Data Loss Prevention
Data Loss Prevention
Sophos offers a unique and simple solution for data loss prevention (DLP). We integrate Key benefits
content scanning into the threat detection engine and include a comprehensive set »» Integrated with all Sophos
of sensitive data type definitions to enable immediate protection of your sensitive Endpoint and Email Appliance
products
data. This DLP functionality is included in our Sophos Endpoint and Email Appliance
products, providing you simple and effective protection for your data within your existing »» Included at no extra charge -
protect your data within your
security budget. existing security budget
»» Simple setup: be up-and-
Free DLP with your threat protection running in minutes
Traditional data loss prevention solutions are expensive, complex, cumbersome to implement »» Transparent high performance
and difficult to administer. Sophos changes all that by being the first vendor to offer sophist- single scan engine for threats
cated, effective, tightly integrated, data loss prevention on the endpoint and email gateway at and content
no additional cost.
»» Immediate compliance with
Consider the advantages this provides: data protection regulations
• Zero additional investment to protect your valuable sensitive data from accidental or »» No additional software client
malicious disclosure via removable devices or media, internet applications, or email installation required
all within your existing security budget.
»» Hundreds of included PII and
• Ultimate simplicity with no additional software to install or administer and the same sensitive data definitions
DLP engine and data definitions on the endpoint and gateway. maintained by SophosLabs
• Maximum transparency and performance with DLP content scanning integrated into »» Customize the included content
the threat detection engine. control lists and easily keep
them consistent between
Simplified compliance endpoint and gateway
Sophos takes the guesswork out of DLP by including a comprehensive set of sensitive data »» Easy point-and-click policy
type definitions created and maintained by SophosLabs. You simply select the data you want configuration
to protect from the hundreds of region specific data types provided, and know that your sensi-
»» Prevent loss of data through
tive data is protected from accidental or even intentional disclosure, literally enabling point-
removable devices and media,
and-click compliance. web and IM applications, and
SophosLabs pre-packaged content control lists: email
Contain hundreds of pre-defined Personally Identifiable Information (PII) and other sensitive »» Flexible policy settings for
data types such as credit cards, bank accounts, government ID numbers, addresses, phone individual endpoints, groups
numbers, and more. or email users
• Cover 11 regional localizations of PII data types. »» Log, warn, block or encrypt
sensitive information that
• Accessible via a simple point-and-click DLP policy wizard.
triggers a DLP policy rule
• Customizable with your own PII or senstive data types that are unique to your indus-
»» True file type analysis prevents
try or organization.
file type masquerading
• Consistent across endpoint and email appliances with the ability to easily export
»» Easily associate email encryption
customizations from the Sophos Enterprise Manager and import to the email appli-
policy with sensitive data that
ance DLP engine.
must leave the organization
• Enable immediate compliance with PCI and policy and regulations governing the
protection of sensitive information.
�Data Loss Prevention
Content Control List Management Specifications
Included data types
»» Credit card numbers and
qualifying terms
»» Debit card numbers and
qualifying terms
»» Bank routing numbers and
qualifying terms
»» International bank account
numbers
»» National insurance numbers
»» Social insurance numbers
Easy, powerful DLP policy configuration
»» Fiscal code numbers
Flexible point-and-click policy wizards enable easy DLP rule definitions:
»» Tax file numbers and
• Scope: Data control policies can be defined by endpoint, groups, email sender, qualifying terms
recipient, or content. Policies may contain multiple rules. »» Postal addresses
• Criteria: Define rules on file types (e.g., XLS) or content. File type scanning utilizes »» Telephone numbers
Sophos true file type technology to prevent file type masquerading. Content scanning »» Email addresses
leverages the pre-packaged content control lists (CCL’s) which include hundreds of »» Passport details and
pre-defined data definitions across several localizations provided and maintained by qualifying phrases
SophosLabs. »» Confidential document markers
• Triggers: Evaluation of DLP policy is triggered in any of these cases: copying content »» Ethnicity terms
to a removable storage device (e.g., USB stick or external harddrive), copying/ »» Sensitive content markers
burning content to a CD/DVD, uploading content to web browsers or IM clients, or
sending via email. Supported localizations
»» United States of America
• Actions: On the endpoint, the options include logging the event, logging and warn- »» United Kingdom
ing the user with a prompt to proceed, or logging and blocking the transaction. On »» France
the email appliance, the options include logging, quarantine, blocking or encrypting »» Germany
the content before sending. »» Ireland
»» Spain
»» Australia
»» Canada
»» Japan
»» China
»» Global
Sophos Email Appliance DLP Wizard Sophos Endpoint Rule Configuration
To evaluate Sophos Endpoint or Email Appliances with DLP, visit www.sophos.com/products/eval/.
Boston, USA ��| Oxford, UK
© Copyright 2009. Sophos. All rights reserved. All trademarks are the property of their respective owners.
ds/091130
