How Endpoint Protector DLP can secure your data on Linux endpoints

Description

See how you can setup Data Loss Prevention policies on Linux endpoints, what exit points Endpoint Protector covers, and what type of sensitive data it can detect and block. This video explains how our DLP product can help you protect confidential business information and employees’ records against data breaches on Linux machines (various distributions like Ubuntu, RedHat, CentOS, OpenSUSE), taking you step by step through the policies building. Stop users from uploading, sending, and copying/pasting confidential data from Linux workstations to the cloud, to online applications and to portable storage devices.

Transcript

"Hi, I am Zoran and in this video, I am going to show you how Endpoint Protector DLP can secure your data on Linux endpoints.

The first step is to install your proper client software for your Linux machine. I am using Ubuntu 14.14 on this computer and I already have the client software installed. The agent is visible in the taskbar right here. The next step is to access the Content-Aware Protection section and create a new policy under Content-Aware Protection policies. We can choose between a Standard and a HIPAA policy, but Endpoint Protector helps with PCI DSS and other compliance regulations as well.

Let`s go with a standard policy where the first step inside the policy is to choose in the policy will work on Windows, macOS or Linux computers. We have to make this selection, because there are applications that are available on Windows, but not available on Linux, and also the other way around. The policy name will be "Linux test" and then we will set up the policy not just to report the policy violations, but also to block them. We can leave the Threshold, the number of policy violations on 1, and move to the next phase where we have to select the exit points though which the sensitive data can leave the company's computers. Here is a list of applications. We can choose from the most important web browsers, email clients, Instant Messaging applications, cloud services, and some social media and other applications. The last step is to define what is sensitive data for us as an organization. Because depending on the company type and profile for every company it can be different. The first filter on the bottom of the page is called File Type Filter Blacklist which allows us to choose from different file types. I am going to select the PDF and PNG files. After saving the policy the file step is to choose which computers and users should the policy be applied. I will select my computer, the default user is selected automatically. Save the changes and from this point on whenever I will try to upload the PDF or a PNG file on a web browser, send it out by Skype or by email, the Endpoint Protector client will block the file transfer and report it to the server because the policy is set on Block and Report.

Let me show you how this works and how looks like for the user. I will go to this website which is called sendpace.com, where I can just drag and drop files and upload them to the cloud. I have a PDF file here on my desktop. I will drop it here and click on the upload button. We can see a notification in the right corner and the file upload will stay at zero percent. The policy violation logs available for the Administrators of Endpoint Protector are very granular and detailed. Let`s see what just happened on my Linux machine a few seconds ago. On the Reports and Analysis -> Content-Aware Report there is an event Content Threat Blocked. It happened on computer "reader" which is my Linux machine, the IP address of my computer, the user logged in, The policy that we just created called "Linux test", the Destination was a web browser more specifically Firefox, the Name of the file, the Hash of the file, the size and it was blocked because it`s a PDF file. And of course, a very accurate time stamp showing us the date and time of the policy violation. But blocking file transfers based on the file type is not always a good idea, because not every PDF or PNG file will contain sensitive data. So many organizations prefer to scan the files and block the transfer only if sensitive content is detected inside the file.

This tool can be set up under the second and third tab in the Content-Aware Protection policy and these tabs are called the "Predefined Content Filter Blacklist" and "Custom Content Filter Blacklist". In the Predefined tab, we can quickly select items from a predefined list of Personal Identifiable Information, such as Credit Card Numbers, Addresses, E-mail addresses, IBANs or even Social Security Numbers. The "Custom Content Filter Blacklist" allows us to add keywords, sensitive terms into a dictionary. Keywords that are relevant for our company or business, so one or more of these words or expressions are detected in a document, the file transfer will be blocked and reported to the Endpoint Protector server. The keywords can be easily added under "Custom Dictionary". For event more granularity and to maintain employees' productivity it is possible to set up Content-Aware Whitelist based on MIME Type, File Hash, File Location, E-mail Domain or URL. But also Blacklist based on File Names, File Location or Regular Expressions. Blocking and analyzing sensitive data transfers over the web is not enough for a full data loss prevention solution.

