Having Sophos Endpoint I started looking at Data control to meet these needs.

What I need to accomplish initially is finding out wherever there is a credit card number stored anywhere on a Windows machine (including the local hard disk). One problem I have is that we have Merchant ID's which look exactly like a CC number. OK, no problem, I'll use some regex to exclude our Merchant ID ranges. But alas I need:

- Ability to exclude content using regular expressions to eliminate false positives

- Scanning blocking/logging of content on the local disk

I have to admit that I'm just beginning to look into Data control so if this functionality already exists in the product I'll happily contact support to help me figure out what I'm missing (if you can't direct me here). Otherwise I'm looking at OpenDLP for our purposes until this functionality can be added to Data control.

Hi,

We are in the process of collecting information on national identifiers for Denmark and other countries within that region. We should be able to roll out the CCLs within the next couple of months. We just recently added support for South Africa.

Best regards,

John

Hi

we have a customer that requires a CCL for a personal number format in Denmark called CPR, please see the link bellow for details

http://www.cpr.dk/publikationer/pnr-notat%20ny%20skrift.htm#Opbygning

Thanks

Hi John,

An outstanding request I have out to Scott Cressman is to better understand, or be able to identify, if the outbound message that hit a CCL was delivered with TLS encryption. These would take  a little less priority for me than those sent with no encryption.

Thx, Suzie

Hi,

As QC states the TFT functionality detects file type based on the structure of the file so renaming the file won't "hide" it. You can also manually add file detecting based on the file extension.

We have no immediate plans to take a "shadow" copy of a file that triggers a rule. I can see the value in having the option but it is complicated to implement in a consistent manner - for example you'd probably need to enable the administrator to configure where the "shadow" file was stored and ensure that store was appropriately secure. We are looking at how we can optionally collect more information on content that triggers a rule. One option is to collect additional information on each match and send that back to the management console for review (the table in the SEC database would need to be encrypted). I'd welcome other ideas.

We've also had requests for monitoring files being copied from network drives onto local storage (at the moment we can monitor files copied from networked storage onto monitored media e.g. removable storage). This type of capability arguably strays from the current remit of detecting outbound data streams but it is on our feature request list.

In the V10 / 10.1 releases were are planning to add the following capabilities:

* Coverage for Google Chrome, Skype and Microsoft Lync

* Report file size back for data control events

* New content analysis engine with support for identifier validation e.g. Luhn checksum on credit card numbers (this is the same engine that has been used in the email appliance since we integrated DLP)

Best regards,

John