New endpoint DLP capabilities: prevention and data classification

Enhanced Endpoint DLP capabilities and smoother incident response workflows

Proofpoint announced their enhanced Endpoint DLP capabilities which detect sensitive data movement and prevent movement or exfiltration to USB devices attached to the endpoint. These features will be available to customers with no change to their current workflow if they are an existing Proofpoint Insider Threat Management (ITM) SaaS customer.

Over the last year, many customers have expressed the complexity of tackling data loss through manually correlating disparate alerts and incomplete visibility from unconnected solutions. They ran the risk of catching potential data exfiltration late or leaving major gaps of evidence in insider investigations. That’s why Proofpoint built its ITM and Endpoint DLP within a modern, scalable, cloud-native information protection platform, shared with CASB and Email DLP under the Enterprise DLP suite.

Microsoft Information Protection integration: increased data context, reduced alert fatigue

Across the Proofpoint Enterprise DLP suite, including Endpoint DLP and ITM, Proofpoint integrates with the customer’s Microsoft Information Protection (MIP) data classification. Classification labels provide more context about files.

Prevention of sensitive data movement to USB devices

Customers can now prevent sensitive data movement to USB devices when the data movement is clearly out of policy or if a malicious user is trying to hide their tracks. You can define lists of permitted and prevented values for users, file extensions and devices. In addition, you can protect files from being exfiltrated to USB based on source URL or file content using MIP classification labels.

Common use cases for MIP labels and USB prevention

  • User groups: Prevent users, who’ve given their notice, from copying sensitive files from specific locations onto USB devices
  • Classification (MIP) label: Prevent any file marked as confidential based on the MIP label from exfiltration through unlisted USB devices
  • Reduced alert triage: Focus on detecting exfiltration of data marked as sensitive through MIP labels rather than all data downloads from sanctioned sites such as SharePoint or Salesforce

Read Nirav Shah’s full blog here.


Learn more about the platform capabilities on Proofpoint’s Endpoint DLP page here or contact your local Exclusive Networks Account Manager.