This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FEEDBACK: how do you use Sophos DLP / Data Control?

Hi,

We have a DLP workshop coming up latter this month. A team of Sophos staff from across globe, all involved in the DLP features, are getting together to share ideas. We are looking for customer feedback on how you use Data Control (DLP) and other policies (device control, application control, NAC) to manage data security within your organization. You can post the feedback to the forum or contact me direct at john.stringer_at_sophos.com.

We already know roughly how many customers are currently using the data control policy on the endpoint (over 10%) and also the email appliance (over 20%). And we also have data on which are the most commonly deployed Content Control Lists. What we'd like more information on is the type of use cases applied in the real world and also your top three feature requests for the endpoint DLP functionality.

Thanks in advance

John Stringer

Product Manager

:16091


This thread was automatically locked due to age.
  • Thank you. I'm having a hard time understanding Sophos right now. When will this workshop be?

    :21891
  • Hi,

    In terms of features, for me it would be:

    1. Data at rest, some sort of background scanner to discover what's out there  It would back off when user activity is detected, same as most indexers, I would think by default it would have to be more intensive than the AV scanner doing a background scan.  My only concern would be the amount of data sent back if the rules were too open.  

    2. Define paths as sources to monitor.  At the moment you can set a file matching rule to define the source to monitor.  It would be useful if you define a specific share.  E.g. "\\fs\depts\hr\cvs\" for example.

    Thanks,

    Jak

    :21895
  • Hi Jak,

    Thanks for the feedback. Data at rest / data discovery is top of my DLP feature list and we are just looking to see how we can slot it in alongside the other endpoint enhancements like patch remediation. The idea would be to start off scanning local storage and remote file shares but then move onto Exchange, SharePoint, web servers and eventually cloud storage.

    The monitoring of networks sources comes up fairly regularly. I assume this would be monitoring files being copied from the network source onto local storage - is that correct? At the moment we'd identify any upload into a web browser, email client or copy onto USB from network sources. I'd also be interested in hearing what use cases you had in mind for this functionality.

    Best regards,

    John (Product Manager)

    :22149