About Data Leakage Protection Parent topic

Data Leakage Protection (DLP) has been added to IWSVA to provide users the ability to:
  • scan outbound traffic for content that includes sensitive corporate data.
  • create and modify policies using predefined templates to better meet regulatory privacy requirements in various countries by filtering for personally identifiable information.
  • create and modify custom policies using keywords and regular expressions to help filter on intellectual property - as defined by the customer.
  • provide reports on which DLP policies have been violated by which users.
  • provide auditing functions for administrators to measure the effectiveness (catch rate and false positive rate) of the DLP policies in the product.
  • As a best practice, it is strongly recommended to first create a policy that imposes the strictest rules for as many targets (users or endpoints) as possible (such as All Endpoints or All users), and then create policies for a few endpoints or users as the exception from "All Endpoints" or "All users."

Policies

Use the DLP Policies page to create these across-the-board company rules and criteria that your company’s files should meet.
From the DLP Policies page, you can add, edit, delete, or save your company’s Data Leakage Protection policy. You can also control whether or not the feature is enabled by clicking the Enable DLP checkbox. IWSVA includes the DLP Scan Default Policy that can be modified, but not deleted.
To access the DLP Policies page:
  1. Go to HTTPData Leakage ProtectionPolicies.
    The DLP Policies page appears.
  2. Choose a policy to edit, delete, or if desired, add a new policy. The sections that follow describe the steps necessary.
To edit an Existing DLP Policy:
  1. Go to HTTPData Leakage ProtectionPolicies and click the name of the desired policy you would like to modify.
    The DLP Policies: Policy page appears.
  2. Each policy template is categorized by particular regions or industries that you can choose to Allow, Block, or Monitor.
  3. Click the Plus icon to the left of the rule template you would like to enforce.
  4. Modify as desired by selecting the rule’s checkbox and by using the pull-down, change to the desired behavior and click Apply.
    The Action icon will change to the requested status.
To add a new DLP policy:
  1. Go to HTTPData Leakage ProtectionPolicies and click Add.
    The DLP Policies: (New Policy) page appears.
  2. Adding a new policy requires three steps; selecting the accounts, specifying the rules, and specifying the exception lists.
  3. Enter the policy name and a general description of the policy.
  4. Enter any useful account information by defining the targets to be protected or monitored. On this page, you can select targets from an IP range or a specific IP address.
    Note
    Note
    These account fields support IPv6 addresses. You can define one rule for any IPv6 host, and this policy rule is triggered when the client sends data violating the company’s security policies through IWSVA.
  5. Select to target a specific user or an entire group of users. Name the user or group and click Search.
  6. Click Next.
    The Specify Rules page appears.
  7. Similar to Editing an Existing Policy, use a defined DLP Template, or modify a policy template categorized by particular regions or industries where you can scan content by selecting target templates that enable you to Allow, Block, or Monitor particular rules.
  8. The default scan traffic is set for HTTP/HTTPS.
  9. Click the Plus icon to the left of the rule template you would like to enforce.
  10. Modify as desired by selecting the rule’s checkbox and by using the pull-down, change to the desired behavior and click Apply.
  11. The Action icon will change to the requested status.
  12. Fill the remaining page elements.
  13. Click Next.
    The Specify Exception Lists page appears.
  14. Specify the settings for the Approved URL list, the approved file name list, and if you would like to limit the sizes of files, enter the size limitation and click the checkbox.
  15. Click Save.

Templates

The template page shows all the template defaults as well as any templates customized by the administrators. These templates are displayed by their associated industry or region and include descriptions of each. You can Add, Copy, Delete, Import, or Export templates through this page.
To add a new compliance template:
  1. Go to HTTPData Leakage ProtectionTemplates and click Add.
    The Add Compliance Template page appears.
  2. Enter a name and description for the compliance template you are adding.
  3. Define each digital asset as either an expression or a keyword.
  4. Select predefined expressions or keyword items as "Digital Asset Definitions" with a fixed number occurrence or combined with the logic expressions "And"/"Or" in a new Compliance template.
  5. Additional digital assets can be added by clicking the plus symbol at the left of the page.
  6. Click Add to create the new digital asset.
  7. Click Save to complete.

iDLP

iDLP is a widget available in Trend Micro's Control Manager (TMCM) that can be incorporated into IWSVA's functionality leveraging TMCM's policies and templates.