Traffic control in such a scenario is provided by interception and analysis of traffic at the network level - listening to traffic from mirror ports of the server, integration with NGFW devices and proxy servers, other methods that do not require installing an agent on workstations, which is successfully provided by the EtherSensor server. of DLP control of peripheral devices and workstation ports is performed by the DeviceLock agent (on Windows and MacOS operating systems), and events and data from both EtherSensor in terms of network traffic objects and DeviceLock agents in terms of device control are collected in the DeviceLock Enterprise Server database for centralized analysis.
network communications when blocking data transmission over the network is unacceptable. In some organizations, the task of monitoring network traffic is limited to logging and analyzing the archive of intercepted data due to a number of factors. For example, to implement full-fledged DLP control with blocking leakage of restricted data, the information security service resources are insufficient, or passive control is determined by the company's management as sufficient due to already introduced greece mobile database on the use of network communications in general at the network perimeter level, or the management is afraid of the risk of interference in the established business processes with network information exchange. There are cases when an organization does not assess the risks of data leakage as critical for the business or, finally, there is no way to classify confidential data or determine the criteria for detecting restricted data for the application of content filtering mechanisms and preventing the leakage of such data.
In this scenario of using DeviceLock DLP, the organization receives a traditional Enterprise-level DLP system capable of monitoring and analyzing traffic on very large flows (up to analyzing traffic from hundreds of thousands of employees) with low deployment and ongoing operation costs, as well as minor requirements for technical equipment. The solution in this scenario is completely consistent with the previous scenario, but with the difference that when there is a need to block unacceptable attempts to transfer restricted data, or an understanding of the criteria for identifying confidential data and the ability to use content filtering appears. In this case, this scenario flows into another variation - the use of a full-fledged hybrid DLP system for individual employees, departments, or on an organization-wide scale.