DLP Scanning

[cmarcan 0]

Are there any plans to include DLP Scanning in Malwarebtyes?  Our organization is looking at possibly using Malwarebytes, however we were hoping to include Endpoint DLP scanning as part of our chosen solution.  

[exile360 254]

Greetings,

I believe you should give Malwarebytes Incident Response a look.  It includes forensic tools and remediation components that I believe would suit your needs.  You can find out more here and the associated documents linked at the bottom of the page provide greater detail on what this solution has to offer.

If you have further questions you can either post here or you may contact Malwarebytes Sales via the information provided on this page.

I hope this helps.  If there's anything else we might assist you with please don't hesitate to ask.

Thanks

[gonzo 108]

I can't speak for future plans, unfortunately.  But having worked in the past for a company that focused on DLP, much of what we did then had little to do with detection or remediation of malware.  Obviously, any malware that can expose information on your computer/network is a risk which we do go after with all of our products.  At the same time, much of DLP comes down to your apps, their storage methods, your ancillary storage methods and the method of transport between your storage or I/O devices and the apps which will use them.

I was going to write something very profound and realized that I was making it too hard to understand, so thank Bubba for the delete key.  Many users store confidential information out in the open, and if the computer CAN be breached, it eventually WILL be breached.  Humans are always the weakest link in the chain.  Malwarebytes can and will provide excellent protection for your systems, but its always a cat and mouse game.  If you shift the responsibility to someone else to protect you 100% of the time, you will eventually pay for that choice.  You can choose to be your best friend or your worst enemy.  Having worked at that company taught me a lot about how I nonchalantly exposed things that could have cost me dearly.

I didn't mean to climb on a soapbox here, but it actually could have been much longer.  Going back to where I started, several people have requested Malwarebytes to create a product focused on DLP.  As a rule, we do not speak of anything we are developing until it is at a place where we can feel comfortable about doing so, and that is usually nearing release of a product.  It builds anticipation as well as expectations.  That can be a good thing, and also a bad thing.  I honestly don't know of anything DLP-related here, nor have I asked.  I'm just trying to give you a thoughtful answer.

[Amaroq_Starwind 0]

Welcome to the forum, @cmarcan. If you're still looking for a solution that provides DLP Scanning, there might be some standalone products (not produced by MalwareBytes) that could be used alongside your MalwareBytes solution. I'd try looking into that.

You have me curious, though. I'm assuming that DLP stands for Data Loss Prevention, but what exactly is DLP Scanning?

[gonzo 108]

You cannot prevent what you have not detected.  Detection is done by scanning data, looking for specific data, patterns, regular expressions, data substitution that conforms to patterns, and basically anything that tells a bad guy that something good may be just waiting to be discovered.  It is similar to scanning for malware, just that you have specific targets in mind (charge card numbers, social security numbers, drivers licenses, etc.).

[Amaroq_Starwind 0]

Ah, thanks for clarifying, that makes a lot of sense.

According to my father (who's literally been working IT longer than I've been alive), a lot of older Malware never caused damage to filesystems and operating system components intentionally, but rather as a result of bad programming. So it is entirely possible that Malware (or even legitimate software) could accidentally cause catastrophic data loss due to a programming error, and that's not even taking into account hard-disk failures; my current computer's HDD is actually on it's last legs right now, and I'm saving up for an SSD with more than triple the capacity.

Tangent aside, I can see a lot of value in DLP Scanning. If MalwareBytes does gain more DLP functionality in the future, then I'm looking forward to it.