Key Features
Attachment Monitoring
Tracks and controls file attachments in emails, messaging apps, and file transfers to prevent unauthorized sharing of sensitive data. Enforces file type restrictions, size limits, and content scanning to block confidential information from leaving the organization.
Email Monitoring
Scans inbound and outbound email communications for sensitive content according to predefined policies. Identifies potential data leaks in message bodies and attachments, with options to block, quarantine, or encrypt communications containing critical data.
Attachment Report
Generates comprehensive reports on file attachments across communication channels, detailing file types, sizes, senders, recipients, and policy violations. Provides audit trails and analytics to identify data sharing patterns and potential security risks.
Data Classification and Discovery
Automatically scans, identifies, and categorizes sensitive information across organizational networks and repositories. Applies appropriate security policies based on content classification, helping prioritize protection for the most valuable data assets.
Multi-Channel Filtering (content filtering)
Applies consistent content inspection and policy enforcement across multiple communication channels including email, web, cloud, and file transfers. Prevents sensitive data exfiltration regardless of the transmission method used.
Printer Control DLP
Monitors and manages document printing activities to prevent unauthorized printing of sensitive information. Enforces printing policies based on document classification, user privileges, and printer locations to reduce the risk of physical data loss.
Watermarking of Printed Documents
Automatically adds visible or invisible identifiers to printed documents, including username, date, time, and classification level. Creates an audit trail that helps trace document origin and discourage unauthorized sharing of sensitive information.
Image DLP (OCR)
Utilizes Optical Character Recognition to scan images, screenshots, and documents for sensitive text content. Prevents data leakage through graphical formats by identifying confidential information embedded in visual files.
Shadow Copy of Files Allowed to be Uploaded
Creates backup copies of files permitted for upload to external destinations, providing visibility into what data is leaving the organization. Maintains records for compliance, forensic analysis, and incident response without disrupting legitimate workflows. Along with the local path, the shadow copies for attachments allowed can also be synced with cloud storage such as Google Drive, Dropbox, and OneDrive.
Storage Access Control
Manages and restricts user access to storage locations based on security policies and user privileges. Prevents unauthorized data access, copying, or transfer between internal and external storage devices to maintain data sovereignty.
Peripheral Device Control
Regulates the use of external hardware devices like USB drives, external hard disks, smartphones, and cameras. Prevents unauthorized data transfers through physical connection points while allowing approved devices based on security policies.
Wi-Fi Access Control
Manages and restricts wireless network connectivity based on security policies and approved network lists. Prevents data leakage through unauthorized wireless connections and ensures employees connect only to secure, approved networks.
Shadow Copy (USB File Activity)
Automatically creates backup copies of files transferred to or from USB devices. Provides complete visibility into removable media usage for auditing purposes and incident investigations without blocking legitimate file transfers.
User Activity
Monitors and logs user actions including file operations, application usage, and data transfers. Provides a comprehensive audit trail of user behavior to identify suspicious activities, policy violations, and for incident investigation.
IM Blocking
Controls the use of instant messaging applications within the organization. Restricts unauthorized messaging platforms, monitors communications for sensitive content, and prevents data leakage through chat channels according to security policies.
File and Folder Encryption
Automatically encrypts sensitive data based on content classification and security policies. Ensures protected information remains secure even if physical devices are lost or stolen, with access control based on user authentication.
Disable (Copy / Paste / Drag / Drop)
Restricts clipboard operations and file movement based on content sensitivity and user privileges. Prevents unauthorized data transfers between applications or destinations that could circumvent standard security controls.
Application Control
Manages which software applications can be installed and executed on endpoints. Prevents unauthorized programs that could be used to circumvent security policies, while ensuring only approved, secure applications have access to sensitive data.
Removable Device Encryption
Automatically encrypts data transferred to portable storage devices like USB drives. Ensures sensitive information remains protected even when physically removed from the corporate network, with access requiring proper authentication.
Network Access Control
Enforces security policies for devices connecting to the corporate network. Verifies compliance with security standards before granting network access, preventing compromised or non-compliant devices from accessing sensitive data resources.
Incident Response and Reporting
Provides automated alerts, detailed forensic information, and customizable workflows when potential data breaches are detected. Enables security teams to quickly investigate, contain, and remediate data loss incidents with comprehensive documentation.
