Your browser does not allow storing cookies. We recommend enabling them.

Data Loss Prevention and Anti-Virus for SSH, SFTP, Remote Desktop

Data loss prevention (DLP) systems are employed to counter the risk of valuable or sensitive data ending up in possession of unauthorized parties. Network Data Loss Prevention (DLP) tools and anti-virus products typically monitor the network traffic at designated network entry/exit points and uses predefined criteria to filter the sensitive data from the flow of traffic. Once identified the data loss prevention tool takes action to stop the data transfer in real time, and typically triggers an alert on the detected attempt.

Encrypted Protocols and Data Loss Prevention Tools

While the approach above works for most normal traffic, it struggles when encrypted network protocols (such as SSH (Secure Shell), SFTP (SSH File Transfer Protocol), RDP (Windows Remote Desktop), or SSL/TLS) are used. Encryption blinds the data loss prevention software's interception and filtering tools and renders them incapable of reacting to illegitimate transfers of protected data.

Encrypted communications protocols, such as the SSH protocol, utilize modern encryption algorithms to hide the transferred data. While this guarantees data privacy and confidentiality, it also prevents traditional data loss prevention tools and anti-virus systems from seeing the transferred data and files.

Overcoming Encryption in DLP Software

CryptoAuditor from SSH Communications Security is a network-based solution that monitors, controls, and audits encrypted sessions.

CryptoAuditor provides visibility, control, and recording of what happens inside encrypted sessions. It can observe traffic inside SSH, Remote Desktop, and SSL/TLS sessions and filter the content of the encrypted protocol stream to enforce a corporate DLP policy. This enables internal auditors, forensics investigations, and early warning analytics systems to inspect the contents of the sessions.

CryptoAuditor uses the ICAP to integrate with data loss prevention systems. This protocol is supported by most commercial DLP and anti-virus products. CryptoAuditor can use it for both alerting and for preventative DLP.

CryptoAuditor is non-invasive and transparent compliance enabler for PCI-DSS, SOX, HIPAA, and many other mandates.

Enhancing DLP Systems - CryptoAuditor

Modern malware is sophisticated, and the trend is towards more and more complex attacks that combine multiple protocols, approaches, and techologies. Attackers are well aware and educated on modern information security technologies and make extensive use of the same tools their counterparts at corporate IT departments use.

Data loss prevention solutions that do not address encrypted connections are not sufficient to meet the real-life demands of today. Most DLP solutions can be siginificantly improved by extending their reach into the encrypted protocols. CryptoAuditor from SSH Communications Security offers a transparent solution for monitoring, controlling, and auditing encrypted connections. With integration to data loss prevention solution CryptoAuditor allows the corporate DLP policy to cover also the threats that are hidden under the cover of encryption.

Additional Information




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now