This is way Endpoint Protector also provides a very powerful Device Control module to block portable storage devices and peripheral ports, and monitor the data transfers to authorize devices. The Device Control module is fully compatible with Linux, and to learn more about how it works check out my video called "How to setup rights in Endpoint Protector 4".

More data loss prevention features are available for Linux so please feel free to give them a try.

Thank you for watching!"

Other data security videos

How eDiscovery Works?

eDiscovery scans and identifies the confidential information in organizations’ endpoints and allows Administrators to take remediation actions like encrypting or deleting data at rest. It…

How Enforced Encryption Works?

Enforced Encryption allows IT Administrators to extend their Device Control policy and make sure all confidential data transferred to USB storage devices is automatically encrypted.…

How Content Aware Protection Works?

Content-aware data loss prevention is a data loss-prevention measure that involves awareness of the context or content that is being protected. This module enables the…

How Device Control Works?

See how you can lockdown, control and monitor USB and peripheral ports to stop data theft and data loss. Our Device Control protects against data…

GDPR Essentials

This video offers a brief overview of what GDPR (General Data Protection Regulation) is and how it translates into actual measures for companies. Find out…

How Endpoint Protector DLP can secure your data on Linux endpoints

See how you can setup Data Loss Prevention policies on Linux endpoints, what exit points Endpoint Protector covers, and what type of sensitive data it…

How to use USB Enforced Encryption from Endpoint Protector DLP suite

The cross-platform USB Flash Enforced Encryption is the module within Endpoint Protector Data Loss Prevention that boosts the security of data copied on USB storage…

Setup a Content Aware Protection (CAP) Policy in Endpoint Protector

Learn how to setup a Content Aware Protection Policy in Endpoint Protector. Prevent confidential information from leaving the endpoint through USB and peripheral ports, printers,…

How to set up rights in Endpoint Protector

In this tutorial, we walk you through and show you how to set up rights in Endpoint Protector. Get a quick insight into Device Rights,…

How to use the Offline Temporary Password (OTP) feature in Endpoint Protector

Learn how to authorize the use of blocked devices (USB Flash Drives, CD/DVD, external HDDs, etc.) with the Offline Temporary Password (OTP) feature when computers…

Mobile Device Management (MDM) for iOS and Android with Endpoint Protector

Secure your mobile iOS and Android devices with Endpoint Protector Mobile Device Management (MDM) and keep a close eye on where devices are going with…

Content Aware Protection to prevent sensitive data leakage through all possible exit points

Content Aware Protection is a module in Endpoint Protector that offers detailed control over sensitive data leaving the company's network.

Endpoint Protector Virtual Appliance for Device Control and DLP

Our virtual appliance will protect your network endpoints against intentional data theft, data leakage and accidental data loss through portable devices.

Endpoint Protector Hardware Appliance for Device Control

Our appliance will protect your network endpoints against intentional data theft, data leakage and accidental data loss through portable devices.

Endpoint Protector for Device Control explained in plain English

With Endpoint Protector you have full control, manageability and transparency of what is happening with USB and peripheral ports on your Windows, Macs, and Linux computers.

Device Control, USB Lockdown, and Control for Mac OS X

Controlling the use of USB, FireWire, Thunderbolt, SD Card Reader, Bluetooth, etc on your Mac is vital to protect your data.

Endpoint Protector Basic - Data Protection for Small Offices or Home Use

Manage and control the use of portable devices with Endpoint Protector Basic, the perfect stand-alone solution for Windows and Mac.

EasyLock - Cross-platform encryption for Windows, Mac OS X, and Linux

Strong military-grade encryption algorithms and an intuitive drag and drop interface, helping anyone turn any portable storage device into a data safe.

My Endpoint Protector explained in plain English - DLP | MDM

Manage portable storage devices, control what data is leaving your network through emails, messengers and other cloud applications and even manage the mobile device fleet.…