Take a Product Tour Request a Demo Cybersecurity Assessment Contact Us

Blogs

The latest cybersecurity trends, best practices, security vulnerabilities, and more

Trellix Email Security Service Introduces Data Loss Prevention Capabilities to Block Leakage of Sensitive Information from Outbound Email

While the majority of organizations invest in email security solutions targeting risk of inbound threats, most organizations fail to address threats posed by internal data handling. The Ponemon Institute reveals that nearly 60% of organizations experienced data loss or exfiltration from an employee mistake on email over the last 12 months. The research found that email was the riskiest channel for data loss, accounting for 65% of data losses, and found half (52%) of the security practitioners could not identify legitimate data loss incidents or employee data handling behaviors.

New Data Loss Prevention (DLP) capabilities for Trellix Email Security Cloud help organizations protect their sensitive information and improve their data security posture by monitoring and blocking email borne data risks such as exfiltration by insiders and accidental data sharing. With DLP for email, organizations can reduce their risk and cost of negative market reputation or customer loss from a data breach by enforcing data protection and compliance policy control to outbound email communications.

Key DLP capabilities

Trellix Email Security Cloud customers can choose from dozens of pre-built standard policies, including DLP policy options for all major compliance frameworks, along with flexibility to customize policies using an easy-to-use policy builder for fast ROI and adoption of compliance activities. DLP rules scan email and attachments to identify sensitive content based on keywords, regular expressions, meta data, and document fingerprints including exact data matching in over 400 + file types, with optional OCR capabilities. Captured data events for investigations and forensics are available in the Trellix Email Security Cloud console.

How does the DLP solution work?

DLP capability for Trellix Email Security Cloud is delivered through API-based integration with Trellix’s market leading, enterprise-grade DLP solution. API integration with Email Security Cloud instead of light weight, built-in DLP functionality provides organizations with enterprise-grade data protection and control that is easy to deploy and more reliable than SMTP connectivity.

Setting-up DLP for Trellix Email Security Cloud requires configuring a Trellix ePO account and deploying Trellix DLP Network Prevent software. DLP policies for Trellix Email Security Cloud are set within the ePO console. From the Email Security Cloud console, connectivity to the Trellix DLP policy actions can be mapped to policy actions enforced by Email Security. (No Action, Quarantine, Drop, and BCC); visibility into real time email-based DLP events are streamed to the console for messaging teams to monitor and accelerate incident response.

Figure 1: DLP policy mapping from the Email Security Cloud console.
Figure 1: DLP policy mapping from the Email Security Cloud console.


Figure 2: Below is a diagram of the email DLP response flow.
Figure 2: Below is a diagram of the email DLP response flow.


What Trellix DLP infrastructure is required for Email Security Cloud DLP integration?

The Trellix ePO console (On-prem or SaaS) and Trellix Network Prevent software version 11.10.700 and later are required. You can deploy Trellix DLP Network Prevent on AWS using an Amazon machine image, virtually using VMWare ESXi, Microsoft Hyper-V, Nutanix AHV, or purchase a physical appliance from Trellix.

Learn more about Trellix Email Security

Visit the Trellix Email Security product page to learn more about our award winning email security solutions and take a brief interactive product tour.

This document and the information contained herein describes computer security research for educational purposes only and the convenience of Trellix customers.

Get the latest

We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.

Please enter a valid email address.

Zero spam. Unsubscribe at any time.