Can DLP Endpoint prevent / discover monitor sftp traffic

book

Article ID: 169957

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Customer is using Endpoint prevent / discover and would like to know how sftp is covered. n / a

Cause

n / a

Environment

14.x

Resolution

Sftp is a secure file transfer that can only be detected on the network as encrypted information on the sftp port 22. 

In order for endpoint to monitor sftp activity the user will need to have application monitoring setup for the ftp client. The application monitoring will need to have application file access so that endpoint can detect when the user selects a document to upload so it can be scanned accordingly.