Is it possible to move an EDM indexes between implementations of Data Loss Prevention (DLP)

book

Article ID: 160803

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Prevent for Web Data Loss Prevention Network Protect Data Loss Prevention Endpoint Discover

Issue/Introduction

Is it possible to move an EDM indexes between implementations of Data Loss Prevention (DLP)

Resolution

When it comes to EDM there is a crypto key that is specific to the Enforce server and also the EDM hash, and they are never the same on 2 different Enforce Servers. When an EDM is created there is a new Crypto Key created and used when creating the hash. This Crypto key is randomly generated and stored Encrypted in the Oracle DB.
 
Once this is done the Hashed EDM Files are sent to the detection servers, where they are stored on the file system. The Crypto Key to be able to read the hashed EDM files is Sent to the Detection Servers once they have communicated with the Enforce console to verify they are registered as being part of the system.  The Crypto Key itself is never stored on the Hard Drive, it is only stored in memory on the detection servers. If the Detection server is restarted it will have to validate and ‘register’ with the enforce server before being sent the current crypto key. If the EDM is ever recreated, there will be a new crypto key associated to the hash files. 
 
So overall this is a locked down system where only a registered detection server will be able to read an EDM hash from that system, they cannot be shared.
 

This is part of the overall secure system to keep all important information safe.

Applies To

 Symantec Data Loss Prevention