Vous êtes sur la page 1sur 84

MYDLP

MyDLP Administration Guide

Version 2.0

MyDLP

3/18/2012

MyDLP Administration Guide Version 2.0

Legal Notice Copyright © 2013 Medra Teknoloji Ltd. All rights reserved.

MyDLP is a registered trademark of Medra Teknoloji Ltd.

MyDLP

Contents

About MyDLP

 

7

MyDLP Features

7

Protection and Administration with MyDLP Network Server

7

Protection & Discovery with MyDLP Endpoint

7

Getting started with MyDLP

 

8

Installation

8

Logging on to Management Console

8

Log out

8

Checking

Server Version

8

Changing the default password

 

8

Changing the user information

9

Enforcing policies

10

Introducing the policy tab

10

Rule

table

10

Rule

types

10

Rule

structure

11

Rule

actions

11

Rule Email Notification

 

12

Message to

User

13

Web

Rule

14

Mail

Rule

15

Removable

Storage

Rule

16

Removable

Storage

Inbound Rule

17

Removable

Storage

18

Printer Rule

19

 

20

21

API Rule

 

22

Policy objects tree

23

Information

Types

24

Information

26

 

27

Finance Compliances

 

29

Federal Regulations

34

Sensitive Documents

36

Network Security

37

Policy actions

38

 

38

MyDLP

Adding a user defined category

38

Adding a user defined network

38

39

Adding an User Defined Domain Name

40

Adding an user defined File System Directory

41

Adding a user defined Source Domain

41

Adding a user defined Application Name

42

Adding a user defined user object

42

43

Dragging a source object into rule

43

44

Setting a rule

action

45

 

45

Deleting a rule

 

46

Disabling a rule

46

Editing the rule name and description

46

Copying a rule

 

47

Expanding

and

collapsing

a rule

47

Expanding

and

collapsing

48

Installing policy

49

Objects tab

50

Introducing

the objects tab

50

Creating

a

data format

50

Creating

a

51

 

52

Importing Keywords using RDBMS

53

Creating a document database using files

55

Synchronizing a document database using RDBMS Connections

59

Integrating with Active Directory Domain

61

Integrating

with

RDBMS Systems

62

Logs tab

63

Introducing the logs

 

63

Log Structure ..................................................................................................................

63

Log Actions

 

64

Finding events in a specific time period

64

Detailed log search

 

64

Resetting log filter

65

Refreshing logs

 

65

 

65

65

MyDLP

 

Exporting Logs as an Excel

 

65

Resending quarantined emails

66

The

Endpoints tab

 

67

 

67

67

67

68

69

Protocols inner tab

 

69

 

SMTP

HELO name

 

69

SMTP

next

hop

host

69

SMTP

next

hop

port

69

SMTP

bypass on fail

 

69

ICAP

69

ICAP

69

 

69

 

MyDLP user certificate

 

69

Users inner tab

70

Administrative Users

70

 

Types of Administrative Users Roles in MyDLP

70

Adding

a super administrator

user

71

Adding

an

administrator user

72

Adding an auditor user

72

Adding

73

 

74

74

75

Endpoint inner tab

 

76

 

Log level

 

76

Sync

76

Log limit

 

76

 

76

76

 

Ignore max size exceeded logs for discovery

76

Log Spool Soft Limit

 

76

Log

Spool

 

76

Advanced inner tab

 

77

 

77

USB ACL inner tab

 

78

Enterprise inner tab

79

 

Mail Archive

 

79

MyDLP

 

Web Archive

79

ICAP Minimum Archive Size

79

Edit Denied Page

79

Email Notification

81

Syslog Settings

81

IRM inner tab ......................................................................................................................

82

The dashboard tab

83

 

Adding dashboard items

83

Display Weekly Report

83

The

revisions tab

84

MyDLP

About MyDLP

MyDLP is a fully fledged data leakage prevention solution that offers network and endpoint protection and confidential data discovery.

MyDLP Features

You can monitor and control data flow and stored data in your organization with MyDLP. You can pass, log, archive and quarantine moving data, encrypt removable devices and delete discovered files on storages using policy actions. The two main components of MyDLP are the MyDLP Network Server and MyDLP Endpoint. These two components work together to protect your sensitive information in your organization.

Protection and Administration with MyDLP Network Server

Network protection enables you to detect and prevent outgoing data from your organizations network. MyDLP Network Server also functions as the administration center.

Protection & Discovery with MyDLP Endpoint

MyDLP Endpoint protection enables you to detect and prevent any data moved to removable devices such as USB sticks or smart phones from workstations or laptops in your organization. You can also enforce full disk encryption on removable devices. Endpoint protection also covers any document printed using network and local printers connected to computers. Endpoint data discovery also enables you to detect and enforce policy on stored data on computers in your network.

MyDLP

Getting started with MyDLP

Installation

For MyDLP Network Server installation and MyDLP Endpoint deployment please refer MyDLP Installation Guide and MyDLP Endpoint Installation Guide.

Logging on to Management Console

Management Console is a web based management user interface That allows users to build up policies, review brief history about incidents and monitor user activity. You need to have a Flash enabled web browser to connect to Management Console. You can get the latest Flash plugin for your browser here: http://get.adobe.com/flashplayer/ Using web browser connect to management interface using following URL:

"servername" is the hostname or IP address of MyDLP Network Server which is configured

during installation. See MyDLP Installation Guide document, MyDLP Network Server Initial Configuration section. Default username is "mydlp" and password is "mydlp" (without the quotes). Enter the username and password than click Login.

Log out

Click

MyDLP Getting started with MyDLP Installation For MyDLP Network Server installation and MyDLP Endpoint deployment pleasehttp://get.adobe.com/flashplayer/ Using web browser connect to management interface using following URL: https://servername "servername" is the hostname or IP address of MyDLP Network Server which is configured during installation. See MyDLP Installation Guide document, MyDLP Network Server Initial Configuration section. Default username is " mydlp " and password is " mydlp " (without the quotes). Enter the username and password than click Login . Log out Click icon on the upper right of the Management Console to log out. Checking Server Version You can check currnetly logged on user and server version on the upper right of the Management Console as seen below. It will be easier to get a fast response if you provide version number in support calls or in the community forum questions. Changing the default password You need change the default password before anything else. 1. Click on the wrench icon in the management console. 2. In the Edit User Dialog enter your current password as " mydlp " (without the quotes). 3. Enter your new password and re-enter it into respective fields. Password must have at least one uppercase and one lower case letter and a number. It should be at least six characters long. 4. Click Save button. MyDLP Administration Guide 8 " id="pdf-obj-7-36" src="pdf-obj-7-36.jpg">

icon on the upper right of the Management Console to log out.

Checking Server Version

You can check currnetly logged on user and server version on the upper right of the Management Console as seen below. It will be easier to get a fast response if you provide version number in support calls or in the community forum questions.

MyDLP Getting started with MyDLP Installation For MyDLP Network Server installation and MyDLP Endpoint deployment pleasehttp://get.adobe.com/flashplayer/ Using web browser connect to management interface using following URL: https://servername "servername" is the hostname or IP address of MyDLP Network Server which is configured during installation. See MyDLP Installation Guide document, MyDLP Network Server Initial Configuration section. Default username is " mydlp " and password is " mydlp " (without the quotes). Enter the username and password than click Login . Log out Click icon on the upper right of the Management Console to log out. Checking Server Version You can check currnetly logged on user and server version on the upper right of the Management Console as seen below. It will be easier to get a fast response if you provide version number in support calls or in the community forum questions. Changing the default password You need change the default password before anything else. 1. Click on the wrench icon in the management console. 2. In the Edit User Dialog enter your current password as " mydlp " (without the quotes). 3. Enter your new password and re-enter it into respective fields. Password must have at least one uppercase and one lower case letter and a number. It should be at least six characters long. 4. Click Save button. MyDLP Administration Guide 8 " id="pdf-obj-7-44" src="pdf-obj-7-44.jpg">

Changing the default password

You need change the default password before anything else.

  • 1. Click on the wrench icon

MyDLP Getting started with MyDLP Installation For MyDLP Network Server installation and MyDLP Endpoint deployment pleasehttp://get.adobe.com/flashplayer/ Using web browser connect to management interface using following URL: https://servername "servername" is the hostname or IP address of MyDLP Network Server which is configured during installation. See MyDLP Installation Guide document, MyDLP Network Server Initial Configuration section. Default username is " mydlp " and password is " mydlp " (without the quotes). Enter the username and password than click Login . Log out Click icon on the upper right of the Management Console to log out. Checking Server Version You can check currnetly logged on user and server version on the upper right of the Management Console as seen below. It will be easier to get a fast response if you provide version number in support calls or in the community forum questions. Changing the default password You need change the default password before anything else. 1. Click on the wrench icon in the management console. 2. In the Edit User Dialog enter your current password as " mydlp " (without the quotes). 3. Enter your new password and re-enter it into respective fields. Password must have at least one uppercase and one lower case letter and a number. It should be at least six characters long. 4. Click Save button. MyDLP Administration Guide 8 " id="pdf-obj-7-54" src="pdf-obj-7-54.jpg">

in the management console.

  • 2. In the Edit User Dialog enter your current password as "mydlp" (without the quotes).

  • 3. Enter your new password and re-enter it into respective fields. Password must have at least one uppercase and one lower case letter and a number. It should be at least six characters long.

