Item description 1 internal network introduction to

This preview shows page 26 - 29 out of 227 pages.

Item Description 1 Internal network
Introduction to Data Loss Prevention Data Loss Prevention R81 Administration Guide      |      27 Item Description 2 Data Loss Prevention Software Blade enabled on a Security Gateway 3 HTTP proxy 4 Mail server 5 Active Directory or LDAP server You can put the DLP Gateway between the users and the switch, to directly protect a subnet. What Happens on Rule Match The DLP Gateway captures traffic and scans it against the Data Loss Prevention policy. If the data in the traffic matches a rule in the policy 1. Incident is logged. n The data is stored in a safe repository on a log server or Security Management Server that stores DLP logs. n The DLP Gateway logs an incident with the Logs & Monitor view. 2. Action of rule is performed.
Introduction to Data Loss Prevention Data Loss Prevention R81 Administration Guide      |      28 n If the matched rule is set to Detect , the user gets no notification. A DLP log incident is created, and the actual data is stored. Action of rule is performed. n Detect - The user gets no notification. A DLP log incident is created, and the actual data is stored. n Inform User - DLP notifies the user that the captured traffic violates DLP rules. The traffic is passed. n Ask User - DLP notifies the user that the message stays, and sends a link to the DLP Portal, where the user decides whether the transmission goes through or not. User decisions, and reasons to send, are kept for your analysis. n Prevent - The traffic is blocked. You can notify the user and the Data Owner. n If the matched rule is set to Inform User , DLP notifies the user that the captured traffic violates DLP rules. The traffic is passed. n If the matched rule is set to Ask User , DLP notifies the user that the message is being held and contains a link to the DLP Portal, where the user decides whether the transmission should go through or be dropped. User decisions, and reasons for sending, are logged for your analysis. n If the matched rule is set to Prevent , the traffic is blocked. The user and the Data Owner may be notified. 3. Optionally, Data Owners, and other users configured for notifications get a notification about the incident. Role of a DLP Administrator DLP provides many auditing tools: n Receive automatic notifications to data owners when transmission of protected data was attempted. n Receive user notifications and self-handling portal. n Track and log event details, charts, graphs, filtered lists, and reports from the Logs & Monitor view. Before you begin your audit, configure your DLP policy. Workflow to create and refine the DLP policy: 1. Define Data Types. 2. Configure out-of-the-box Data Loss Prevention with a basic policy. This policy provides strong detection capabilities from Day-1. 3. Customize pre-defined Data Types to improve policy accuracy.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture