Microsoft and Check Point Protect Employees from Leaking Sensitive Business Data and Intellectual Property

by Dana Katz, Product Marketing Manager, Security Platforms, published May 21st, 2019


It is clear that confidential data leakage, whether malicious or unintentional, can cause serious damage to any organization. Preventing sensitive and valuable information, such as customer records, intellectual property, and financial reports, from falling into the wrong hands has become a major priority for most organizations. 


To protect organizations from data loss, Microsoft and Check Point has been working closely together to integrate Microsoft Azure Information Protection (AIP) with Check Point Next Generation Firewall Security Solutions.  The integrated solution keeps sensitive business data absolutely safe, regardless of where it travels or how it is shared, including via email, web browsing or file sharing services that are not included within the Microsoft eco-system.


Customers of both Check Point and Microsoft can rest assured knowing their employees will be prevented from accidentally sending sensitive and valuable business data outside of the corporate network, not just when using Outlook or Microsoft Exchange, but also when using popular applications and services such as Gmail, Dropbox, FTP & Box. By leveraging the Check Point capabilities of policy enforcement across the network, Microsoft Azure Information Protection file classification and protection capabilities are extended and substantial security gaps are sealed. Therefore, joint customers can enjoy a comprehensive Data Loss Prevention solution, their security teams can track and control the exposure of sensitive information and take corrective measures to prevent data leakage or misuse.


How Data Loss Prevention works from the end-user perspective      


Let’s take a look at a common data loss scenario. Your company’s CFO just finished creating a highly confidential financial report using Microsoft Office Word.  Azure Information Protection (AIP) recognizes the sensitive content in the document and prompts him to label the document as “Confidential Financial Data”.  With the proper confidential label, no one in the company will be able to accidentally send this file to an external recipient or location outside of the corporate network. Regardless of the application (Outlook, Gmail, Dropbox, FTP), Check Point Data Loss Prevention (DLP) will block any improper distribution of the document and immediately notify the user.  Not only does this process educate the user about any improper data handing, it helps prevent any future issues.


Data Loss Prevention – the Admin perspective


Let’s take a look at this same CFO data loss scenario from an IT administrators perspective.  Many IT organizations that use Office 365 productivity solutions have also adopted AIP to classify, label and protect their sensitive information. AIP sensitivity labels can be applied automatically based on IT administrator rules and conditions, manually by end users, or in a combination where end users are given recommendations.  In the use case of the CFO data loss, the IT security team has pre-configured an AIP label called “Confidential Financial Data”. Based on this label, the security teams have also defined a Check Point unified security policy rule (that includes a Content Awareness AIP data type) to protect confidential financial information from being sent outside of the organization.  Once the AIP label was applied to the CFO financial report, Check Point Security Gateways were able to detect and enforce the confidential designation, regardless of where the document was sent or how it was shared.


Unified Data Loss Prevention Across the Enterprise


Because Check Point DLP enables policy enforcement of data in transit at the network level, the IT Security teams can track and control how documents are being shared and immediately take corrective measures to prevent data leakage. In addition, DLP is integrated into Check Point’s security management platform enabling enterprises to apply a unified document protection policy across the organization while also managing access control, threat prevention policies, and incident analysis.


Demo of Microsoft Azure Information Protection, Check Point DLP and SmartConsole


Take a few moments to view the demo video below, and see how the combination of Azure Information Protection, Check Point DLP and the R80 SmartConsole will protect your enterprise from leaking sensitive business data and intellectual property.



About Azure Information Protection

Azure Information Protection (AIP) is part of Microsoft Information Protection solutions, which can leverage the security capabilities of partners like Check Point.  Azure Information Protection enables customers to classify, label and protect sensitive documents and emails.Sensivitity labels can be applied automatically based on the system administrator’s rules and conditions, manually by users, or a combination where users are given recommendations. Since Azure Information Protection has rights management capabilities built-in, it can be used to protect documents by defining granular user access rights down to specific groups or users.


About Check Point DLP

Check Point DLP is part of Check Point’s Next Generation Firewall Gateway products. It  combines multiple technologies and processes to revolutionize Data Loss Prevention helping businesses to pre-emptively protect sensitive information from leaving the company, educating users on proper data handling policies and empowering them to remediate incidents in real-time!  By enforcing security policies on all data transmitted over networks, Check Point Security Gateways offer a wide coverage of traffic transport types, including deep application awareness that protects data in motion, such as e-mail, web browsing and file sharing services.