Integrating seamlessly into its SecureIdentity platform, the DLP (data leak prevention) solution delivers enterprise-class data loss and theft prevention, intelligent anomaly detection and application controls.

Designed to discover sensitive data, no matter where it may be lurking, DLP scans a multitude of locations, including file servers, network locations, cloud platforms, databases and endpoints. It employs small footprint agents that use centrally managed policies to monitor endpoint activities, control application usage and enforce access restrictions for physical storage.

All network communications come under its remit, as network interception modules inspect traffic and function as intrusion detection engines. This allows DLP to protect against malicious insiders, hostile actors and common user errors.

There's more, as OCR servers can be deployed on the network. These receive files passed to them by the agents and interception modules, extract the data and apply policies to determine whether to permit transmission.

DLP is simple to install and its central server can be running inside just 30 minutes, with agents pushed to endpoints using AD Group Policy or third-party products. The network interception modules and OCR servers are deployed wherever required as physical or virtual appliances.

The central console presents a single pane of glass for the SecureIdentity platform across its entirety. Policies can be swiftly created and SecurEnvoy provides predefined ones for regulatory compliance with HIPPA and PCI, along with PII policies for GDPR.

Custom policies determine what and where to scan, and can be applied to all data and files, if required. They can be fine-tuned using dictionaries and regular expressions, set to scan specific data such as PDFs, Office documents or encrypted files; look only at their metadata and determine what can be read from, written to or executed on external storage media.

The central server maintains an application inventory, making it easy to create policies to control their use. All policies are enforced locally by the endpoint agents, so protection is extended to users that go off grid.

DLP can involve end users in the decision-making process. For example, if they try to transmit a file containing confidential information, the agent will ask them to justify their actions. Likewise, if they try to print a file, copy it to a USB stick, copy and paste it or even attempt a screenshot. If a user creates a new file, the agent will ask them to choose a predefined classification category for it, such as confidential, classified or finance, and will not allow them to cancel the request.

Policies examine a file's metadata to determine its age and, if that is beyond a certain date, it can be deleted or archived for regulatory compliance. Specific file types can be watermarked, have data that is sensitive automatically redacted, be transparently encrypted prior to transmission and have shadow copies sent for forensic investigation.

Reporting facilities are extensive, with the admin console providing a wealth of graphical information showing policy hits for departments, endpoints, groups and users. A risk dashboard also shows events and policy blocking actions graded by severity.

Custom reports can be generated on any area of interest, scheduled to run regularly and sent to specific recipients. Workflows are a valuable feature, as policy violation events can be assigned to selected users for further investigation.

Unlike many competing solutions, which often take months to deploy, SecurEnvoy's SecureIdentity DLP can be up and running in minutes. Its endpoint agents, network interception modules and OCR servers have every data security angle covered, and its flexible module-based licensing makes it great value.

Product: SecureIdentity DLP
Supplier: SecurEnvoy
Telephone: +44 (0) 845 260 0010
Web site: www.securenvoy.com