Managed DLP
Property administer your network
Data leakage prevention (DLP) is a feature aimed at stopping outbound traffic that contains sensitive, private or confidential information from leaving an organization’s network. It can also be used to scan inbound traffic for such content and to alert the recipient. Our DLP option applies the same award-winning Network Box anti-spam technology to your policy on SMTP mail in the outbound direction, allowing it to define complex rules and enforce policy blocks.
A powerful component of our managed security arsenal, our DLP feature is especially valuable for organizations that are subject to regulatory compliance. Many government and industry regulatory requirements mandate that such a feature be implemented in order to protect certain types of data. Sending that data outbound via email or by posting it on a website would breach that requirement, so it needs to be controlled and stopped.
When an email is sent from behind a Network Box unified threat management (UTM) appliance, it is intercepted and scanned for viruses before being delivered. If the DLP feature is activated, the same email is also scanned for sensitive content.
The rules that can be applied to identify sensitive content are highly customizable and may depend on your specific requirements. Out of the box, our UTM device already has rules to identify Social Security numbers, all types of credit card numbers, drivers’ licenses, and birth dates. Customer-specific rules can also be added; for example, if your company is a financial institution, you might want to include account numbers, which is why we made the Network Box UTM rules engine so customizable. You can also create a signature that will recognize a specific version of a specific file and block any email containing that file as an attachment.
The Network Box UTM applies a score to every signature, much as it does for anti-spam. Certain signatures have high scores to ensure that action is taken on them, even for one occurrence. Others might have lower scores, so that action is taken only if they appear in an email combined with other signatures. A Social Security number is something you might want to block, so it would have a very high score. A birth date might not be that sensitive and would have a lower score, but if several birth dates were found, the combined score would block the email.
Because our DLP feature splits the scanning and enforcement phases, it provides a flexible implementation that can be selectively enabled and disabled on a per-user basis. The availability of the two engines and the sophisticated rules language is specially designed to accelerate customization, with little impact on the existing anti-virus and anti-spam phases of scanning.
