Manage Learn to apply best practices and optimize your operations.

How to create configuration management plans to install DLP

Installing DLP products on a network can require a lot of configuration management planning that includes cooperation between many business groups. In this security management expert response, learn how to do a network architecture review to install DLP.

Our company is looking to deploy a new DLP product, and my question has to do with the security management aspect. What configuration management planning should we do beforehand to make sure our networks and applications are ready?
Fortunately, this can be a pretty straightforward operation, though potentially time consuming. For starters, gather diagrams of the portions of the network that you are intending to protect. These diagrams should include all relevant routers, switches and servers, as well as their IP addresses and netmasks. Ideally the security team already has access to this information, or this project will take a lot longer. These diagrams are important so the company and the vendor have the necessary documentation in order to find the optimal place to install the DLP servers.

In addition to the network documentation, network access is necessary. The exact nature of the access will depend on how the company is deploying the DLP sensor. For a passive/monitoring-only deployment, you will need access to either a span port or network tap on the appropriate VLAN(s). This will enable the DLP sensor to monitor traffic without interfering with the traffic's flow across the network.

Alternately, for an active deployment, you will need a slightly different architecture. In this case, the network will actually be routing traffic through the DLP sensor. As such, work with the vendor and the networking team to find an agreeable routing protocol. In most cases, static routes will suffice.

Preparing the documentation and planning the network architecture ahead of time will not only speed up the deployment but also make it, ultimately, a more successful one.

For more information:

This was last published in March 2009

Dig Deeper on Data loss prevention technology

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.