Introduction to Data Loss PreventionData Loss Prevention R81 Administration Guide | 27ItemDescription2Data Loss Prevention Software Blade enabled on a Security Gateway3HTTP proxy4Mail server5Active Directory or LDAP serverYou can put the DLP Gateway between the users and the switch, to directly protect a subnet.What Happens on Rule MatchThe DLP Gateway captures traffic and scans it against the Data Loss Prevention policy.If the data in the traffic matches a rule in the policy1.Incident is logged.nThe data is stored in a safe repository on a log server or Security Management Server thatstores DLP logs.nThe DLP Gateway logs an incident with the Logs & Monitor view.2.Action of rule is performed.
Introduction to Data Loss PreventionData Loss Prevention R81 Administration Guide | 28nIf the matched rule is set toDetect, the user gets no notification. A DLP log incident iscreated, and the actual data is stored.Action of rule is performed.nDetect- The user gets no notification. A DLP log incident is created, and the actualdata is stored.nInform User- DLP notifies the user that the captured traffic violates DLP rules. Thetraffic is passed.nAsk User- DLP notifies the user that the message stays, and sends a link to theDLP Portal, where the user decides whether the transmission goes through or not.User decisions, and reasons to send, are kept for your analysis.nPrevent- The traffic is blocked. You can notify the user and the Data Owner.nIf the matched rule is set toInform User, DLP notifies the user that the captured trafficviolates DLP rules. The traffic is passed.nIf the matched rule is set toAsk User, DLP notifies the user that the message is being heldand contains a link to the DLP Portal, where the user decides whether the transmissionshould go through or be dropped. User decisions, and reasons for sending, are logged foryour analysis.nIf the matched rule is set toPrevent, the traffic is blocked. The user and the Data Ownermay be notified.3.Optionally, Data Owners, and other users configured for notifications get a notification about theincident.Role of a DLP AdministratorDLP provides many auditing tools:nReceive automatic notifications to data owners when transmission of protected data was attempted.nReceive user notifications and self-handling portal.nTrack and log event details, charts, graphs, filtered lists, and reports from the Logs & Monitor view.Before you begin your audit, configure your DLP policy.Workflow to create and refine the DLP policy:1.Define Data Types.2.Configure out-of-the-box Data Loss Prevention with a basic policy.This policy provides strong detection capabilities from Day-1.3.Customize pre-defined Data Types to improve policy accuracy.