top of page
Cellopoint_bg_phishing.png

Data Loss Prevention (DLP)

Protect your confidential data with Cellopoint Data Loss Prevention (DLP) against both accidental and intentional data loss

Secure your sensitive email data with Cellopoint's DLP

Cellopoint Data Loss Prevention (DLP) is an outbound email DLP solution offering email auditing, Optical Character Recognition (OCR), and encryption. It uses pre-defined DLP policies to identify outbound emails containing confidential data and apply appropriate actions such as auditing, blocking, forwarding, deleting, notifying, or encryption to prevent data from being misdirected, leaked, or accessed by unintended individuals. It helps organizations prevent data loss, and ensure compliance across cloud services such as Microsoft 365, Exchange Online and Google Workspace, or on-premises platforms like Exchange and Zimbra.

Cellopoint Data Loss Prevention (DLP)

Top 1 data breach vector

Email accounted for 85% of data loss incidents in 2021

Common

More than 35% of employees have mistakenly emailed the wrong person 

Costly

$4.24 million in global losses were attributed to data breaches in 2021 

Gateway-based Outbound Email DLP

Data Protect & Compliance

Protect your sensitive data from accidental and intentional loss and ensure legal or regulatory compliance

License with Maintenance 

Flexible module licensing includes an initial fee for first-year license access, followed by maintenance fees.

Flexible Deployments

Deployable on on-premises hardware or VMs and public clouds like AWS, GCP, and Azure

DLP features at a glance

DLP offers three modules: Auditing (AUD), Optical Character Recognition (OCR), and Encryption (ENC), which can be flexibly selected based on your requirements and budget. Suitable for organizations preferring to manage their own on-premises infrastructure or deploy in a public cloud.

  • Real-time Scanning and Analysis: Includes outbound email headers, email bodies, compressed files (ZIP), and attachments (TXT, PDF, RTF, Word, Excel, PowerPoint).

  • Content-level Filtering: Uses multi-dimensional classification to identify sensitive data, including built-in ID information and custom keywords.

  • Classification Criteria: Provides conditions such as ID numbers and credit card numbers, as well as email size, attachments, and recipients for auditing actions.

  • Robust Policy Settings: Flexible filter, action settings, compliance checks, integration with organizational policies for individual, departmental, and organizational policy management, ensuring email data loss prevention.

  • Real-time Audit - Prevent Data Leakage: AUD scans outbound emails for sensitive data. If data leakage is detected, actions such as blocking, notifying, forwarding, deleting, or encrypting will be taken to help organizations prevent accidental or intentional leakage of confidential data.

  • Post-event Audit - Identify Unnoticed Risks: Helps organizations to identify confidential historical email data, track its transmission, users involved, and final destinations. AUD scans, analyzes, and categorizes emails, storing all information in an audit database. Auditors can query email elements like senders, receivers, and sensitive content. Based on identified leaks, such as notifying managers or preserving evidence for litigation will be taken. (Mail Archiving module required)

  • Role-based Access Control: Defines permissions for employees, managers, and group administrators, enabling granular control and flexible DLP policy formulation.

  • Policy Engine: A single console for managing email policy settings, editing, deployment, and execution.

OCR

Optical Character Recognition (OCR) 

OCR is an add-on for the DLP solution that extracts texts from email images, delivering the extracted texts to Cellopoint’s policy engine for scanning. Subsequently, it enforces pre-defined DLP or personal information protection policies. Actions include auditing process, encrypting emails (ENC), or adding digital signatures (SIG) to prevent data loss.​

Optical Character Recognition (OCR) 

The OCR engine supports image recognition for images embedded in email attachments or within email content, covering various formats and languages:

  • Files containing images: pdf, rtf, Microsoft Office (doc, docx, xls, xlsx, ppt, and pptx)

  • Image files: jpg, jpeg, jpc, jpe, gif, png, bmp, tif, and tiff

  • OCR recognition languages: English, numbers, Traditional and Simplified Chinese

  • Compressed and encrypted files such as rar, tar, tgz, gz, gzip, bzip2, 7z, xz, and zip

  • Deployment: Supports hardware-based appliances, allowing horizontally scaling out for multiple OCR engines, enhancing processing efficiency and response time

Encryption (ENC)

When a DLP policy triggers encryption, emails are encrypted to prevent plaintext transmission, ensuring the secure delivery of your sensitive data and preventing data loss.

  • Four Encryption Types:

    1. HTTPs Encryption: Users securely log in via HTTPS to preview and download encrypted emails ensuring Gateway-to-Client encryption from COENC to the recipient. Most users use web-based browsers, with SSL (Secure Socket Layer) over HTTP and the RSA (3DES) safeguarding confidential data.

    2. S/MIME Encryption: When recipients opt for S/MIME mode during registration, ENC generates a recipient-specific certificate (P12 file) and private key for automatic installation. Emails are sent to recipients using S/MIME encryption, ensuring Gateway-to-Client encryption from ENC to the recipient.

    3. PDF Encryption: ENC encrypts the original email into PDF attachment, requiring a password for access. Senders can specify or the system can generate passwords, providing flexible and convenient options to let the recipient obtain directly from the sender or sent by the system.

    4. ZIP Encryption: ENC encrypts the original email into ZIP attachment, requiring a password to unzip for access. Senders can specify or the system can generate passwords, providing flexible and convenient options to let the recipient obtain from the sender or sent by the system.

 

  • Encryption Policy Engine (PE): Enables tailored encryption policies for organizational-wide, specific group, or individual needs. Organizations can automatically encrypt emails based on comprehensive AND/OR conditions, including:

  • Who (sender/ recipient/ IP address)

  • What (keywords)

  • When (different times/ dates/ cycles)

  • Where (sent locally/ sent externally and relayed through your organization's server)

  • Attachment Details (filename/ format)

  • Quantity and Size (number of attachments/ email size)

Cellopoint DLP helps you improve your
Return on Investment (ROI)

Request a demo with an email security expert

bottom of page