You can combine endpoint protection with a change tracker for improved data loss prevention (DLP) in environments with Windows, macOS and Linux machines.
That’s according to Zoran Cocoara, writing for Endpoint Protector (by CoSoSys prior to acquisition by Netwrix).
“Deploying a DLP solution is a critical step. But keeping it enforced across every endpoint? That’s where many teams struggle – especially in cross-platform environments,” he wrote in a blog post.
Typically, on macOS and Linux, a user with elevated rights can stop or uninstall services, including DLP agents. Conversely, Endpoint Protector admin rights on Windows don’t let users disable DLP.
However, the right solutions can prevent this happening. For example, deploying Endpoint Protector and Netwrix Change Tracker together means users will know if the DLP is running.
This approach detects if a service is stopped, missing, or altered. And the change tracker sends alerts in real time by email, syslog, ticketing or security information event management (SIEM) systems.
In addition, this approach matches changes to planned maintenance versus unauthorised activity, Cocoara wrote.
“Endpoint Protector enforces DLP policies and controls USB access across Windows, macOS, and Linux,” he said. “Change Tracker monitors the integrity of the DLP agent, even on endpoints with local admin privileges.”
Protection can be even better if endpoint policy management is deployed that can remove local admin rights when they’re not needed for specific applications or tasks, Cocoara said.
DLP necessary for endpoint protection
After all, data protection is increasingly essential whether at rest, in transit or being stored. Ports, drives, peer-to-peer apps, and endpoint devices from laptops and printers to mobile devices and more need consideration, he noted, in a separate post.
“It’s about knowing every path your data can take and applying the right policy at the right time, without killing productivity,” Cocoara said.
“The attack surface has exploded, and so have the opportunities for accidental or malicious leaks.”
Context-aware policies can be deployed for device types, user roles, network locations, or time of access, enabling security without unnecessarily restricting users, he suggested.
A policy framework that works across platforms can further reduce the number of ‘gaps’ that could leak data. In addition, built-in exception workflows can allow IT teams to approve or auto-approve access requests quickly when required.
However, many built-in or legacy controls can’t enforce the same policy everywhere. For instance, many mobile device management (MDM) platforms cover Windows and macOS but not Linux endpoints.
Endpoint Protector closes those gaps with unified policy enforcement across Windows, macOS, and Linux,” Cocoara wrote. adding that it can also prove compliance on demand, via detailed logs of connections, transfers and exceptions.
( Photo by Luis Tosta on Unsplash )
