Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Networking: Data Leak Prevention System (DLP)

A system that will identify, monitor, and protect data through deep content inspection. This will be a must have system to detect and prevent the unauthorized use and transmission of confidential information.

98 votes
Sign in
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    rsmfazilrsmfazil shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo ComazzettoAngelo Comazzetto responded  · 

    This feature was released in UTM 9.2. We’ve added DLP features into our Email protection suite that allow for some very powerful filtering of syntax’s and structured data. (PCI/PII etc..) enjoy!


    Sign in
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      • Adrian BaxterAdrian Baxter commented  ·   ·  Flag as inappropriate

        In addition to generic blocking that others have mentioned, it would be worth putting in much of the same features as the endpoint protection client to catch violations from devices that don't have endpoint protection installed (mobile devices, for example).

        This would also make the product more competitive. I could even see making a more comprehensive package available as an add-on.

      • Mirza NasirMirza Nasir commented  ·   ·  Flag as inappropriate

        It is very important feature and I would highly recommended to include this feature in Astaro

      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        Hello. as said, other competitors already implemented dlp. it would be nice if astaro did also. for example controlling file transfers for social networking site or applications like msn and skype.

      • jmmacipjmmacip commented  ·   ·  Flag as inappropriate

        Palo Alto networks allredy implemented this and other application control features

      • Scott KlassenScott Klassen commented  ·   ·  Flag as inappropriate

        I'm all for this, especially since a competing vendor has already implemented this functionality into a utm.

      • Simon PowellSimon Powell commented  ·   ·  Flag as inappropriate

        Hi there - we have a client interested in limiting specific attachment types sent outbound (possibly also to specific hosts but I am praying not....) . Is there a development branch working on this at all or am I going to have to start thinking differently?

      • Gert HansenGert Hansen commented  ·   ·  Flag as inappropriate

        Hi all, thanks for your feedback.
        DLP is a VERY big area of features and there are many ways to implement it.

        Please take 5minutes and share with us what your are seeking for and what you would expect from a DLP system developed by us.

        thx Gert

      • Tobias FrankTobias Frank commented  ·   ·  Flag as inappropriate

        Not only the webmails pages!!!
        Look the hundred and more filehosters in the internet!
        This will be a big Security Feature.

      • fozwizfozwiz commented  ·   ·  Flag as inappropriate

        I want to be able to allow users to access 'online' content so they can download information that other third parties have shared, but prevent them from 'uploading' content to the same site. We are getting numerous requests from staff asking for access to sites like dropbox, etc and I want users to be able to download shared content but remove the ability for them to upload

      • William WarrenWilliam Warren commented  ·   ·  Flag as inappropriate

        you already can. Leave astaro in it's block by default configuration and only allow the sites folks are allowed to goto. Another way is to run your http proxy in AD authentication mode. Setup an http proxy profile for those folks who aren't allowed to upload and restrict them to only sites that provide no upload and have the other profile be less restrictive for others. since you can leverage AD you can make a profile for every OU if you wish.They won't be able to upload if you restrict them to sites that don't provide uploads. Otherwise the solution isn't an easy one.

      • Jerry WeinJerry Wein commented  ·   ·  Flag as inappropriate

        I have searched all over the internet for this functionality and there are only a limited number of vendors that provide solutions, most are applications that must be installed on a users machine. For an enterprise solutions, it is much better to have this funcationality at the gateway.

      • Sergio BolliniSergio Bollini commented  ·   ·  Flag as inappropriate

        I think 2 features are critical
        1- to be able to block mails with attachments sent to generic email providers (gmail, hotmail, etc).
        2- scan for regular expressions in email body and attachments.
        I think that just having this two will be of enormous help. And also, I guess it should be relatively easy to implement.

      • Christopher AmatulliChristopher Amatulli commented  ·   ·  Flag as inappropriate

        isadalvi - DLP is not a product, its a teamed solution between file /print/ client/ server/ network and a few other access points which controls what data can go where. Their is no single product on the market (or will ever be) that is a DLP solution. Some products excell in identifying data, some excell in how they control that content... I beleive the best way for Astaro to jump into the market is to integrate with a few of those solutions with a lower price point. Just to give an example, the Orchestria product has ICAP and a SOCKET API which Astaro can comunicate with to utilize their engine rather than making their own. Once they have the integration established, they now have a strong in to the top 10 financial companies in the US, as well as several of the top manufacturing and insurance companies.

      • isadalviisadalvi commented  ·   ·  Flag as inappropriate

        May be DLP is a product itself... but if this feature accomplished in future, it will make Astaro a Unique UTM

      • Christopher AmatulliChristopher Amatulli commented  ·   ·  Flag as inappropriate

        While DLP is an excelent market to get into, their are several products that this one could interface with which would add the DLP option. between McAfee, RSA, CA DLP... all of them have ICAP integration. just adding that one option would add in the DLP market. and given my dealings with companies like symantec that already have a linux DLP appliance, you could crush them in the market by knocking there 3 hardware solutions to a single astaro VM.

      • rsmfazilrsmfazil commented  ·   ·  Flag as inappropriate

        I agree with all of you. There is no single DLP framework or a standard today. But, since ASG does multi-fold inspection of various traffics already, having a DLP feature to enforce corporate policy is a must have. I also agree that it should sit it its own box, but, technically, DLP should be a joint effort of all data escape channels; which makes it a gateway feature on a firewall like Astaro. Having some control is better than having nothing at all. I am confident that it will make ASG a preventive, deterrent and detective control from a Data Leakage perspective.

      ← Previous 1

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.