Perfection Series – Data Leak Prevention – Taking it to next level with McAfee DLP integration in stopping data leakage
April 23, 2012 Leave a comment
Intel recently announced that by combining the strength of Intel® accelerated processing and McAfee® enterprise-level security we are taking our solutions to the next level and help our customers to extend their applications far beyond the traditional perimeters in a very secure manner.
I had the privilege of a preview of our integration between the Enterprise Service Gateway (ESG) and McAfee DLP (Data Leakage Prevention) and it was amazing. I am so excited and wanted to share with you some of those features and what you can expect in coming releases.
McAfee DLP (Data Loss Prevention) is a data leakage solution that safeguards business critical information by scanning the network for sensitive data and ensures that data doesn’t leak outside the corporate network. It also offers pre-configured policies for HIPAA, PCI, etc.
Think of ESG as a Swiss army knife, which can be used as a secure gateway, XML Firewall, application level gateway, identity mediator, Web Service proxy, edge security device, etc.
Obviously this applies only to data in motion and not for data at rest. What is more interesting is that it is policy driven and can be identity based or role based. Now, that is powerful. If you can make decisions based on identity of the user and the role they are assuming when they are sending the data out.
The ESG is in the line of traffic and sends the messages to DLP to find out if any part of the message is considered sensitive. If the message is considered sensitive then it can be terminated. Keep in mind it could act as a reverse proxy as well for the incoming messages if you want messages containing certain sensitive information to enter your enterprise for compliance, auditing reasons.
As you can see integrating with a DLP is as simple as dragging the DLP action item and drop it in the palette and enter host/port and other appropriate information and your workflow is DLP activated. Essentially this means all of your edge devices can be connected to one central place to scan for outgoing sensitive information to stop sensitive data leaks. Now imagine the power of that. All of your edge devices – whether it is Application Firewalls, Web Gateways, XML Firewalls – can all be connected to a central place, which can scan your outgoing (and incoming if necessary) messages for sensitive information based on corporate policies and compliance requirements.
The great thing is you can start building policies as needed. McAfee DLP has a what is called capture. Using McAfee capture technology you can not only look for data, but you can capture all the data that is going out. The captured data helps you see real world patterns of data usage and possibly a replay this history to adjust and refine your scans. This provides the comfort and confidence you are aware of planned and new threat as they evolve.
We integrated with McAfee DLP, not just because we want to show off that we are part of a bigger security organization, but also that the analysts agree (as you can see in the picture below by Gartner and Forrester) that this is a top notch solution available in the market.
I hope you will be as excited as I am when you see this solution in action and see how easy it is to configure and use (and re-use).