Proofpoint Endpoint DLP Installation Guide
Overview
Security Categorization (RA-2) requirements for systems that store or process critical or confidential data include 1) use of file encryption or whole-disk encryption software and 2) appropriate use of data loss prevention (DLP) software provided and managed by the Office of the CISO. Currently, the DLP solution provided by the Division of IT is Proofpoint Endpoint DLP.
DLP Agent Components
For both Mac and Windows endpoints, the install process is similar. Using scripts, endpoint management tools like Jamf or InTune, or by directly clicking on an installer on a machine-by-machine basis, there are a couple of parts to an install: the agent and agent-updater along with a configuration file.
The configuration file contains environment variables, including OS type (Windows or Mac) and assigns the endpoint to a particular DLP environment. We currently have 3 broad environments: Admin Test, Pre-Production, and Production.The Admin Test group is used only by the Security team to perform high-level tests for new agent releases. The Pre-production group is composed of sample machines from the various groups on campus participating in the DLP program which allows them to test functionality on specific configurations prior to broadly distributing a particular release. The Production group is made up from all other endpoints participating in the DLP program.
The agent/agent-updater are the executables that run on the endpoint. The agent performs the DLP monitoring and reporting back to the UAM (unified alert manager) console. The agent-updater receives and performs updates to the agent version when they are deployed to a particular group.
A standardized change request process is in place for new releases to the DLP agent. When new agents are identified, they are first deployed to the Admin Test Group. After successful testing, they are then deployed to the Pre-production group for additional testing by the departmental administrators and their users. Once all test cases have been satisfied, an official Change Request is created to schedule the release of the updated agent to the Production group. A minimum of one week is allocated for testing new deployments in each group and all departmental administrators and UEM representatives are included in communications regarding new releases.
Installation Files and Instructions
Install files can be found in a Git repository created by the Unified Endpoint Management (UEM) team.
https://github.com/tamu-edu/ProofpointDLP-Deployment
This repo has been made available to all TAMU Git users. If the person/group needing the install files has not yet set up their Git account, they will need to first claim a TAMU Git account. Otherwise, this repo is open to the TAMU community at large. The repo contains the install files, basic documentation, and sample scripts for use with ManageEngine, SSCM, or InTune as appropriate.
Program On-boarding
When a new group is introduced to the DLP program, a welcome message is sent to the departmental admins and includes links to the following documentation:
In the same message, the departmental admins are invited to a 30 minute demonstration of how to access the console, discuss the types of data and actions being monitored, and perform a walkthrough of the IR process with test data and alerts. Additional training sessions can be scheduled as needed.
Additional Information
Information technology professionals may contact endpoint-security@tamu.edu to request departmental access to the DLP console, obtain access to the repository containing the DLP software, or ask any questions.