  • 4. Click Save button.

MyDLP

Changing the user information

You can change your user name and email address with following steps:

  • 1. Go to Settings tab.

  • 2. Go to Users tab.

  • 3. Select the user with username mydlp.

  • 4. Click Edit User button at the below.

  • 5. Change Email and User Name.

  • 6. Click Save.

MyDLP

Enforcing policies

Introducing the policy tab

The policy tab is used to define policies. On the left hand side there is the policy objects tree which is used to drag and drop predefined or custom objects into policy rules. On the right hand side there is the rule table which is empty after installation and represents your DLP policy.

Rule table

The rule table contains DLP rules in its rows. It has a priority order where top rule has the highest priority and applied first.

Rule types

There eight different available rule types classified according to inspection data channel. Each rule type is effective only on related data flow channel:

  • : Web rule is used to monitor and control web traffic.

  • : Mail rule is used to monitor and control e-mails.

MyDLP Enforcing policies Introducing the policy tab The policy tab is used to define policies. On

: Removable Storage rule is used to control data moved to removable memory devices such as USB memory sticks, removable hard drives, smart phones and etc.

MyDLP Enforcing policies Introducing the policy tab The policy tab is used to define policies. On

: Removable Storage rule is used to control data moved to removable memory devices such as USB memory sticks, removable hard drives.

MyDLP Enforcing policies Introducing the policy tab The policy tab is used to define policies. On

: Removable Storage Inbound rule is used to archive data copied from removable memory devices on to computer.

  • : Printer rule is used to control print jobs.

    • : Discovery rule is used to control data on storages. : Screenshot rule prevents print screen function while a sensitive application is running.

MyDLP Enforcing policies Introducing the policy tab The policy tab is used to define policies. On
  • : API rule is a unique feature of MyDLP allows you to integrate your custom applications with MyDLP.

MyDLP

Rule structure

Each rule has the following five part structure:

MyDLP Rule structure Each rule has the following five part structure: The first part is the

The first part is the Channel type and name. The icon near the rule name shows the type of the rule. The type of the rule determines the data channel to be inspected. Name is given during rule creation. It is a descriptive short name to show the purpose of the rule.

The second part is the Sources constraint which restricts the rule on a certain user or a user group which can be denoted by IP address, network, Active Directory element or an email address depending on the rule type. Sources column is required for all types of rules.

The third part is the Destinations. Destination function changes by the rule type, it can be domain, directories or application names. Destination column is not required for removable storage, removable storage inbound, printer and API rules.

The fourth part is the Information Types. This represents the information to be searched in the related data channel during inspection. There many types of information types and custom information types can be defined. Information type column is not required for removable storage inbound and screenshot rules.

Last part is the action. This shows the desired action to be taken when defined information type found on a data channel. Available actions are PASS, BLOCK, LOG, QUARANTINE, and ARCHIVE. Selected action type is shown on the last part of the rule with related icon.

Rule actions

PASS action allows information to pass through data channel freely without any

logs. This action is available for all rule types. LOG action allows information to pass through data channel but generates event

log. This action is not available for screenshot rules. ARCHIVE action allows information to pass through data channel, generates event

log and archives a copy of information. This action is not available for screenshot rule. BLOCK action prevents information to pass through data channel and generates

event log. This action is not available for removable storage inbound rules. QUARANTINE action prevents information to pass, generates event log and

archives a copy of information. This action is not available for removable storage inbound rules and screenshot rules. ENCRYPT action is only available for removable storage encryption rules. It

enforces encryption of connected removable devices. DELETE action is only available for discovery rules. It deletes matched discovered files. Use this action very carefully.

MyDLP

Rule Email Notification

Following rule types can be configured to send an alert email to administrator when specified incident occurs:

Web

Mail

Removable Storage

Printer

Discovery

API

MyDLP Rule Email Notification Following rule types can be configured to send an alert email to

You can customize these notifications from Settings -> Enterprise tab.

MyDLP

Message to User

You can specify messages for blocked request for user for Email Rules and Web Rules as below. See Settings/Enterprise inner tab/Edit denied page section for further information.

MyDLP Message to User You can specify messages for blocked request for user for Email Rules

MyDLP

Web Rule

Web Rule covers the whole Web channel. In order to enforce policies for protocols like HTTP, HTTPS, FTP, we will use this rule type. Social networking sites, Web mail services, blogs, wikis, forums, almost everything can be accessed from browser are under this topic. To use Web Rules you need to configure your web traffic to pass over MyDLP Network Server. Please see MyDLP Installation Guide.

Web Sources

You can use all kind of users (IP addresses, subnets, User defined users, AD users, AD groups, AD organization units) or predefined or user defined network objects as Source in this rule type. See Objects Tab chapter for creating user defined sources.

Web Destinations

You can use Domain objects as Destination for this rule type. Domains are Fully Qualified Domain Name (FQDN) accessed by users in web requests. See Objects Tab chapter for creating Domain objects.

Web Information Types

You can use all Information Types in Web rules.

Example Web Rule

Here is an example web rule below which quarantines all web requests by users from sales department to all websites that contains credit card information. This rule is named as PCI because it is a part of PCI compliance policy.

MyDLP Web Rule Web Rule covers the whole Web channel. In order to enforce policies for

MyDLP

Mail Rule

Mail Rule covers mail channel. In order to enforce policies for SMTP protocol you can use this rule type. Emails which have been sent through local mail servers will be analyzed using mail rules. Please see MyDLP Installation Guide for email server integration.

Mail Source

You can use all kind of users (User Defined Users, AD users, AD groups, and AD organization units), network objects or source domain objects as Source for this rule.

Mail Destination

You can use Domain objects as Destination for this rule. See Objects Tab chapter for creating Domain objects.

You can also use miscellaneous destination properties for emails. In Policy Objects Tree under Predefined Destinations there is Mail has External BCC item which is used to match mails that have BCC field.

MyDLP Mail Rule Mail Rule covers mail channel. In order to enforce policies for SMTP protocol

Mail Information Types

You can use all Information Types in Mail Rules.

Example Mail Rule

Here is an example mail rule below which quarantines all mails sent by users from sales department to all mail domains that contains credit card information. This rule is named as PCI because it is a part of PCI compliance policy.

MyDLP Mail Rule Mail Rule covers mail channel. In order to enforce policies for SMTP protocol

MyDLP

Removable Storage Rule

(Previously known as Endpoint Rule) This rule covers data moved to removable devices at endpoints. In order to enforce policies for removable storage devices at endpoints you use this rule type. Any operation that transfers information from computer to a removable storage device will be covered. To be able to use Removable Storage Rules MyDLP Endpoint Agent should be deployed, please see MyDLP Endpoint Agent Installation Guide.

Removable Storage Source

You can use all kind of users (User Defined Users, AD users, AD groups and AD organization units), network objects or source domain objects as Source for this rule.

Removable Storage Destination

Since it is not possible to specify destination for removable storages, Destination Column is not required to be specified in this rule.

Removable Storage Information Types

You can use all Information Types in this rule.

Example Removable Storage Rule

Here is a removable storage rule below which quarantines all files copied by users from sales department to removable storage devices, such as USB sticks connected to their workstations or laptops, that contains credit card information. This rule is named as PCI because it is a part of PCI compliance policy.

MyDLP Removable Storage Rule (Previously known as Endpoint Rule ) This rule covers data moved to

MyDLP

Removable Storage Inbound Rule

This rule covers file copy or read operations from removable devices to endpoint at endpoints. This rule does not make any kind of DLP analysis, it simply Pass, Logs or Archives data transfer. Any operation that transfers information to computer from a removable storage device is covered with this rule. To be able to use Removable Storage Inbound Rules MyDLP Endpoint Agent should be deployed, please see MyDLP Endpoint Agent Installation Guide.

Removable Storage Inbound Source

You can use all kind of users (User Defined Users, AD users, AD groups and AD organization units), network objects or source domain objects as Source for this rule.

Removable Storage Inbound Destination and Information Type

Since Destination is always the endpoint itself and Information Type is not checked in this rule type. They are not required and not possible to define in this rule type.

Example Removable Storage Inbound Rule

Here is a removable storage inbound rule below which logs all files copied by users from sales department from removable storage devices to their workstations or laptops. This rule is named as storage logging and can be used to audit memory stick usage behavior of users.

MyDLP Removable Storage Inbound Rule This rule covers file copy or read operations from removable devices

Note: Removable Storage Inbound Rule operates on any files smaller than Maximum Object Size (see Settings Tab / Advanced Subtab). If you use Archive action, depending on your users’ behavior you may need significant storage to store archived files.

MyDLP

Removable Storage Encryption Rule

This rule covers encryption of removable devices connected to endpoints. This rule does not make any kind of DLP analysis, it simply Pass (Do not encrypt) or Encrypts removable storage devices and all the files stored in them. Using this rule, it is possible to ensure that removable storage devices which are used in the company cannot be used in any other network. To be able to use Removable Storage Encryption Rules MyDLP Endpoint Agent should be deployed, please see MyDLP Endpoint Agent Installation Guide.

Removable Storage Encryption Source

You can use all kind of users (User Defined Users, AD users, AD groups and AD organization units), network objects or source domain objects as Source for this rule.

Removable Storage Encryption Destination and Information Type

Since Destination is always the endpoint itself and Information Type is not checked in this rule type. They are not required and not possible to define in this rule type.

Example Removable Storage Encryption Rule

Here is a removable storage encryption rule below which encrypts all removable storage devices connected to workstations or laptops in the company network. This rule is named as all encryption and can be used to ensure no data leak will occur through removable storage devices from company network to other networks. This the most common usage scenario for this rule.

MyDLP Removable Storage Encryption Rule This rule covers encryption of removable devices connected to endpoints. This

MyDLP

Printer Rule

This rule covers printers at endpoints. MyDLP has unmatched printer inspection support. MyDLP supports network printers, USB printers, shared printers, and much more. Actually MyDLP supports anything that can print. That is why we call MyDLP’s printer inspection channel unmatched. In order to enforce policies for printers at endpoints we will use this rule type. In order to inspect every single printing operation, MyDLP will use this rule type. To be able to use Printer Rules MyDLP Endpoint Agent should be deployed, please see MyDLP Endpoint Agent Installation Guide.

Printer Source:

You can use all kind of users (User Defined Users, AD users, AD groups and AD organization units), network objects or source domain objects as Source for this rule.

Printer Destination

It is not possible to define a destination in a Printer Rule.

Printer Information Types

You can use all kind of Information Types for this rule.

Example Printer Rule

Here is an example printer rule below which quarantines all print jobs sent by users from sales department that contains credit card information. Print job will be blocked and content of the document that would be printed is saved as a XPS document on MyDLP. This rule is named as PCI because it is a part of PCI compliance policy.

MyDLP Printer Rule This rule covers printers at endpoints. MyDLP has unmatched printer inspection support. MyDLP

MyDLP

Discovery Rule

This rule will be used to discover resting sensitive information in endpoints. Discovery rules will let you help you to see information leakage risk before any incident happened.

Discovery Source

You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.

Discovery Destination

You can use File System Directory objects as Destination for this rule. The folders specified as Destinations on endpoints will be scanned by Discovery Rule to find whether they match the specified Information Type.

Discovery Information Types

You can use all kind of Information Types for this rule.

Example Discovery Rule

Here is an example discovery rule below which logs all files on C:\Users and C:\Documents and Settings (usual user file paths on Microsoft Windows XP, Windows Vista and Windows 7) on endpoint machines such as laptops and workstations of users from sales department that contains credit card information. This rule is named as PCI because it is a part of PCI compliance policy.

MyDLP Discovery Rule This rule will be used to discover resting sensitive information in endpoints. Discovery

Note: Discovery Rule operates on any files smaller than Maximum Object Size (see Settings Tab/ Advanced Subtab). If you use Archive or Quarantine action, depending on your user’s behavior you may need significant storage to store archived files.

Note: If you use Delete or Quarantine action be sure to specify Destination directories and Information Types carefully. Discovery Rule deletes any files matched without confirmation if you select Delete or Archive actions on endpoints.

MyDLP

ScreenShot Rule

This rule will be used to prevent screenshots when sensitive applications are running in endpoints. This rule does not send any log to management server. It simply blocks screenshot actions for selected Applications.

ScreenShot Source

You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.

ScreenShot Destination

You can use Application objects as Destination for this rule.

Example ScreenShot Rule

Here is an example screenshot rule below which prevents print screen functionality when office applications are running. This is the most common usage scenario.

MyDLP ScreenShot Rule This rule will be used to prevent screenshots when sensitive applications are running

MyDLP

API Rule

This rule will be used to manage behavior of MyDLP API. MyDLP API will help you to integrate MyDLP with other applications. See Integration/ MyDLP API Integration chapter for integrating your applications with MyDLP.

API Sources

You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.

API Information Types

You can use all kind of Information Types for this rule.

Example API Rule

Here is an API rule below sends block response to web requests from applications on 10.0.0.0/24 network if the request body contains credit card number.

MyDLP API Rule This rule will be used to manage behavior of MyDLP API . MyDLP

MyDLP

Policy objects tree

Policy objects tree is the collection of objects which can be used in rules by dragging them from the tree into source and information type field of rules. An example policy objects tree can be seen below:

Predefined objects are used for easy access for frequently used objects.

MyDLP Policy objects tree Policy objects tree is the collection of objects which can be used

Predefined sources represent common network addresses.

Predefined information types are common information types such as credit card numbers, IBAN, SSN. It also includes all matcher which is used to match all traffic.

Compliance is an information type that includes predefined policies such as PCI DSS, SOX, and GLBA etc.

Destinations are items that can be used in Destination column of a rule.

MyDLP

Information Types

Data Leakage Prevention concept relies on detecting information on a data transfer or residing data. The most important thing in a DLP product is being able to define this “information” with easy-to-use instruments. In MyDLP, this content definition instrument as Information Type. DLP inspections on channels, such as Web, Mail, Removable Storage, Printer, Discovery and others, is done according to associated information types.

MyDLP has been shipped with a lot of predefined information types, new predefined information types are added in each version. Picture below show some of these information types:

MyDLP Information Types Data Leakage Prevention concept relies on detecting information on a data transfer ormime types ) that will be considered as a candidate for this Information Type . For example, if you select All Formats , all kind of files (or data) will be a candidate and DLP inspection (which will be defined in Information Features section) will be done for every single file. As similar, if you select PDF , PS , only files (or data) in Portable Document Format and PostScript formats will be considered as a candidate and DLP inspection will be done on only this kind of files. MyDLP Administration Guide 24 " id="pdf-obj-23-16" src="pdf-obj-23-16.jpg">

Data format

Data Formats are used for determining the data formats (a data format is combination of several mime types ) that will be considered as a candidate for this Information Type. For example, if you select All Formats, all kind of files (or data) will be a candidate and DLP inspection (which will be defined in Information Features section) will be done for every single file. As similar, if you select PDF, PS, only files (or data) in Portable Document Format and PostScript formats will be considered as a candidate and DLP inspection will be done on only this kind of files.

MyDLP

Information Features

Using Information Features, you are be able to define properties of data content to be analyzed. Most important part of an Information Feature is the Matcher. All other properties of the Information Feature will be asked after selecting the Matcher, because every single Matcher has different functionalities and these different functionalities require different configuration options. The Matcher simply declares what you are looking for in a file ( or flowing data through a channel). Picture below is an example of Birth Date Matcher. Birth Date matcher matches birth dates and requires a property named Threshold value. This Threshold value specifies the number of occurrences of positive matching (in this case birth dates) in file (or flowing data chunk). For example, with this Information Feature (below), you are looking for (at least) two valid and separate birth date occurrences:

MyDLP Information Features Using Information Features , you are be able to define properties of data

Distance

Distance is a property of Information Feature which is not applicable for all kind of Information Features. Distance property allows you to specify a context in terms of data size for a specific Information Feature. Simply, DLP analysis will return positive only if all defined Information Features have been found in specified distance. This feature lets you make DLP analysis in a context and drastically decrease false positives in big files.

Screenshot below describes Distance usage briefly. In this example, there are two Information Features: Birth Date with threshold value 2 and Keyword “MyDLP” with threshold value 3. Distance is applicable for these Information Types and it has been set to value 250. It means that you are looking for two birth dates and three separate “MyDLP” keywords (keyword matcher directly matches exact string [case insensitive] ) in a 250 characters length sequence.

MyDLP

MyDLP Information Type Example A retail company two bank account number and a credit card number

Information Type Example

A retail company two bank account number and a credit card number is kept in company database. The security administrator wants to prevent sending any office file that contains this information of a customer to the outside of the company. To match such information flow security administrator should define an information type named "Customer Accounts" and add "Office Files" as a data format. He should add a credit card number feature with threshold 1 and an IBAN number feature with threshold 2.This information type will match any office files containing at least one credit card number and two IBAN number.

MyDLP

Available Information Features

Feature: 5-8 Digit Account Number

Feature: 9 Digit Account Number Feature: ABA Routing Number

Feature: All Matcher

Description: All matcher matches any type of information. It can be used in rules for certain data formats such as prevent any outgoing office file.

Feature: Credit Card Number

Credit card number feature matches occurrences of credit card number in data stream. If you use credit card number with threshold 5 it will match any document with 5 or more credit card numbers in it.

Feature: Social Security Number

Social Security Number is the United States social security number. This feature matches each of social security number in the data stream.

Feature: IBAN Account Number

IBAN is the International Bank Account Number. This feature matches each bank account number in IBAN format in data stream.

Feature: Turkey National ID Number

Turkey National ID Number or T.C. Kimlik No. is the citizen number in Turkey. This feature matches each occurrences of this number in data stream.

Feature: Canada Social Security Number

This feature matches Canada Social Security number in data stream.

Feature: France INSEE Number

This feature matches France INSEE number in data stream.

Feature: UK National Insurance Number

This feature matches United Kingdom insurance number in data stream.

MyDLP

Feature: South African ID Number

This feature matches South Africa citizen ID number occurrence in data stream.

Feature: Keyword

This feature matches occurrence of entered keyword during creation of information type.

Feature: Regular Expression

This feature matches entered regular expression in data stream.

Feature: Source Code (C/C++/C#/Java)

This feature matches expressions in C, C++, C# and Java programming languages in data stream.

Feature: Source Code (Ada)

This feature matches Ada programming language expressions in data stream.

Feature: Document Database (Hash)

This feature matches any document in data stream which exactly has the file hash of one of the documents in document database.

Feature: Document Database (PDM)

Partial document matching (PDM) feature matches any chunk of document in data stream where it significantly resembles a part of a document in document database.

Feature: Encrypted Document Matcher

Encrypted document will match a password protected or encrypted file.

Feature: Encrypted Archive Matcher

Encrypted archive matcher will match an encrypted archive file such as zip, rar etc.

MyDLP

Finance Compliances

PCI

Matchers:

Credit Card number

Credit Card track 1

Credit Card track 2

Credit Card track 3

Threshold values:

o

Credit Card number: 1

o

Credit Card track 1: 1

o

Credit Card track 2: 1

o

Credit Card track 3: 1

Distance: 32

EU FINANCE

Matchers:

CCN with UK NINO Description: Consist of Credit card number and UK national number Threshold values:

o

Credit card number: 1

UK national number: 1 Distance: 100

o

CCN with France INSEE Description: Consist of Credit Card Number and France INSEE Number Threshold values:

o

o

Credit Card Number:1

France INSEE Number:1 Distance: 100

CCN with Spain DNI Description: Consist of Credit Card Number and Spain DNI Number Threshold values:

o

o

Credit Card Number: 1

Spain DNI Number: 1

MyDLP

Distance: 100

CCN with Italy FC Description: Consist of Credit Card Number and Spain DNI Number Threshold values:

o

o

Credit Card Number: 1

Spain DNI Number: 1

GLBA

Distance: 100

Matchers:

Name with sensitive Drug Description: Consist of Keyword Group Namesand Keyword Group “Sensitive Drug NamesThreshold values:

o

o

Keyword Group Names: 1

Keyword Group “Sensitive Drug Names: 1 Distance: 100

Name with sensitive Disease

Description: Consist of Keyword Group Namesand Keyword Group “Sensitive Drugs Names” Threshold values:

o

Keyword Group “Names: 1

Keyword Group “Sensitive Drug Names: 1 Distance: 100

o

CCN

Description: Credit card number Threshold value:

Credit card number: 1 Distance: Disabled

o

Name with SSN Description: Consist of Social Security Number and Keyword Group “NamesThreshold values:

o

o

Social Security Number: 1

Keyword Group “Names: 1

MyDLP

Distance: 100 SSN with Personal Finance Terms

Description: Consist of Social Security Number and Keyword Group “Personal Finance Terms”

Threshold values:

o

Social Security Number: 1

Keyword Group “Personal Finance Terms: 1 Distance: 100

o

Name with Personal Finance Terms Description: Consist of Keyword Group “Namesand Keyword Group Personal Finance TermThreshold values:

o

o

Keyword Group “Names: 1

Keyword Group Personal: 1 Distance: 100

ABA Routing Number Description: Consist of ABA routing number Threshold value:

o

ABA routing number: 1

Distance: Not enabled Name with 10 Digit Account Numbers

Description: Consist of Keyword Groups “Namesand 10 Digit Account Number Threshold values:

o

o

Keyword Groups “Names: 1

9 Digit Account Number: 1

Distance: 100 Name with 9 Digit Account Number

Description: Consist of Keyword Group “Namesand 9 Digit Account Number Threshold values:

o

o

Keyword Group “Names: 1

9 Digit Account Number: 1 Distance: 100

Name with 5-8 Digit account Description: Consist of Keyword Group Names and 5-8 Digit Account Numbers Threshold values:

Keyword Group Names: 1 5-8 Digit Account Numbers: 1 Distance: 100

o

o

MyDLP

SOX

Description: SOX consists of two subfolders as 10K forms and 10Q forms. These subfolders contain lots of matchers and description of each matcher given below;

10K Forms: A comprehensive summary report of a company’s performance that must be submitted annually to U.S Securities and Exchange Commission (SEC)

10Q Forms: A comprehensive report of a company’s performance that must be submitted quarterly by all public companies to U.S Securities and Exchange Commission (SEC)

Matchers;

10K Forms:

10K Forms Cover Page

Description: Consist of Keyword Group “10K Form Cover Page Keyword” Threshold value: 6 Distance: 1500 10K Forms Table of Contents Page

Description: Consist of Keyword Group “10K Form Table of Contents KeywordThreshold value: 12 Distance: 3500 10K Forms Stock Performance Graph

Description: Consist of Keyword Group “10K Form Performance Graph KeywordThreshold value: 2 Distance: 200 10K Forms Financial Statements

Description: Consist of Keyword Group “10K Form Financial Statement KeywordThreshold value: 3 Distance: 250 10K Forms Selected Financial Data

10Q Forms:

Description: Consist of Keyword Group “10K Form Financial Data KeywordThreshold value: 500 Distance: 3

10Q Forms Cover Page Description: Consist of Keyword Group “10Q Form Cover Page KeywordThreshold value: 5 Distance: 1500

10Q Forms Table of Contents Page

MyDLP

Description: Consist of Keyword Group “10Q Form Table of Contents KeywordThreshold value: 5 Distance: 3000 10Q Forms Consolidated Balance Sheets

Description: Consist of Keyword Group “10Q Form Consolidated Balance SheetThreshold value: 6 Distance: 1500 10Q Forms Other Information Description: Consist of Keyword Group “10Q Form Other Information KeywordThreshold value: 4 Distance: 2000

Investments Information

Matchers:

Investment Related Document Description: Includes Keyword Group Investment InformationThreshold values: 5 Distance: 1000

Pricing

Matchers:

Pricing Information Description: Includes Keyword Group “Pricing InformationThreshold values: 5 Distance: 1000

MyDLP

Federal Regulations

Description:

Federal Regulations section created to meet requirements of HIPAA. HIPAA,

the Health Insurance Portability and Accountability Act is Federal Regulation health records. The purpose of Act is to protect billing and the confidential medical records of patient. MyDLP allows the institution to protect customer’s confidential information and meet the requirements of HIPAA with following matchers.

Matchers:

HIPAA

CCN with Sensitive Drug Names Description: Consist of Credit Card Number and Keyword Group- Sensitive Drug Names Threshold values:

o

o

Credit Card Number: 1

Keyword Group- Sensitive Drug Names: 1 Distance: 100

CCN with Sensitive Disease Names

Description: Consist of Credit Card Number and Keyword Group-Sensitive Disease Names Threshold values:

o

Credit Card Number: 1

Keyword Group-Sensitive Disease Names: 1 Distance: 100

o

SSN with Sensitive Drug Names Description: Consist of Social Security Number and Keyword Group-Sensitive Drug Names Threshold values:

o

Social Security Number: 1

Keyword Group-Sensitive Drug Names: 1 Distance: 100

o

SSN with Sensitive Disease Names Description: Consist of Social Security Number and Keyword Group-Sensitive Drug Names Threshold values:

o

o

Social Security Number: 1

Keyword Group-Sensitive Drug Names: 1 Distance: 100

CCN with Common Disease Names

MyDLP

Description: Consist of Credit Card Number and Keyword Group-Common Disease Names Threshold values:

 

o

Credit Card Number: 1

Keyword Group-Common Disease Names:2 Distance: 100

o

SSN with Common Disease Names Description: Consist of Social Security Number and Keyword Group- Common Disease Names Threshold values:

o

o

Social Security Number: 1

Keyword Group- Common Disease Names: 1 Distance: 100

Date of Birth with Names

Description: Consist of Birth Date and Keyword Group-Names Threshold values:

o

Birth Date: 1

Keyword Group-Names: 1 Distance: 100

o

Names with Common Disease Description: Consist of Keyword Group-Common Disease Names and Keyword Group Names-Names Threshold values:

o

o

Keyword Group-Common Disease Names: 1

Keyword Group Names-Names: 1 Distance: Not enabled

Name with Sensitive Drug

Description: Consist of Keyword Group-Names and Keyword Group-Sensitive Drug Names Threshold values:

o

Keyword Group-Names: 1

Keyword Group-Sensitive Drug Names: 1 Distance: 100

o

Name with Sensitive Disease Description: Consist of Keyword Group-Names and Keyword Group- Sensitive Disease Names Threshold values:

o

o

Keyword Group-Names: 1

Keyword Group- Sensitive Disease Names: 1

MyDLP

Distance: 100 DNA

Description: Consist of DNA Pattern matcher Threshold values: 1 Distance: Disabled National Drug Codes Description: Consist of National Drug Codes Threshold values: 1 Distance: Not available

Sensitive Documents

Description: Sensitive Documents consist of three main subfolders such as Strategic Business Document, Resume for HR and Sensitive Keywords

Matchers:

Strategic Business Document

Description: Consists of Keyword Group “Strategic Business Document Keywords”

Threshold values: 10 Distance: 2000 Resume For HR

Description: Consists of Keyword Group “Curriculum Vitae Keywords”

Threshold values: 8 Distance: 2000 Sensitive Keywords

Description: Consist of Keyword “Confidential”

Threshold values: 6 Distance: 5000 Top Secret Keyword

Description: Consists of Keyword “top secret”

Threshold: 6 Distance: 5000 Restricted Keyword

Description: Consists of Keyword-Restricted Threshold: 6 Distance: 5000 Sensitive Keyword Description: Consist of Keyword-Sensitive Threshold: 6

MyDLP

Distance: 5000

Network Security Information

Matchers:

IP with Network Patterns

Description: Consist of IP matcher and Keyword Group “Network Patterns” Threshold: 2 Distance: 200 Network Patterns

Description: Consists of Keyword Group-Network Patterns Threshold: 4 Distance: 150 Mac Address Description: Consists of MAC Threshold: 4 Distance: 150

MyDLP

Policy actions

Adding policy rules

  • 1. To add a rule into policy click rule table.

MyDLP Policy actions Adding policy rules 1. To add a rule into policy click rule table

button on the top or bottom of the

MyDLP Policy actions Adding policy rules 1. To add a rule into policy click rule table
  • 2. Move the rule place holder seen above to the desired place in the rule table.

  • 3. Click

MyDLP Policy actions Adding policy rules 1. To add a rule into policy click rule table

to add the rule.

  • 4. Select the rule type that you want to add.

  • 5. Add a Name and Description for the rule.

  • 6. Click Save.

  • 7. Selected rule type with given name is created and can be seen on the top of the rule table.

Adding a user defined category

Categories are collections of user defined objects. They can be used as placeholder for grouping custom objects.

  • 1. Click on User Defined folder icon:

.
.
  • 2. Its color turns to blue and a plus icon

MyDLP Policy actions Adding policy rules 1. To add a rule into policy click rule table

should appear.

  • 3. Click on the plus icon.

  • 4. Select the item type:

MyDLP Policy actions Adding policy rules 1. To add a rule into policy click rule table

by clicking on it.

  • 5. In Edit Dialog enter a descriptive name for category.

  • 6. Click Ok.

Adding a user defined network

Networks can be used in all types of rules except the mail rules.

  • 1. Click on User Defined folder icon:

1. Click on User Defined folder icon: .

.

  • 2. It's color turns to blue and a plus icon

should appear:.

should appear:.

  • 3. Click on the plus icon.

MyDLP

  • 4. Select the item type:

MyDLP 4. Select the item type: by clicking on it. 5. In Edit Dialog enter a

by clicking on it.

  • 5. In Edit Dialog enter a descriptive name for network.

  • 6. Enter a valid IP address into IP Base.

  • 7. Example: 192.168.1.25

  • 8. Enter a valid IP net mask into IP Mask.

  • 9. Example : 255.255.255.0

    • 10. Click Save.

    • 11. New user defined network object will be listed under user defined section at the left side of the Policy Screen. This new network object can be used as source with all types of rule except for mail rule.

Adding a user defined information type

Information types can be used in following types of rules;

Web Rule

Mail Rule

Removable Storage Rule

Printer Rule

Discover Rule

API Rule

  • 1. Click on User Defined folder icon:

.
.
  • 2. Its color turns to blue and a plus icon

MyDLP 4. Select the item type: by clicking on it. 5. In Edit Dialog enter a

should appear.

  • 3. Click on the plus icon.

  • 4. Select the item type:

MyDLP 4. Select the item type: by clicking on it. 5. In Edit Dialog enter a
  • 5. In Edit Dialog enter a descriptive name for information type.

  • 6. Select a data format from available data formats by clicking on it.

  • 7. Move selected data format to current active by clicking on

MyDLP 4. Select the item type: by clicking on it. 5. In Edit Dialog enter a

icon.

MyDLP 4. Select the item type: by clicking on it. 5. In Edit Dialog enter a
  • 8. icon under Feature Configuration to add a feature into your

Click on

information type.

  • 9. Select the feature type.

    • 10. Enter the threshold for feature type.

MyDLP

NOTE: Threshold value must be numeric value starting from 1

  • 11. Click on Save.

  • 12. If you need more than one feature return to step 9.

  • 13. Click on Save.

MyDLP NOTE: Threshold value must be numeric value starting from 1 11. Click on Save .

Adding an User Defined Domain Name

Manually created Domain Name can be used on Web and Email rules

  • 1. Click on User Defined folder icon:

1. Click on User Defined folder icon: .

.

  • 2. It's color turns to blue and a plus icon

should appear:

should appear:

  • 3. Click on the plus icon.

  • 4. Select the item type:

MyDLP NOTE: Threshold value must be numeric value starting from 1 11. Click on Save .
  • 5. Enter a descriptive name.

  • 6. Enter a domain name

MyDLP

MyDLP 7. Click Save. New Domain will be listed under predefined section at the left side
  • 7. Click Save.

New Domain will be listed under predefined section at the left side of the Policy screen. You can use this domain as a destination for Web and Email rules

Adding an user defined File System Directory

Manually created File System Directory objects can be used on Discovery Rule

  • 1. Click on User Defined folder icon:

1. Click on User Defined folder icon: .

.

  • 2. It's color turns to blue and a plus icon

should appear:

should appear:

  • 3. Click on the plus icon.

  • 4. Select the item type:

MyDLP 7. Click Save. New Domain will be listed under predefined section at the left side
  • 5. Enter a descriptive name

  • 6. Enter a directory Example: C:\Users\Administrator

MyDLP 7. Click Save. New Domain will be listed under predefined section at the left side
  • 7. Click Save

New File System Directory object will be listed under predefined section at the left side of the Policy screen. You can use this File System Directory as a destination for Discovery Rules

Adding a user defined Source Domain

Manually created Source Domain can be used email rules only.

  • 1. Click on User Defined folder icon:

1. Click on User Defined folder icon: .

.

  • 2. It's color turns to blue and a plus icon

should appear:

should appear:

MyDLP

  • 3. Click on the plus icon.

  • 4. Select the item type:

MyDLP 3. Click on the plus icon. 4. Select the item type: 5. Enter a descriptive
  • 5. Enter a descriptive name

  • 6. Enter a source domain name

MyDLP 3. Click on the plus icon. 4. Select the item type: 5. Enter a descriptive

Example: mydlptest.com

Click Save.

New Source Domain will be listed under predefined section at the left side of the Policy screen. You can use this Source Domain as a Source for Email Rules

Adding a user defined Application Name

Manually created Application Name can be used on Screenshot Rule only

  • 1. Click on User Defined folder icon:

MyDLP 3. Click on the plus icon. 4. Select the item type: 5. Enter a descriptive
  • 2. It's color turns to blue and a plus icon

    • should appear:

  • 3. Click on the plus icon.

  • 4. Select the item type:

MyDLP 3. Click on the plus icon. 4. Select the item type: 5. Enter a descriptive
  • 5. Enter a descriptive name

  • 6. Enter an application executable name including extension (ex: Excel.exe). You can check application name using Task Manager while running target application.

  • 7. Click Save New Application Name object will be listed under predefined section at the left side of the Policy screen. You can use this as a destination for Screenshot Rules

Adding a user defined user object

  • 1. Click on User Defined folder icon:

1. Click on User Defined folder icon: .

.

  • 2. It's color turns to blue and a plus icon

should appear:

should appear:

  • 3. Click on the plus icon.

MyDLP

  • 4. Select the item type:

MyDLP 4. Select the item type: 5. To create a user manually select 6. Enter a
  • 5. To create a user manually select

MyDLP 4. Select the item type: 5. To create a user manually select 6. Enter a
  • 6. Enter a descriptive name.

  • 7. Enter username as one of the options below:

    • a. (Option 1) Enter a username for e-mail or account such as user@domain.com.

    • b. (Option 2) Enter a username for Active Directory user account such as user@domain.com.

    • c. (Option 3) Enter a username local user account such as user@computername

For Option 2 and 3 when targeted user is logged on to his endpoint you can check Logged On User Name under Endpoints tab to be sure about user name.

  • 8. Click Save.

Adding an active directory user object

Active directory user objects can be used in all rule types except API rules.

  • 1. Click on User Defined folder icon:

.
.
  • 2. Its color turns to blue and a plus icon

MyDLP 4. Select the item type: 5. To create a user manually select 6. Enter a

should appear then click on the plus icon.

  • 3. Select the item type:

MyDLP 4. Select the item type: 5. To create a user manually select 6. Enter a
  • 4. To create an Active Directory user select

MyDLP 4. Select the item type: 5. To create a user manually select 6. Enter a
  • 5. Enter a descriptive name for user.

  • 6. Select the domain.

  • 7. Select the user or group under the domain tree.

  • 8. Click Save.

Note: Before you do this action you need to integrate with Active Directory using objects tab.

Dragging a source object into rule

You can drag more than one source into a rule. The rule will match if data originates from any one of the defined source.

  • 1. Select the source object in the objects tree as below:

MyDLP

MyDLP 2. Drag it into the source part of the rule as below: Dragging an information
  • 2. Drag it into the source part of the rule as below:

MyDLP 2. Drag it into the source part of the rule as below: Dragging an information

Dragging an information type into rule

You can drag more than one information type into a rule. The rule will match if any of the information type matches data.

  • 1. Select the information type in the objects tree as below:

MyDLP 2. Drag it into the source part of the rule as below: Dragging an information
  • 2. Drag it in to the information type part of the rule as below:

MyDLP 2. Drag it into the source part of the rule as below: Dragging an information

MyDLP

Setting a rule action

Each rule can have only one action. To set a rule action:

  • 1. Select the rule in rule table by clicking on it:

MyDLP Setting a rule action Each rule can have only one action. To set a rule
  • 2. Click on the action combo box:

MyDLP Setting a rule action Each rule can have only one action. To set a rule
  • 3. Select the desired action by clicking on it in the combo box:

MyDLP Setting a rule action Each rule can have only one action. To set a rule

Changing the rule priority

You can move a rule up and down to change its priority.

