Can DLP Endpoint Prevent / Discover monitor SFTP traffic?

search cancel

Can DLP Endpoint Prevent / Discover monitor SFTP traffic?

book

Article ID: 169957

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Enforce

Issue/Introduction

Customer is using DLP Endpoint Prevent / Discover and would like to know how SFTP is monitored.

Environment

15.x

16.x

Resolution

The DLP Agent is unable to detect the secure file transfer while it is crossing the wire but it is able to detect the SFTP application accessing the file and trigger an incident (and block if configured).

In order for the DLP Endpoint to monitor SFTP activity the user will need to have application monitoring setup for the FTP client. The application monitoring settings will need to be configured to include application file access (AFA) so that the DLP Endpoint can detect when the user selects a document to upload so it can be scanned accordingly.

Configure the SFTP application here:

Ensure the agent configuration has Application File Access enabled as well:

Feedback

thumb_up Yes

thumb_down No