Anti-tampering measures for an Endpoint DLP
Data Loss Prevention tools, like any other software, require security features that ensure no hacker, malicious individual or curious characters bypass it and manage to leak sensitive data from an organization. Besides specific DLP capabilities, performance and price, the security of the solution itself and the anti-tampering measures are also key criteria that make a DLP solution complete and powerful.
Here are the top security features most CSOs ask about and you should also search for in an endpoint DLP solution:
1. Client uninstall protection
DLP at the endpoint level has server-client architecture. The server part is where the management of the security policies is done while the client software is installed on each computer of the network that needs to be controlled for sensitive data transfers. To stop users from uninstalling the client-software, thus cutting the communication with the server and revoking the DLP policies, the software has to provide the possibility of setting up a password for client uninstall. Only the hash of the password should be sent to the client software. An additional security measure is the option to hide the agent icon from the tray, so the user cannot identify what software is blocking specific data transfers. This is a must for any Data Loss Prevention solution; it goes without saying that without the agent, the endpoint DLP is useless.
2. Client integrity check
Closely related to the previous feature, the client integrity check verifies if users attempt to stop the agents, just like they could do with any service from the task manager. With this function, the client has the capability to auto-check and analyze its components’ integrity. Additionally, the server receives logs about the attempt of stopping the service, so the administrator is aware of who tried to circumvent the policies and report it to the management. A strong protection mechanism doesn’t allow the client-software from being killed or stopped. In our Endpoint Protector solution, if the process is stopped, it restarts automatically.
3. Secure communication between server and client
HTTPS or other secure communication protocol should be a standard for the server-client communication to protect data from being tampered with while in transit or to prevent third parties attacks. The HTTPS uses unique certificates for authentication. So every time when changes are made, the server will ask for the correct certificate and password. If these don’t match, nothing will be sent from the server. We use TLS which is safer than SSL 1.0, 2.0 and 3.0. Only safe ciphers are used for communication.
4. Secure access through SSH protocol
Another wise thing to consider when testing a DLP solution for implementation is if it allows secure remote access to the support team. This can be done through SSH protocol, which ensures an encrypted communication channel in a server-client architecture, so no third party can intercept commands to the DLP server or gathered logs from the DLP agents.
5. Different permissions for administrators
A significant part of the logs recorded by Data Loss Prevention systems, like copies of the transferred files, with credit card numbers, PIIs, and others shouldn´t be visible for all administrators. Endpoint Protector DLP, for example, allows setting up a Super Admin account, which has access to all server’s sections, but can also limit the access to the other administrators to prevent them from having visibility of Reports and Analysis tab.
Data Loss Prevention vendors have a tough mission of prevention leakages through all possible exit points and making sure the system itself cannot be bypassed by advanced users, by external attackers, etc. We’re constantly making efforts to build security features for our DLP solutions, and, as always, we’re turning to our customers and followers to ask – what is your biggest concern when it comes to the security of a DLP solution?
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.