Is it possible to move an EDM indexes between implementations of Data Loss Prevention (DLP)
When it comes to EDM there is a crypto key that is specific to the Enforce server and also the EDM hash, and they are never the same on 2 different Enforce Servers. When an EDM is created there is a new Crypto Key created and used when creating the hash. This Crypto key is randomly generated and stored Encrypted in the Oracle DB.
Once this is done the Hashed EDM Files are sent to the detection servers, where they are stored on the file system. The Crypto Key to be able to read the hashed EDM files is Sent to the Detection Servers once they have communicated with the Enforce console to verify they are registered as being part of the system. The Crypto Key itself is never stored on the Hard Drive, it is only stored in memory on the detection servers. If the Detection server is restarted it will have to validate and ‘register’ with the enforce server before being sent the current crypto key. If the EDM is ever recreated, there will be a new crypto key associated to the hash files.
So overall this is a locked down system where only a registered detection server will be able to read an EDM hash from that system, they cannot be shared.
This is part of the overall secure system to keep all important information safe.
Symantec Data Loss Prevention
Imported Document ID: TECH222166
Subscribing will provide email updates when this Article is updated. Login is required.