  • 1. Click on the rule that you want to move.

MyDLP Setting a rule action Each rule can have only one action. To set a rule
  • 2. Drag the selected rule desired place , place line will assist you while dragging the rule.

MyDLP Setting a rule action Each rule can have only one action. To set a rule

MyDLP

  • 3. After you dropped the selected rules , new arrangement will be as follows

MyDLP 3. After you dropped the selected rules , new arrangement will be as follows Deleting

Deleting a rule

  • 1. Click on the rule that you want to delete.

2.

Click on the

icon.

Disabling a rule

Disabled rules will not have an effect on your policy. Disabled rules have an their rule name.

MyDLP 3. After you dropped the selected rules , new arrangement will be as follows Deleting

icon near

  • 1. Click on the rule that you want to disable.

  • 2. Click on the

MyDLP 3. After you dropped the selected rules , new arrangement will be as follows Deleting

icon.

Editing the rule name and description

  • 1. Click on the rule that you want to disable.

2.

Click on the

icon.

  • 3. Change the name as you need.

  • 4. Change the description as you need

  • 5. Click Save.

MyDLP

Copying a rule

  • 1. Click on the rule that you want to copy

  • 2. Click on

    • icon to copy the rule.

  • 3. Change the name for the copied rule.

  • 4. Change the description for the copied rule.

  • 5. Click Save.

  • 6. Copied rule will added below the original rule.

Expanding and collapsing a rule

If a rule contains more than one Source, Destination or Information Type item, these items will be hidden and grouped automatically. To see or hide whole items exists in column please follow the procedure below.

  • 1. Click the rule that you want to expand

MyDLP Copying a rule 1. Click on the rule that you want to copy 2. Click
  • 2. Click on

    • icon to expand the rule

MyDLP Copying a rule 1. Click on the rule that you want to copy 2. Click
  • 3. Group will be expanded and all hidden items will be seen listed Sources, Destination and Information Types column.

MyDLP Copying a rule 1. Click on the rule that you want to copy 2. Click
  • 4. Click on

    • collapse icon to hide expanded items

MyDLP Copying a rule 1. Click on the rule that you want to copy 2. Click

MyDLP

Expanding and collapsing all rules

You can expand or collapse all policy rules to view rules or navigate through your policy effectively.

 To expand all rules in policy click Expand All button.  To collapse all rules
To expand all rules in policy click
Expand All button.
To collapse all rules in policy click
Expand All button.

MyDLP

Installing policy

The policy you created in policy tab is not activated instantly after you edit it. You need to install the current policy as below:

  • 1. Click on

MyDLP Installing policy The policy you created in policy tab is not activated instantly after you

button on the top of the screen

  • 2. Click on Close in Policy Installation dialog

MyDLP Installing policy The policy you created in policy tab is not activated instantly after you

Note: Once you make any changes on MyDLP UI please do not forget to click install policy button otherwise the changes made will be canceled out and newly added rules, policy changes will not apply to endpoints.

MyDLP

Objects tab

Introducing the objects tab

Objects tab is used to define advanced policy object which cannot be created in policy tab. On the left hand side there is the objects tree. On the right hand side there is the object editing pane.

Creating a data format

You can create new data formats by defining MIME types for that data format.

1. Click on in objects tree
1.
Click on
in objects tree
  • 2. It should change its color to blue and a plus icon should appear

3. Click on icon.
3.
Click on
icon.
  • 4. Give a descriptive name for new data format

  • 5. Click on

    • icon to add a new MIME type

MyDLP Objects tab Introducing the objects tab Objects tab is used to define advanced policy object
  • 6. Enter MIME. Example: application/pdf

MyDLP Objects tab Introducing the objects tab Objects tab is used to define advanced policy object
  • 7. Click Save in dialog

  • 8. Go to step 5 if you want to add more MIME types

  • 9. Click Save.

MyDLP

Note: For further information about MIME types please see also, http://www.iana.org/assignments/media-types

Creating a keyword group

You can create new keyword groups. 1. Click on in objects tree 2. It should change
You can create new keyword groups.
1.
Click on
in objects tree
2.
It should change its color to blue and a plus icon should appear
3.
Click on
icon.

4.

Give a descriptive name for the new keyword group

5. Click on icon to add new keyword
5.
Click on
icon to add new keyword

6.

Select enter as a text.

7. Enter keyword.
7.
Enter keyword.

8.

Click Save in dialog

9.

Go to step 5 if you want to add more keywords.

  • 10. Click Save.

MyDLP

Importing keywords from file

Instead of entering one by one you can import a keyword text file in to a keyword group.

  • 1. Click on

MyDLP Importing keywords from file Instead of entering one by one you can import a keyword

in objects tree.

  • 2. Click on the keyword group that you want to change.

MyDLP Importing keywords from file Instead of entering one by one you can import a keyword
3. Click on icon. 4. Select import keywords from file. 5. Click Select file.
3.
Click on
icon.
4.
Select import keywords from file.
5.
Click Select file.
  • 6. Select the keyword file on your PC.

  • 7. Click open.

  • 8. You can deselect found keywords by clearing checkbox near a keyword.

  • 9. Click Save in dialog.

    • 10. Click Save.

MyDLP

Importing Keywords using RDBMS connection

  • 1. Click on Configure in a Keyword Group to synchronize document database with a RDBMS column.

MyDLP Importing Keywords using RDBMS connection 1. Click on Configure in a Keyword Group to synchronize
  • 2. Select a RDBMS connection created previously.

MyDLP Importing Keywords using RDBMS connection 1. Click on Configure in a Keyword Group to synchronize
  • 3. Enter table name, table name will be completed automatically if a matching table exists.

MyDLP Importing Keywords using RDBMS connection 1. Click on Configure in a Keyword Group to synchronize
  • 4. Enter column name, column name will be completed automatically if a matching column exists .

MyDLP Importing Keywords using RDBMS connection 1. Click on Configure in a Keyword Group to synchronize
  • 5. Example items are shown. Click Close to proceed.

MyDLP

MyDLP 6. Click Save. Entries will be updated at each night automatically and new items in
  • 6. Click Save. Entries will be updated at each night automatically and new items in selected column will be included in Keyword Group.

  • 7. (Optional) If you want to enumerate immediately click Enumerate Now, this will fetch the entries and add it to Keyword Group.

MyDLP 6. Click Save. Entries will be updated at each night automatically and new items in

MyDLP

Creating a document database using files

You can create a new document database which can be used in PDM and Hash features in information types.

1. Click on in objects tree 2. It should change its color to blue and a
1.
Click on
in objects tree
2.
It should change its color to blue and a plus icon should appear
3.
Click on
icon.
  • 4. Give a descriptive name for the new document database in opened edit dialog.

  • 5. Click on

    • icon to add a file into database.

  • 6. Once you click the plus button you will be presented with upload dialog. There two upload options are available for document databases as below:

MyDLP Creating a document database using files You can create a new document database which can
  • 7. Select and follow one of the Web-based Uploader or Multiple File Uploader methods described below.

Web-based Uploader

Web-based uploader enables the users upload files one by one.

Usage: Continue from step 7 of “Creating a document database using files”

  • 1. Please select Web-based Uploader

  • 2. Click Browse to find the file on your local PC.

  • 3. Select the file in file open dialog.

  • 4. Click Open.

  • 5. Wait for file upload and analyzing to be finished. This can take a while.

  • 6. Click OK.

  • 7. Go to step 2 if you want to add more files in to document types

  • 8. Click Save.

  • 9. Then click Install Policy button

MyDLP

MyDLP MyDLP Multiple File Uploader Multiple File Uploader enable the users upload many files sequentially onemydlp-ui-tools-uploader-1.0.0-SNAPSHOT.air to start the download. 4. Double click on downloaded Installer Package 5. Please select Install on Application Install wizard MyDLP Administration Guide 56 " id="pdf-obj-55-8" src="pdf-obj-55-8.jpg">

MyDLP Multiple File Uploader

Multiple File Uploader enable the users upload many files sequentially one at a time with just clicking on your target folder. Before first usage you need to install MyDLP Multiple File Uploader Adobe AIR application to your PC as described below.

Note: Adobe AIR should be installed on your computer to use MyDLP Multiple File System Utility. Please download and install latest Adobe AIR package:

Download Link: http://get.adobe.com/air/

Installing MyDLP Multiple File Uploader Application

Usage: Continue from step 7 of “Creating a document database using files”

  • 1. Select the MyDLP Multiple File Uploader Application

2. Click icon to download the Application
2.
Click
icon to download the Application
  • 3. Download link will be open at another tab on the browser. Please click the mydlp-ui-tools-uploader-1.0.0-SNAPSHOT.air to start the download.

  • 4. Double click on downloaded Installer Package

  • 5. Please select Install on Application Install wizard

MyDLP

MyDLP 6. Then select Continue 7. Wait until Installation completed 8. MyDLP Uploader wizard will be
  • 6. Then select Continue

  • 7. Wait until Installation completed

MyDLP 6. Then select Continue 7. Wait until Installation completed 8. MyDLP Uploader wizard will be
  • 8. MyDLP Uploader wizard will be open once installation completed.

