A
A
Alex Suvoroff2016-04-26 08:12:29
Computer networks
Alex Suvoroff, 2016-04-26 08:12:29

What negative impact on KSPD can a DLP system have?

Good day!
The enterprise is going to implement one of the DLP systems: InfoWatch, Searchinform.
I 'm interested in the following point: what possible scenarios for the development of negative events for the corporate network, or
users who have the dlp agent installed, can there be?
If someone had experience, please unsubscribe at least in a nutshell what, where and how it happened.
Currently, testing is being carried out on its own by the information security department, so no one has fine-tuned the system, everything that was in the test modules of the system is being monitored. There are clients on users' computers and there is a server that monitors traffic, maybe there is something else.
On the day when the ZI department began to install agents over the network on users' computers, the communication channel between offices almost went down + some users complained about the low performance of the system - this was noticed by me (perhaps these events are not related in any way, but still an unpleasant moment)

Answer the question

In order to leave comments, you need to log in

1 answer(s)
R
res2001, 2016-04-26
@Axel_L

I deployed DLP from McAfee, no brakes were noticed, everything went smoothly. I don’t know how everything is arranged in InfoWatch, but McAfee has the concept of a super-agent - this is an agent that has a local package repository. In each remote office, I have 1 super-agent deployed, the rest of the computers on that network are updated from it. Therefore, no special traffic is generated between offices, and packages for super-agents can be scattered in advance.
If the network previously had administrative rules prohibiting users from using external storage devices (flash drives, CD / DVD RW, etc.), then users will not notice that they have DLP. Before DLP, I just had similar regulations + in the BIOS they turned off USB where possible, CD / DVD devices were not physically anywhere at all, except for admins.
Now DLP has been working for several years, no heavy load on the network has been noticed. DLP policies block external storage devices except for highly privileged employees.
In general, admins should deploy software products on the network, because this is their direct responsibility, but fine-tuning can already be carried out by ZI employees, if there are qualified personnel. And even then I wouldn’t trust them with this either - DLP is something else, if they deployed a personal firewall, for example, if the pre-configuration is incorrect, you can generally put the entire network with a stake. My security guards throw off the protection requirements for us, we implement them, and then they test the implementation for compliance with the requirements. They do not have admin access to DLP and similar antiviruses - they can only view settings and receive reports.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question