SIEM Integration
Seamlessly connects with Security Information and Event Management systems to consolidate security events and alerts. Enables correlation of DLP events with other security data for improved threat detection, investigation, and response capabilities.
Active Directory (AD) Integration
Synchronizes with Microsoft Active Directory to leverage existing user accounts, groups, and organizational structures. Simplifies policy management by applying DLP controls based on established user roles and permissions.
CASB Integration
Connects with Cloud Access Security Brokers to extend DLP policies to cloud services and applications. Provides consistent data protection across on-premises and cloud environments, ensuring sensitive information remains secure regardless of location.
Regulatory Compliance
Helps organizations meet data protection requirements from regulations like DPDP, GDPR, HIPAA, PCI DSS, and others. Includes predefined policy templates, documentation, and reporting functions specifically designed for compliance verification.
Cloud Data Visibility
Monitors and controls sensitive data movement to and within cloud services and applications. Provides insights into what data is stored in the cloud, who has access, and enforces consistent security policies across cloud environments.
Browser Extension Control
This feature lets administrators block users from adding browser extensions, while allowing approved extensions to be whitelisted for productivity requirements.
User-Controlled Data Protection
Empowers users with interactive decision-making when sensitive content is detected. Instead of automatic blocking, users receive a notification popup about the sensitive content and can choose whether to proceed with the transmission, enhancing security awareness while maintaining workflow flexibility.
Password-Protected File Inspection
Securely processes password-encrypted Office documents (Excel and Word) by requesting the password from users. eScan DLP solution decrypts the file, scans for sensitive content, and applies appropriate security measures based on findings-whether allowing transmission, blocking, or engaging user decision-making.
File Attachment Block
eScan DLP Attachment block feature lets you selectively control flow of sensitive files from within your organization to the cloud. You can block/allow all attachments that a user tries to send and/or upload and/or share through specific pre-defined processes. You can exclude specific domains/sub-domains that you trust, from being blocked even if they are sent though the blocked processes mentioned above, giving you granular control over the feature. A separate report template is available to receive detailed information through email.
Content-Aware Controls
This superlative feature enables the administrator to monitor & control the type of information which can be sent outside of the endpoint. Sensitive/Confidential Information, also termed as PII, which many a time are controlled by government regulations (GDPR, for instance) can be broadly categorized.
Workspace Tenant Control
eScan Enterprise DLP enhances data security by enforcing domain-specific or account-specific restrictions across various platforms, ensuring employees can only access cloud-hosted services with corporate credentials.
Printer Access Control
eScan-DLP manages the printing activity of sensitive documents. Printer Access Control options can define which data can be printed on specific printers and by whom. One advantage of this technical solution is that in the event of unauthorized activity, the DLP system logs the incident, notifies the user about the risks, and can also block the print.
File Activity Monitoring (Local/Network/Storage Devices)
The File Activity module displays a report of the files created, copied, modified, and deleted on managed computers. Additionally, in case of misuse of any official files, the same can be tracked down to the user through the details captured in the report. The Administrator can select and filter the report based on any of the details captured.
Session Activity
This submodule monitors and logs session activities of managed computers. It displays a report of the Operation type, Date, Computer name, Group, IP address and event description. With this report, the administrator can trace the user Logon and Logoff activity, along with remote sessions that took place on all managed computers.
Application Access Report
The Application Access Report module gives a detailed view of all the applications accessed by the endpoints which are part of Managed Computers. The log displays a list of applications executed and the time duration for which the app was active. Options for Filtering or Exporting the log in desired formats are also present on the same interface. You will get the details of the computer name which accessed the app and the duration.
Disable Print Screen
This will block any screen-shot and/or screen-grab process, like the windows snipping tool, from capturing desktop screen images. This feature will ensure that users cannot capture sensitive information as an image and transfer it outside. Hence it is an important aspect of DLP.
Sensitive File Protection
This feature will ensure that sensitive data cannot be accessed using any other application except the default application specified. Once a folder is classified as "Sensitive", its contents cannot be changed / deleted in any way. The files can be accessed using only the associated apps and any kind of editing is blocked to avoid data modification.
Screen Capture
Screen Capturing makes it easier to take desktop screen-shots. As a business owner, it becomes crucial to be aware of the activities of employees, especially in the case of customer service or help-desk teams. Employees may work hard but to clearly understand their productivity, screen capturing gives you a detailed insight into the work being done.