Using MyDLP Multiple File Uploader Application

Usage: Continue from step 7 of “Creating a document database using files”

  • 1. Select the MyDLP Multiple File Uploader Application

  • 2. Click Generate Token button

MyDLP 6. Then select Continue 7. Wait until Installation completed 8. MyDLP Uploader wizard will be
  • 3. Run MyDLPUploader.exe under Program Files\MyDLP Uploader

  • 4. Switch to MyDLP Multiple File Uploader application

  • 5. Paste generated token into MyDLP Multiple File Uploader

  • 6. Click Enter

MyDLP

MyDLP 7. Click Browse 8. Select directory you want to upload and click OK 9. All
  • 7. Click Browse

  • 8. Select directory you want to upload and click OK

MyDLP 7. Click Browse 8. Select directory you want to upload and click OK 9. All
  • 9. All files under selected folder will be listed. Click click to start upload

MyDLP 7. Click Browse 8. Select directory you want to upload and click OK 9. All
  • 10. Wait until all files are uploaded then click Close

  • 11. Switch back to MyDLP Web Management interface. Click Install Policy button

MyDLP

Synchronizing a document database using RDBMS Connections

  • 1. Click on Configure in a Document Database to synchronize document database with a RDBMS column.

MyDLP Synchronizing a document database using RDBMS Connections 1. Click on Configure in a Document Database
  • 2. Select a RDBMS connection created previously.

MyDLP Synchronizing a document database using RDBMS Connections 1. Click on Configure in a Document Database
  • 3. Enter table name, table name will be completed automatically if a matching table exists .

MyDLP Synchronizing a document database using RDBMS Connections 1. Click on Configure in a Document Database
  • 4. Enter column name, column name will be completed automatically if a matching column exists .

MyDLP Synchronizing a document database using RDBMS Connections 1. Click on Configure in a Document Database

MyDLP

  • 5. Example items are shown. Click Close to proceed.

MyDLP 5. Example items are shown. Click Close to proceed. 6. Click Save. Entries will be
  • 6. Click Save. Entries will be updated at each night automatically and new items in selected column will be included in Document Database.

  • 7. (Optional) If you want to enumerate immediately click Enumerate Now, this will fetch the entries and add it to document database. Warning, enumerating large amount of data during business hours may result in performance issues.

MyDLP 5. Example items are shown. Click Close to proceed. 6. Click Save. Entries will be

MyDLP

Integrating with Active Directory Domain

If you use Microsoft Active Directory (AD) in your organization you can use AD users and groups to define policies and to monitor events. To use AD groups and users in your policy rules first you need to integrate MyDLP with AD domain controller.

1. Click on in objects tree
1.
Click on
in objects tree
  • 2. It should change its color to blue and a plus icon should appear

3. icon. Click on
  • 3. icon.

Click on

  • 4. In Active Directory Domain Edit Dialog fill following:

  • 5. Enter domain name.

  • a. This is the fully qualified domain name (FQDN) of your domain defined in you domain controller.

  • 6. Enter IP address of your domain controller.

    • a. This is the IP address or the resolvable hostname of the AD domain controller.

    • b. If you have more than one domain controller in your domain enter the primary domain controller IP or hostname.

    • c. If you have more than one domain with separate domain controllers you need to integrate them separately starting form step 1 for each domain.

  • 7. Enter NetBIOS name of your domain controller.

  • 8. Enter Active Directory username.

    • a. This should be a user account which has privilege to enumerate all users and groups in your AD domain.

    • b. For security reasons, create a separate account for integration which has no administrative privileges.

  • 9. Enter Active Directory password for entered username.

    • 10. If you have domain alias for email addresses click on

  • MyDLP Integrating with Active Directory Domain If you use Microsoft Active Directory (AD) in your organization
    • 11. Enter domain alias.

    • 12. Click Save.

    • 13. If you need more aliases go to step 10.

    • 14. Click Save & Enumerate.

    • 15. Wait for enumeration to complete.

    MyDLP

    Integrating with RDBMS Systems

    If you have a database which contains information you want to use in your DLP policy you can integrate MyDLP with this database.

    • 1. Click on RDMS Connections objects tree

    • 2. It should change its color to blue and a plus icon should appear

    • 3. Click on

    MyDLP Integrating with RDBMS Systems If you have a database which contains information you want to

    icon.

    • 4. In RDBMS Edit Dialog fill following:

    MyDLP Integrating with RDBMS Systems If you have a database which contains information you want to
    • 5. Enter a descriptive name for connection.

    • 6. Select type of Database Server. If your server type is not listed please contact support@mydlp.com.

    • 7. JDBC URL of your database as seen in example above.

    • 8. Enter database username.

    • 9. Enter database user password.

      • 10. Click Test Connection to test the connection.

    MyDLP Integrating with RDBMS Systems If you have a database which contains information you want to
    • 11. Click Save to save connection if successfully connected to RDBMS.

    MyDLP

    Logs tab

    Introducing the logs tab

    You can monitor all DLP related events in logs tab. On the top side there is the log tool bar. Using log tool bar you can search for logs in a specific time period. You can do a full text search in archived and quarantined files using search in content button. On the middle there is the log table.

    Log Structure

    Logs listed in log table have the following structure:

    • 1. Date: Data and time of the event

    • 2. Source: Source of data

    • 3. Destination: Destination of data

    • 4. Policy: Related policy rule

    • 5. Details: Details about rule

    • 6. Files: If log is the result of a rule with archive or quarantine action you can download the archived files here.

    MyDLP

    Log Actions

    Finding events in a specific time period

    • 1. Click

      • icon near the start date

    • 2. Find the start date using calendar widget

    • 3. Click

      • icon near the end date

    • 4. Find the end date using the calendar widget

    • 5. Click on the Search button

    Detailed log search

    1. Click button. 2. Specify a Source IP if necessary.
    1.
    Click
    button.
    2.
    Specify a Source IP if necessary.
    MyDLP Log Actions Finding events in a specific time period 1. Click icon near the start
    • 3. Specify a Sour User if necessary.

    MyDLP Log Actions Finding events in a specific time period 1. Click icon near the start
    • 4. Specify a Destination if necessary.

    MyDLP Log Actions Finding events in a specific time period 1. Click icon near the start
    • 5. Select an Action if necessary.

    MyDLP Log Actions Finding events in a specific time period 1. Click icon near the start
    • 6. Select a Channel if necessary.

    MyDLP Log Actions Finding events in a specific time period 1. Click icon near the start
    • 7. Click on the Search button

    MyDLP

    Resetting log filter

    • 1. Click on Reset button.

    Refreshing logs

    • 1. Click on the Refresh button.

    Showing Hiding Archive Logs

    Show all checkbox disabled by default, hides overwhelming log entries like Removable Storage Archive Inbound, Web Archive and Email Archive logs. Enable this option to see these logs in logs tab.

    MyDLP Resetting log filter 1. Click on Reset button. Refreshing logs 1. Click on the Refresh

    Searching term in quarantined or archived files

    • 1. Enter term near Search in content button

    MyDLP Resetting log filter 1. Click on Reset button. Refreshing logs 1. Click on the Refresh
    • 2. Click on Search in content

    MyDLP Resetting log filter 1. Click on Reset button. Refreshing logs 1. Click on the Refresh

    When you search a term, a new column appears on the right showing files or data content including term. If you click on the column you can see the related incident with that data or content on the logs table at the left side.

    Exporting Logs as an Excel File

    You can export filtered logs as a Microsoft Excel file. Only first 1000 lines will be exported. Please restrict you search query as described above if you have more logs in logs tab.

    MyDLP Resetting log filter 1. Click on Reset button. Refreshing logs 1. Click on the Refresh

    MyDLP

    Resending quarantined emails

    MyDLP can pass, log, archive, block and quarantine emails which have confidential information according to email policy rules. When emails are passed, logged or archived they will reach their recipients. Block action discards emails and prevents them to reach their

    recipients. Quarantine action also prevents emails to reach their recipients but a copy of each email is archived. After administrator or auditor examination these emails can be found legitimate and can be sent to their original recipients.

    • 1. Find the event log of quarantined email. You should see in Policy column of the log Action: Quarantine and Channel: Mail

    • 2. Click on event log row, requeue icon

    MyDLP Resending quarantined emails MyDLP can pass , log , archive , block and quarantine emails

    should appear in Policy column.

    • 3. If you want to resend email to its recipient click on

    MyDLP Resending quarantined emails MyDLP can pass , log , archive , block and quarantine emails

    icon.

    • 4. In Policy column Requeue on progress

    ...

    can be seen.

    • 5. Click Refresh button on the log toolbar, if mail is successfully requeued

    MyDLP

    The Endpoints tab

    Endpoints tab lists all MyDLP Endpoints connected to MyDLP Server.

    You can see current number of endpoints as below:

    MyDLP The Endpoints tab Endpoints tab lists all MyDLP Endpoints connected to MyDLP Server. You can

    Searching Endpoints

    You can filter endpoint listed in the endpoints table according to IP address, username and version. Enter term to be searched in to text box and click Search button. To clear the search click Reset button.

    MyDLP The Endpoints tab Endpoints tab lists all MyDLP Endpoints connected to MyDLP Server. You can

    Clearing Endpoints Database

    Endpoints database on server will repopulated according to received requests when you clicked Truncate button.

    Online Endpoints

    Online Endpoints are shown as below with Endpoint ID, IP Address, Logged on user, Installed Agent Version, Last Update Date and First Seen Date.

