Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Endpoint Deployment > Selecting endpoint destination channels to monitor
Selecting endpoint destination channels to monitor
Data Security Manager Help | TRITON AP-DATA | Version 8.2x
As well as removable media, you can set up a rule to monitor and analyze endpoint data sent to other destination channels. For example, you can check Web traffic, and software applications on the endpoint.
To select endpoint destinations for monitoring:
1.
Select Main > Policy Management > DLP Policies.
2.
Click Manage Policies.
3.
*
*
4.
Go to the Destination section for the rule.
5.
*
Email - Select Endpoint Email to monitor outbound or internal email messages sent to the destinations you specify. By default this option covers all endpoint destinations. To select particular destinations, click Edit and select the destinations to watch.
Note that the system analyzes all email messages sent from endpoint users, even if they send them to external Web mail services such as Yahoo.
 
Important 
For endpoint email to be analyzed, you must specify one or more internal email domains. Navigating to Settings > General > Endpoint and then click the Email Domains tab. If no domain is listed, endpoint email is not analyzed.
For Windows, TRITON AP-DATA can analyze endpoint email generated by Microsoft Outlook and IBM Notes. (Note that rules are not enforced on Notes messages if Notes is configured to send mail directly to Internet, rather than through the Domino server.)
The system supports the desktop version of Outlook 2003, 2007, 2010, and 2013 but not the Windows 8 touch version. If you are using Outlook 2003, then Office 2003 SP3 must be installed. The system supports IBM Notes versions 8.5.1, 8.5.2 FP4, 8.5.3, and 9.
For Mac OS X, the system can analyze endpoint email generated by Outlook 2008, Outlook 2011, and Apple Mail.
*
Web - Select Endpoint HTTP/HTTPS from the Channels drop-down list to monitor endpoint devices such as laptops, and protect them from posting sensitive data to the Web. You can monitor traffic when endpoints are not connected to the network.
When the endpoint analyzes data via the Web > Endpoint HTTP/HTTPS destination, it intercepts HTTP(S) posts as they are being uploaded within the browser. (It does not monitor download requests.)
For both Mac and Windows-based endpoints, the system analyzes posts from Internet Explorer, Firefox, and Chrome browsers.
The system does not support the HTTP destination channel on Linux endpoints.
For a list of supported browser versions, see the Certified Product Matrix.
Note that this destination is different from the Endpoint Application > Browsers destination which looks at the data as it is being copied, pasted, or accessed. The system can monitor these operations on most browsers, such as Internet Explorer, Firefox, Safari, and Opera.
It's possible to see URL category information on the incident if the Linking Service is active. (See Linking Service for details.)
*
Endpoint printing - Select this option to monitor data being sent from an endpoint machine to a local or network printer. The system supports drivers that print to a physical device, not those that print to file or PDF.
*
Endpoint application - You can monitor or prevent sensitive data from being copied and pasted from an application such as Microsoft Word or a Web browser. This is desirable, because endpoint clients are often disconnected from the corporate network and can pose a security risk.
If you choose to analyze all activities on a rule's condition page and then select browsers here, this is akin to analyzing all Web content that is downloaded to endpoints. To prevent performance degradation:
*
*
The system can monitor copy and paste operations on most browsers, such as Internet Explorer, Firefox, Safari, and Opera.
 
Note 
The applications that the system supports out of the box are found in the Technical Library article TRITON AP-DATA Endpoint Applications. You can also add custom applications.
*
Endpoint removable media - You can monitor or prevent sensitive data from being transferred to removable media. In the action plan, you define whether to block it, permit it, ask users to confirm their action, encrypt it with a profile key configured by administrators, or encrypt it with a password supplied by endpoint users. Here, define the devices to analyze.
The system monitors unencrypted data being copied to native Windows and Mac CD/DVD burner applications. It monitors non-native Windows CD/DVD burner applications as well, but only blocks or permits operations without performing content classification.
Non-native CD/DVD blocking applies to CD, DVD, and Blue-ray read-write devices on Windows 7, Windows 8, Windows Server 2008 R2, and Windows Server 2012 endpoints.
Linux endpoint does not support CD/DVD burners.
On Windows 7, the system can also monitor unencrypted data being copied to Android devices through the Windows Portable Devices (WPD) protocol.
*
Endpoint LAN - Users commonly take their laptops home and then copy data through a LAN connection to a network drive or share on another computer. They also commonly take data from a shared folder (at work) to copy onto their laptop. With TRITON AP-DATA:
*
*
*
Endpoint LAN control is applicable to Microsoft sharing only.
Please note, if access to the LAN requires user credentials, files larger than 10 MB are handled as huge files which are only searched for file size, file name and binary fingerprint. Files smaller than 10 MB are fully analyzed.
The huge files limit for other channels is 100 MB.
All destination channels are supported on Windows endpoints.
On Linux endpoints, only removable media is supported. The HTTP/HTTPS and email channels are not supported on Linux, nor are the print or LAN channels or endpoint applications.
On Mac, all destination channels except the print channel are supported, with the exceptions noted below.
*Cloud apps are not supported on Mac endpoints. The cut, copy, paste, file access, and download operations are not supported for cloud apps on Windows endpoints when they are used through a Windows Store browser.
For more information on monitoring destinations and protecting data on endpoints, see Custom Policy Wizard - Destination.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Endpoint Deployment > Selecting endpoint destination channels to monitor
Copyright 2016 Forcepoint LLC. All rights reserved.