devan05

CA DataMinder Tuesday Tip: DLP at the Network Boundary

Discussion created by devan05 Employee on Dec 4, 2012
Latest reply on Dec 4, 2012 by Chris_Hackett
CA DataMinder Tuesday Tip: Overview of DLP at the Network Boundary, published by Andrew Devine, Snr. Support Engineer on Tuesday 4 December 2012.

CA (DLP) DataMinder provides a Network option which operates at the boundary between your organization and the Internet. It reconstructs complete objects, including emails, files and IM conversations, from individual data packets transmitted across your corporate network to or from the Internet.

The primary function of CA DLP Network is to ensure that sensitive or confidential information does not leave your corporate network. Specifically, it is designed to monitor SMTP and POP3 emails, Webmails (such as Hotmail or Yahoo!), IM conversations, FTP file transfers, files sent as attachments to Webmails or IM conversations, and documents uploaded to or downloaded from websites. Monitoring includes files and emails sent over SSL-encrypted connections.

CA DLP Network comes in two varieties, a Hardware solution running on Bivio Network appliances and a softapp (packaged deployment) that can be run on a Linux Server.

In both varieties, the NBA (Network Boundary Agent) passes captured items to a CA (DLP) DataMinder policy engine for analysis. The policy engine applies the appropriate user policy to the item. It then calls back to the NBA, instructing it block or allow the item.

CA (DLP) DataMinder also provides an ICAP Agent. The ICAP Agent enables CA DLP to integrate with Internet Content Adaptation Protocol (ICAP) clients. This provides CA DLP with a further method for controlling HTTP activity such as file uploads and downloads.

Organizations run ICAP clients on proxy servers such as Blue Coat ProxySG and Squid to intercept and offload requests initiated from a browser and the corresponding responses from a Web site.

When the ICAP Agent (technically an ICAP server) receives requests from an ICAP clients, it routes them to CA DLP policy engines which can then apply Data In Motion triggers, for example, to block inappropriate uploads.

For more information on CA Network please refer to the Network Implementation Guide Release 14.0 (DLP_NBA_ENU.pdf) and for more information on the CA DLP ICAP Agent, please refer to the Archive Integration Guide Release 14.0 (DLP_Archive_Int_ENU.pdf), both of which are available to download from CA (DLP) DataMinder r14.0 Bookshelf.

Outcomes