    MyDLP The Endpoints tab Endpoints tab lists all MyDLP Endpoints connected to MyDLP Server. You can

    Endpoint ID is the unique ID given to each Endpoint via secure protocol and remains unchanged if your endpoint host changes IP address or hostname.

    If you have relevant discovery rule in Policy Tab, you can initiate endpoint discovery on online endpoints by clicking Discover Now.

    MyDLP The Endpoints tab Endpoints tab lists all MyDLP Endpoints connected to MyDLP Server. You can

    MyDLP

    Offline Endpoints

    Offline endpoints will be shown as faded with colored background in the table.

    MyDLP Offline Endpoints Offline endpoints will be shown as faded with colored background in the table.

    MyDLP

    The Settings tab

    Protocols inner tab

    SMTP HELO name

    SMTP protocol greeting hostname. Default value is "mydlp.com"

    SMTP next hop host

    It is the next SMTP hop which will be used during outgoing mail delivery.

    SMTP next hop port

    TCP port number of the SMTP next hop.

    SMTP bypass on fail

    SMTP bypass on fail option determines the behavior of email engine of MyDLP in case of any error. If this option is checked MyDLP will pass mails on error case for availability. If this option is not checked MyDLP will block mails on error for security.

    ICAP request mod path

    ICAP request mod path is used during ICAP integration with web proxy. Default value is "/dlp".

    ICAP response mod path

    ICAP response mod path is used during ICAP integration with web proxy. Default value is "/dlp-respmod".

    ICAP maximum connections

    ICAP maximum connections is the limit of connections between MyDLP and the ICAP enabled proxy server. Default value of "0" denotes unlimited connection.

    MyDLP user certificate

    MyDLP user certificate is used while intercepting SSL traffic by MyDLP. You can download this SSL certificate here. After adding this certificate into your Active Directory domain certificate store domain users will not see certificate error in intercepted web pages.

    MyDLP

    Users inner tab

    Administrative Users

    Administrative users are users who can log on to MyDLP Management Console to change settings and DLP policy or view logs, reports and archived files.

    Administrative users have specified roles which can be used to provide segregation of duties. Each user can have only one role.

    Types of Administrative Users Roles in MyDLP

    ROLE_SUPER _ADMIN

    Super Administrator role has the ultimate authority in a MyDLP system. Super Administrator sets up and configures MyDLP during deployment. Default "mydlp" user in a fresh installed MyDLP Server has this role. Super Administrator has all the privileges as below:

    Create administrative users.

    Assign roles ROLE_SUPER_ADMIN, ROLE_ADMIN, ROLE_AUDITOR,

    ROLE_CLASSIFIER to other administrative users. Delete other administrative users.

    Edit Email, Username and Is active property of other administrative users.

    Set password for self and other administrative users.

    See DLP event logs and content data attached to event logs.

    Set and Edit AD Authority Scope to administrative users with

    ROLE_AUDITOR role. Edit DLP policy and objects

    Install policy

    Edit all settings under Settings Tab.

    ROLE_ADMIN

    Administrator has restricted technical management access. Administrator manages day to day

    operations Administrator is able to control DLP policy and edit almost all

    settings. .

    Usually

    Administrator is an employee from the IT department and does not need to have the privilege to see confidential file contents captured during Archive or Quarantine actions. Administrator is not able to see the content data in DLP incident logs. Administrator has the below privileges:

    Create administrative users.

    Assign roles, ROLE_ADMIN, ROLE_CLASSIFIER to administrative users.

    Delete administrative users which does not have ROLE_SUPER_ADMIN role

    other than itself. Set password for self and other administrative users which do not have

    ROLE_SUPER_ADMIN and ROLE_AUDITOR. See DLP event logs not to see content data attached to logs.

    Edit DLP policy and objects.

    Install policy.

    Edit all settings under Settings Tab, has restricted access to Users Tab.

    MyDLP

    ROLE_AUDITOR

    Auditor has restricted access to Logs Tab. Auditor needs very little technical knowledge and do not have the ability to change any settings or DLP policy. Auditor can be an executive, legal department and Auditor is able to see DLP event logs and content data attached to these logs. Authority Scope is a restriction which can be defined when MyDLP integrated with Microsoft Active Directory, limits the events that can be seen by Auditor to one or more specified organization units. Auditor has following privileges:

    Set password for self.

    See all DLP logs and content data attached to logs (If Authority Scope is not

    specified) See DLP logs related to specified Authority Scope(If Authority Scope Specified)

    ROLE_CLASSIFIER

    Classifier has restricted access to Objects Tab. Classifier is able to upload documents to previously specified Document Databases.

    Set password for self.

    Upload documents to predefined Document Databases

    Adding a super administrator user

    • 1. Go to users tab under options tab.

    • 2. Click on

    MyDLP ROLE_AUDITOR Auditor has restricted access to Logs Tab. Auditor needs very little technical knowledge and
    • 3. Enter email address for new user.

    • 4. Enter user name for new user.

    • 5. Check Is active? checkbox if you want to activate user.

    • 6. Select ROLE_SUPER_ADMIN

    • 7. Click Save

    MyDLP ROLE_AUDITOR Auditor has restricted access to Logs Tab. Auditor needs very little technical knowledge and

    MyDLP

    Adding an administrator user

    • 1. Go to users tab under options tab.

      • 2. Click on

    MyDLP Adding an administrator user 1. Go to users tab under options tab. 2. Click on
    • 3. Enter email address for new user.

    • 4. Enter user name for new user.

    • 5. Check Is active? checkbox if you want to activate user.

    • 6. Select ROLE_ADMIN

    • 7. Click Save.

    MyDLP Adding an administrator user 1. Go to users tab under options tab. 2. Click on

    Adding an auditor user

    • 1. Go to users tab under options tab.

    • 2. Click on

    MyDLP Adding an administrator user 1. Go to users tab under options tab. 2. Click on
    • 3. Enter email address for new user.

    • 4. Enter user name for new user.

    • 5. Check Is active? checkbox if you want to activate user.

    • 6. Select ROLE_AUDITOR

    • 7. If you want to restrict auditor user's log monitoring ability check Has Authority Scope? checkbox. To do this MyDLP should be integrated with a Microsoft Active Directory domain. Select an active directory domain group or

    user and click

    user and click icon.

    icon.

    • 8. Click Save.

    MyDLP

    MyDLP Adding a classifier user 1. Go to users tab under options tab. 2. Click on

    Adding a classifier user

    • 1. Go to users tab under options tab.

    • 2. Click on

    MyDLP Adding a classifier user 1. Go to users tab under options tab. 2. Click on
    • 3. Enter email address for new user.

    • 4. Enter user name for new user.

    • 5. Check Is active? checkbox if you want to activate user.

    • 6. Select ROLE_CLASSIFIER

    • 7. Select one or more previously defined Document Database. Click to move them to the list on the right.

    MyDLP Adding a classifier user 1. Go to users tab under options tab. 2. Click on

    icon

    • 8. Click Save.

    MyDLP

    MyDLP Deleting an administrative user 1. Go to users tab under options tab 2. Select the

    Deleting an administrative user

    • 1. Go to users tab under options tab

    • 2. Select the user that you want to delete

    • 3. Click on

    MyDLP Deleting an administrative user 1. Go to users tab under options tab 2. Select the

    Editing an administrative user

    • 1. Go to users tab under options tab

    • 2. Select the user that you want to edit

    • 3. Click on

    3. Click on
    • 4. Change properties of user as you need.

    • 5. Click Save.

    MyDLP

    Setting password for an administrative user

    • 1. Go to users tab under options tab

    • 2. Select the user that you want to change password for

    • 3. Click on

    MyDLP Setting password for an administrative user 1. Go to users tab under options tab 2.
    • 4. Type new user password.

    • 5. Re-type new user password.

    • 6. Click Save.

    MyDLP

    Endpoint inner tab

    Log level

    Sets global operational log level for endpoint nodes. Available values are: error, info, debug.

    Sync interval

    Sync interval is the time between synchronizations between MyDLP Endpoints and MyDLP Network Server in microseconds.

    Log limit

    Size of the operational logs kept on MyDLP Endpoint in bytes. Default value is 1048570 (10 MB). Raising this value too much may fill hard drives of machines running MyDLP Endpoint.

    Discovery interval

    Discovery interval shows the time period between running discovery rules in microseconds.

    Discover on startup

    If discover on startup option is checked, discovery rules will be run during MyDLP Endpoint startup before waiting for the discovery interval.

    Ignore max size exceeded logs for discovery channel

    Suppress redundant logs which will appear while discovery of large number of files.

    Log Spool Soft Limit

    Size of DLP log and content on MyDLP Endpoint in bytes. If DLP log and content size passes this value content data will be discarded. Increase this value to keep more data on endpoints when they are not connected to company network.

    Log Spool Hard Limit

    Size of DLP log and content on MyDLP Endpoint in bytes. If DLP log and content size passes this value logs and content data will be discarded. Since log entries increases much more slower than logs, it is unlikely to reach this limit. However if you increate Log Spool Soft Limit, increase Log Spool HArd Limit accordingly.

    MyDLP

    Advanced inner tab

    Settings in advanced tab are rarely required to be changed, only for very special deployment and clustering scenarios. It is not recommended to change these. Contact support@mydlp.com if you need further information.