What can I protect?

Data protection can control or monitor the flow of data throughout an organization.

Administrators can define:
  • Who can move and receive data
  • What data can and cannot be moved
  • Where the data can be sent
  • How the data can be sent
  • What action to take in case of a policy breach
Data protection can be used together with the endpoint to secure the following channels:
  • Endpoint Email: Monitor email messages sent by endpoint users using Microsoft Outlook (Windows only) or Apple Mail (macOS only) clients.
  • Endpoint applications: Monitor or prevent sensitive data from being copied and pasted from one application to another on Windows endpoint clients.
  • Endpoint application file access monitoring: Monitor applications such as IM, cloud storage, and FTP clients that access and share sensitive data.
  • Endpoint removable media: Monitor or prevent sensitive information from being written to a removable device such as a USB flash drive, CD/DVD, or external hard disk. Data protection supports analysis, encryption, and blocking for USB drives.
  • Endpoint LANs: Users commonly take their laptops home and then copy data through a LAN connection to a network drive/share on another computer.
    • Specify a list of IP addresses, host names, or IP networks of computers that are allowed as a source or destination for LAN copy.
    • Intercept data copied from an endpoint client to a network share.
    • Note that Endpoint LAN control is currently applicable to Microsoft sharing only.
  • Endpoint printing: Monitor or prevent sensitive data from being printed on local or network printers from endpoint client machines.
  • Endpoint HTTP/HTTPS: Monitor or protect endpoint devices such as laptops from posting data over the Web.
  • Cloud Email: Monitor or protect users from sending data over the organization email.
  • Online WEB (HTTP/HTTPS/FTP): Monitor or protect users from posting data via the organization WEB.
  • CASB Inline: Monitor or prevent sensitive data from being uploaded to a Cloud Application or downloaded from a Cloud Application to a location that is not secure.
  • CASB API: Monitor sensitive data from being modified, shared via a Cloud Application or downloaded from a Cloud Application.

Comprehensive monitoring of these channels can prevent data from leaving an organization.