Context based Data Leak Prevention Firewall

DLP 

The Data Leak Prevention solution identifies, monitors and protects the data in motion on your network through deep content inspection and a contextual security analysis of transactions, DLP systems act as enforcers of data security policies. They provide a centralized management framework designed to detect and prevent the unauthorized use and transmission of your confidential information. DLP protects against mistakes that lead to data leaks and intentional misuse by insiders, as well as external attacks on your information infrastructure.

Features of GajShield Gateway DLP:

  • Protect Business Critical Data.
  • Protects Data in Motion.
  • Protect from Intentional and unintentional Data Leak.
  • Prevent Shadow IT
  • Agent less solution
  • Better Compliance

 

Data Leak Prevention Approach: 

Protect Data Leak On:

Advantages:

  • Deep Inspection of Application Data:
    Deep dive a layer into applications by using deep inspection and contextual intelligence engine to create data context, beyond just the application contexts. For better, deeper information visibility and better security. It can prevent data leak based on contextual parameter on both application and data level like restricting ‘From’, ‘To’, ‘Subject’, ‘Email Data’, ‘Attachments’ etc. in an email applications and other parameters for various other Saas Applications.

  • Control Data inflow and outflow:
    Gain complete control over what goes and comes into you network. Now set policies to allow or block certain content to be sent out or downloaded of the network  to control the inflow and outflow of the data.

  • Context sensitive data leak prevention
    Using contextual intelligence, now you can define data leak prevention policies based on textual content inside the file. The DLP can block file based on textual content it carries. For example,  If in an organization, keywords like “tenders”, “Quotation” are blocked, the users will be restricted to send mails or documents and attachments consisting of these keywords words. The Deep Packet Inspection inspects the file content attached to a mail, being uploaded to a file sharing application, file sharing application, social media etc.
     
  • Block Allow Data type, file extension, file content and more.
    Explore the possibilities of blocking and allowing file type that can be downloaded or uploaded using the Data Leak Prevention solution that has the capability to identify the file type and it’s extension. 

  • Prevent Data Leak on SaaS Applications.
    GajShield’s CASB (Cloud Access Security Broker)  works on a proactive detection model to ensures that all the communication between the on premise device and cloud application provider complies with organization’s security policies. It uses information from the Contextual Intelligence Engine, check for compliance with Data Leak Prevention Policies to detect and take necessary action against an unsanctioned use. 

  • Control and Secured Entry Point for advanced security
    A Roaming users, once out of the office environment is a major source for a data leak when not under the organizations network. Combining enterprise cloud, organization can now enforce all communication to be routed through the HO firewall so as to protect from any intentional or unintentional data leak. 

  • Restrict Personal Use:
    Now monitor and control the use of non-business application and increase productivity. The Data Leak Prevention allows to set policies to restrict the use of personal email and social media ID and allow only corporate logins. This looks beyond the traditional approach of blocking website and allows the use of useful applications and social media while controlling the use of it with complete visibility. 

Why is Data Leak a Concern? This is what customers are telling us about Data Leaks.

  • Loss of Sensitive Information - "I don’t know how we can control data from being sent in email or uploaded to the Web."
  • Inadvertent Misuse -  "Most of our policy violations and information breaches are accidental!"
  • Collaboration Risk - "I think some of my employees are posting and sharing confidential information on Social Networking Site like Facebook."
  • Context Sensitive - “My current Data Leak Prevention System causes a lots of false positive and block data as it is unable to understand the Web application.”
  • In-depth Visibility - "Need in-depth visibility on the sensitive data that my employees are uploading. Would be wonderful, if it could give this information in a readable format."
  • Data Leak outside Network Perimeter - "What happens when my employees carry their laptop while travelling. Need to control and prevent leaks even when they are out of office.”

Data Leak Statistics

More than 68% of data leak happens through Web and Email and GajShield unique ‘Context Sensitive Data Leak Prevention’ help prevent data leak through these channels.

GajShield’s Next Generation Firewall Context based Data Leak Prevention enables to control and mitigate leak of information:

GajShield’s context based Data Leak Prevention system understand web application / cloud applications by creating context which helps an enterprise to setup policies based on the web application instead of IPs, Usernames which have no relevance to the above application. GajShield firewalls provides visibility to the cloud applications used by an enterprise and also by managing and controlling these applications 

GajShield Firewall's Data Leak Prevention and CASB features:

  • visibility on the applications used and not just the ports or protocols.
  • Monitor and block files being uploaded on the internet with details of the application used and the user who used to upload this file.
  • Monitor IM & Web chats and block content.
  • Set policies based on users, groups.
  • Set policies based on application context.
  • Schedule DLP policies, for example, you may want to allow certain files after a particular time when this information becomes public.
  • Get detailed information of outgoing data on internet from your network.
  • Detailed Data Upload/Download Logs, File sharing, email and social media logs
  • Complete visibility of data going through encrypted HTTPS traffic.
  • Powerful DLP Engine sense data on filters set in DLP polices for a granular analysis.
  • Economical cost of ownership.
  • Monitor & Block unwanted applications like P2P, Open proxies.
  • Easy to configure and integrated into single firewall policy window.
  • Standard data leak templates provided to quick setup your DLP feature on GajShield firewall.
  • Inspects and helps monitor and control applications like G-Suite, Gmail, Yahoo, Rediff, Office 365, Sify, Google Drive, 4shared, Sky drive, one drive, drop box, media fire, box, facebook wall-message-forumpost-comment-note-event, WebChat: msn, yahoo, gmail, orkut, facebook, IM-chat: yahoo, jabber, msn, gadu-chat and others.

FAQs

  • Can I block personal email logins and allow only corporate login using DLP in my organization?
    Answer: Yes, using GajShield’s DLP, you can set policies wherein a user is allowed only corporate logins and personal login attempts will be blocked.

  • I want to provide just read only access for the web mail where users should not be able to send any mails out. Can DLP do that?
    Answer: DLP enables security managers to set policies to allow read only access to corporate emails/social networking.

  • I want to block all the mails that are not “cc”ed to Head of the department. Can DLP do that?
    Answer: You can setup policies based on “From”, “to”, “cc”, “bcc”, subject of gmail and other such Cloud applications. GajShield also provides BYOD(device) and UserSense(user) information.

  • Can I restrict the file format to allow only document files to be sent?
    Answer: Using DLP, one can easily set restrictions on the type of file that should be allowed to be sent. If any restricted file is sent, a notification is sent to the administrator with complete visibility of the file being sent.

  • Can I monitor my employees Facebook chats and comments?
    Answer: Not just Facebook chats or comments but DLP also provides a global visibility through comprehensive and flexible reporting.

  • Can I set a limit on the size of attachments that are sent out from my network?
    Answer: Yes, DLP does very much allow you to set a cap on the size of attachments that are attached or are been sent out.

  • Does GajShield DLP inspect SSL traffic for Web and Email traffic?
    Answer: Yes, GajShield inspects the SSL traffic for both Web and Email (SMTP SSL/TLS & STARTTLS)

  • Can GajShield DLP block file uploads to DropBox/GDrive?
    Answer: Yes, using policies, GajShield’s DLP can effectively block file uploads to DropBox/GDrive and other such applications.