Risk-free Uploads and Downloads with Anti-Virus (AV) and Data Loss Prevention (DLP) Integration

Posted by Ankur Panchbudhe on September 16 2014

Vaultize takes a holistic approach towards enterprise file sharing and mobile collaboration by building-in end-to-end security, data protection and data loss prevention capabilities into all the solutions that our enterprise platform enables. This means that while users get to do easy access and sharing of data, administrators can rest assured that their organization's data is not being lost. We understand that one of the most important aspects of sharing (and collaboration in general) is the need to exchange data with people outside the organization and this is where most data loss could happen. Here, the risk is not just about the data that's going out, it's also about the data that's coming in, which could be infected with malware and cause losses inside the organization's infrastructure.

To protect against scenarios where data loss could happen through data going out or coming in, Vaultize now integrates with data loss prevention (DLP) and anti-malware (commonly known as anti-virus or AV) solutions. So, whenever an user (or an external person) uploads a file from outside the organization's boundaries, Vaultize will get that file scanned by sending it to the configured AV server and then blocking or allowing the file depending on policy. Similarly, for downloads (or outgoing data), the file will be scanned using a DLP solution.

Vaultize implements the integration with DLP or AV solutions through a industry-standard protocol called ICAP. Most leading AV and DLP solutions support ICAP and chances are that your exising solution supports it already. In short, the AV/DLP solutions act as what is termed as an ICAP server, while Vaultize acts like an ICAP client and the client talks to the server to request for scanning of data.

Details of ICAP Integration

The Vaultize ICAP client follows specific rules, syntax and guidelines specified in ICAP RFC 3507 to communicate with any third-party product that also supports RFC-3507.

Before uploading or downloading data into/from Vaultize, the Vaultize ICAP client encapsulates incoming or outgoing data into an ICAP request and sends it to ICAP server (AV or DLP). As per AV or DLP server’s policies, the data is scanned for suspicious content and a response is sent to Vaultize ICAP client. Depending on the AV/DLP settings, Vaultize will allow or discard the file depending on the response from the ICAP server. Vaultize also logs any violations and allows administrators to view and analyze them through reports, alerts and notifications.

Vaultize ICAP integration

Vaultize ICAP Settings

ICAP Settings can be found under the Admin Settings menu.

Vaultize settings for ICAP integration

As seen above, Vaultize can communicate with two different ICAP servers - one for AV (incoming data) and another for DLP (outgoing data). For each, admin should know the third-party ICAP server’s FQDN or IP address and port number (usually 1344, the default for ICAP). Vaultize ICAP client can smartly detect the most suitable ICAP request method for a given service, but admin can set it manually too. The Action provides allow/disallow policy on violations reported by the ICAP server - “Disallow” would make Vaultize block the file and disallow the operation. Vaultize will also log a violation, which could result in an alert or notification.

Vaultize settings for Anti Virus integration

Here's a short video demonstrating how a file is scanned and blocked with Vaultize's Anti-virus integration:

https://www.youtube.com/watch?v=rdrMpweIqOM


This post is written by Akash Shende, the primary developer of Vaultize ICAP Integration. He’s a Software Engineer at Vaultize and works in our Pune India R&D center.

Topics: Product, Features, Announcements

Subscribe To The Blog