Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
tomerbehor
Employee
Employee

Brainstorming for a new DLP platform – we want to hear from you!

Hi all!

Tomer here, the new product manager of DLP-Next.

Since we are developing a new DLP platform and many of you have a lot of expertise with CP products and DLP in particular,

I would be really interested in hearing your thoughts and feedback on this matter, so we can make sure to address those in the product development roadmap we are now building.

Below you can find my email address to schedule meetings so we brainstorm the next steps to develop the best DLP product we can.

**This invite is relevant to anyone with an interest in this subject, regardless of whether they ever used any of CP DLP products.**

 

My email is tomerbeh@checkpoint.com and you can also DM me here of course.

Would be really happy to hear from you.

 

Thanks!

Tomer

 

12 Replies
Reece
Employee
Employee

Hi Tomer,

Having used DLP for many years now it needs a bit of a face lift.

My customers have the following feed back for DLP:

1. Needs to be integrated to the R80 console for on premises appliances and to allow multiple write administrators.

2. Able to define multiple organizations

3. Proximity scanning against multiple lists

4. Scanning for strings/text embedded inside document structures  ( ie not visible to users and outside of the body tags)

5. Better incident work flow management, ie a ticketing type system for investigating policy breeches. 

6. Link in smart view to download email from the log list without having to open the log entry itself.

7. Ability to create custom categories

8. Improvements in the matching engine to allow matching between subject line and body text, ie Term x in the subject but not in the body. 

(1)
BenjaminXu
Employee
Employee

More comments here

Customer wants to retain the raw sensitive data(files, email attachments, and so on) to be audit reviewed when sensitive data will be detected. In the scenario, we need to consider more storages to store the data, I think we need to extend the location of storage to the 3rd part storage, or we can extend ourselves storage, the storage of gateway is so small. I think we can send the data to SMC is a good idea.

(1)
tomerbehor
Employee
Employee

Thank you Benjamin, that's a great point.

Any other feedback from your customers you would like to share?

Thanks!

0 Kudos
tomerbehor
Employee
Employee

Thank you Reece for this detailed feedback!

0 Kudos
MikeB
Advisor

DLP functionality should definitely be considered at the endpoint as well!. Almost all of our customers prefer to use it at the Endpoint level for greater visibility and control.

tomerbehor
Employee
Employee

Thanks MIke!

any features your customers are specifically mentioning/prioritizing regarding DLP at the endpoint? what are the features you believe they miss the most?

Thanks!

0 Kudos
MikeB
Advisor

Here are some features that our customers have found relevant for Endpoint DLP (in no particular order): 

1.- Copy/Paste/execute prevention in specific applications, which usually need to be blocked.

2.- Tracking of information in outgoing mails (from email clients or web mail portals), by keyword, or by REGEX

3.- Prevent outgoing data on removable storage drives (mostly USB).

4.- Tracking of sensitive traffic through web traffic

5.- discover sensitive information, in applications or documents on endpoint machines, in order to subsequently classify the level of risk of a computer, or user, with respect to their information.

6.- file blocking, or justification of use by file extension.

Ruan_Kotze
Advisor

Another upvote for having DLP available as a blade on the endpoint!

tomerbehor
Employee
Employee

Great:) what would be, say, your 3 top priorities with DLP on the endpoint?

0 Kudos
Nir_Shamir
Employee
Employee

Hi,

1. Quarantine at any protocol (FTP and HTTP , not just SMTP).

2. Today we have the option to send an email to the specific data type owner. need to upgrade it and having the owner to also have the option to release his owned data types from quarantine / allowing it to go through (not having the user do it).

 

tomerbehor
Employee
Employee

Thanks Nir, great ideas. will be happy to hear if others come up.

0 Kudos
the_rock
Champion
Champion

I totally agree with everyone here who mentioned having this blade on endpoint...it makes sense and would be way better.