ManageEngine Endpoint DLP Plus is an enterprise Endpoint DLP software that helps to create cybersecurity policies that proactively prevent the leakage of sensitive endpoint data. Inbuilt with the ability to exercise its functionalities at various levels of flexibility, Endpoint DLP Plus can fit the unique requirements of any kind of enterprise. Endpoint DLP Plus supports the Endpoint DLP process even in a distributed setup like branch or remote offices (WAN) and for mobile users, for example sales persons who are constantly on the move.
The advantages of using the WAN architecture of Endpoint DLP Plus include the following:
The following guide will help you understand the process of Endpoint DLP Plus the help of an architecture diagram.
IT administrators or network security teams need the following components to perform Endpoint DLP in the remote computers:
The Endpoint DLP Plus Server helps you to centrally perform all the Endpoint DLP tasks in your network. Some of the tasks include the following:
Any of the Windows computers in your network with the requirements mentioned here can be hosted as your Endpoint DLP Plus Server.
This section includes detailed information about the components of the Endpoint DLP Plus architecture. Refer to Figure 1: WAN Architecture of Endpoint DLP Plus.
Endpoint DLP Plus Server has to be installed in your LAN (say, the head office) and has to be configured as an EDGE device. This means that the designated port (default being 8020 and is configurable) should be accessible through Internet. You need to adopt necessary security standards to harden the OS where the Endpoint DLP Plus Server is installed. Agents from all the remote locations report to this Endpoint DLP Server.
The Server acts as a container to store information about the discovered applications and the policies deployed. It is advised to keep the Endpoint DLP Plus Server always running to carry out the day-to-day Endpoint DLP activities.
Distribution Server is light-weight software that is installed in one of the computers in the Branch Offices. This agent will communicate with the Endpoint DLP Plus Server to pull the information for all the computers in that branch. The agents that reside in the branch office computers will contact the Distribution Server to get the information available to them and process the requests.
To perform Endpoint DLP Plus, a lightweight, multipurpose agent will be installed by the server in your network systems. The agent contacts the server every 90 minutes to get the data needed to carry out the tasks delegated by the server. It returns back the result to the server after completion of the task. The agent also maintains a continuous thin connection with the server in order to perform on-demand tasks.
Agents can be installed either manually or using a logon script in all the branch-office computers that are being managed using Endpoint DLP Plus. This task is a one-time task. Up-gradation of agents is done automatically. Endpoint DLP offers two options to help administrators manage computers across a WAN. The option that you choose depends on the number of computers you are going to manage at your remote office. The options available, enable you to use either of the following:
The web console is a graphical user interface to access the server and perform Endpoint DLP tasks. This console can be accessed from anywhere. For example, it can be accessed through a LAN, WAN and from home using the Internet or a VPN. Separate client installations are not required to access the Web console.