Data Loss Protection

Endpoint Security for Data Leakage Prevention   

Data Leakage Prevention

  1. data loss
  2. data loss devices
  3. data losspoints

End Point Security for Data Loss Protection

Endpoints like desktops and laptops are large repositories of organizational data with hundreds and thousands of them carrying critical product, financial, sales, marketing and employee data. Data transfer from these endpoints over USB devices, applications, printers or through network sharing can lead to loss of confidential information. Also, modification and deletion of critical files over the endpoint poses a significant threat to data security.

Lack of strict policies regarding file and device encryption make removable devices the most critical points of data loss. Such data breaches can lead to severe financial and legal liabilities to organizations including loss of customer, partner and stakeholder confidence.

Cyberoam Data Protection and Encryption
Data Protection and Encryption from Cyberoam helps organizations control data loss through identity and group policies that control transfer of data over applications like email, instant messengers – Skype, Yahoo, GTalk and more – files shared within the network and use of printers.

Cyberoam offers granular encryption controls for removable media like USB Drives, sticks and other USB Storage devices. Customizable alerts to administrators and warning messages to end users allow prompt action as well as user education.


Document Protection – Shadow Copy
Cyberoam allows administrators to implement policies for file transfer to fixed and removable devices as well as network sharing, based on the user or group, file name, extension and application type.

Shadow copies of files during creation, modification, copy and deletion over removable media eliminate the threat of accidental or malicious modification and deletion of data in addition to assisting in forensics.

Encryption – Removable Devices
Cyberoam allows administrators to create a list of permissible removable devices for use within the organization. This enables them to implement organization-wide policies of compulsory usage of encrypted devices in addition to allocating different groups of removable USB devices based on departments, groups and hierarchical levels.

Policies can be defined to control the ability to read and write over removable devices, preventing employees from carrying organizational data in their pockets, a leading cause of data loss. At the second level, administrators can implement policies for compulsory encryption of the removable device or file while writing the file to a device. Imposing compulsory decryption prevents lost USB devices from exposing organizational data to external entities.

Email Controls
Cyberoam allows organizations to control file transfer based on the sender, recipient, subject and attachment name, extension and size, delivering comprehensive controls over email file transfer. Policies can be created based on the user or group’s work profile, offering data protection with work flexibility.

Instant Messenger Controls
With effective control over files transferred through Skype, MSN, Yahoo, Google Talk and many other popular instant messengers, Cyberoam offers one of the most comprehensive controls for data transfer over instant messengers. Administrators can control file transfer by file name, extension and size. Logs can be archived for chat conversation as well as file upload and download. This feature also gives shadow copies of the files uploaded and downloaded over IMs.

Printer Control
Policy-based printer management for local, network, shared and virtual printers with granular controls that include printer name and application-based printing are provided by Cyberoam Endpoint Data Protection. Administrators also have access to the recorded image of the printed file.

Endpoint Data Protection

  • Block file transfer by filename or extension over -
  • - Removable devices
  • - Chat, email, file sharing applications and more
  • - Network sharing
  • - Printers
  • Specify read-write access to white-listed removable devices
  • Offer encryption and decryption for files and removable devices
  • Control file transfer via email and Instant Messengers based on file name, extension, size, within and outside the network
  • Control access to printers
  • Create shadow copies of files during creation, modification, transfer, print
  • Offer customizable alerts to administrators and warning to users
  • Create logs-reports of access, usage, modification, transfer and deletion of files.

Key Features

  • Allow / block access to classified removable devices
  • Apply device control policy even when offline
  • Set expiry time to disable policies automatically
  • Offer granular, policy-based application controls for chat, webmail, gaming, file sharing, FTP and more
  • Apply policies even when offline
  • Set alerts and their levels for unauthorized application access
  • Customize warning messages to users
  • Set expiry time to disable temporary policies
  • Hardware and software inventory
  • Hardware/ software asset location, configuration, version tracking, historical information
  • Automated patch management, updates of Microsoft Operating System and its applications
  • Centralized management
  • Remote deployment of Microsoft Software Installation (MSI) packages