MyDLP Administration Guide

MYDLP
MyDLP Administration Guide

Version 2.0
MyDLP 3/18/2012
MyDLP Administration Guide Version 2.0
Legal Notice Copyright 2013 Medra Teknoloji Ltd. All rights reserved. MyDLP is a registered trademark of Medra Teknoloji Ltd. http://www.mydlp.com
MyDLP
Contents
About MyDLP ........................................................................................................................... 7 MyDLP Features ................................................................................................................... 7 Protection and Administration with MyDLP Network Server ......................................... 7 Protection & Discovery with MyDLP Endpoint .............................................................. 7 Getting started with MyDLP...................................................................................................... 8 Installation ............................................................................................................................ 8 Logging on to Management Console .................................................................................... 8 Log out .................................................................................................................................. 8 Checking Server Version ...................................................................................................... 8 Changing the default password ............................................................................................. 8 Changing the user information .............................................................................................. 9 Enforcing policies .................................................................................................................... 10 Introducing the policy tab ................................................................................................... 10 Rule table ....................................................................................................................... 10 Rule types ....................................................................................................................... 10 Rule structure ................................................................................................................. 11 Rule actions .................................................................................................................... 11 Rule Email Notification ................................................................................................. 12 Message to User ............................................................................................................. 13 Web Rule........................................................................................................................ 14 Mail Rule........................................................................................................................ 15 Removable Storage Rule ................................................................................................ 16 Removable Storage Inbound Rule .................................................................................. 17 Removable Storage Encryption Rule ............................................................................. 18 Printer Rule .................................................................................................................... 19 Discovery Rule ............................................................................................................... 20 ScreenShot Rule ............................................................................................................. 21 API Rule ......................................................................................................................... 22 Policy objects tree .......................................................................................................... 23 Information Types .......................................................................................................... 24 Information Type Example ............................................................................................ 26 Available Information Features ...................................................................................... 27 Finance Compliances ..................................................................................................... 29 Federal Regulations ........................................................................................................ 34 Sensitive Documents ...................................................................................................... 36 Network Security Information........................................................................................ 37 Policy actions ...................................................................................................................... 38 Adding policy rules ........................................................................................................ 38 MyDLP Administration Guide 3
MyDLP Adding a user defined category ...................................................................................... 38 Adding a user defined network ...................................................................................... 38 Adding a user defined information type ......................................................................... 39 Adding an User Defined Domain Name ........................................................................ 40 Adding an user defined File System Directory .............................................................. 41 Adding a user defined Source Domain ........................................................................... 41 Adding a user defined Application Name ...................................................................... 42 Adding a user defined user object .................................................................................. 42 Adding an active directory user object ........................................................................... 43 Dragging a source object into rule ................................................................................. 43 Dragging an information type into rule .......................................................................... 44 Setting a rule action ........................................................................................................ 45 Changing the rule priority .............................................................................................. 45 Deleting a rule ................................................................................................................ 46 Disabling a rule .............................................................................................................. 46 Editing the rule name and description ............................................................................ 46 Copying a rule ................................................................................................................ 47 Expanding and collapsing a rule .................................................................................... 47 Expanding and collapsing all rules ................................................................................. 48 Installing policy .................................................................................................................. 49 Objects tab ............................................................................................................................... 50 Introducing the objects tab .................................................................................................. 50 Creating a data format .................................................................................................... 50 Creating a keyword group .............................................................................................. 51 Importing keywords from file ........................................................................................ 52 Importing Keywords using RDBMS connection............................................................ 53 Creating a document database using files ...................................................................... 55 Synchronizing a document database using RDBMS Connections ................................. 59 Integrating with Active Directory Domain..................................................................... 61 Integrating with RDBMS Systems ................................................................................. 62 Logs tab ................................................................................................................................... 63 Introducing the logs tab....................................................................................................... 63 Log Structure.................................................................................................................. 63 Log Actions......................................................................................................................... 64 Finding events in a specific time period ......................................................................... 64 Detailed log search ......................................................................................................... 64 Resetting log filter .......................................................................................................... 65 Refreshing logs............................................................................................................... 65 Showing Hiding Archive Logs ....................................................................................... 65 Searching term in quarantined or archived files ............................................................. 65 MyDLP Administration Guide 4
MyDLP Exporting Logs as an Excel File..................................................................................... 65 Resending quarantined emails ........................................................................................ 66 The Endpoints tab .................................................................................................................... 67 Searching Endpoints....................................................................................................... 67 Clearing Endpoints Database ......................................................................................... 67 Online Endpoints ............................................................................................................ 67 Offline Endpoints ........................................................................................................... 68 The Settings tab ....................................................................................................................... 69 Protocols inner tab .............................................................................................................. 69 SMTP HELO name ........................................................................................................ 69 SMTP next hop host ....................................................................................................... 69 SMTP next hop port ....................................................................................................... 69 SMTP bypass on fail ...................................................................................................... 69 ICAP request mod path .................................................................................................. 69 ICAP response mod path ................................................................................................ 69 ICAP maximum connections ......................................................................................... 69 MyDLP user certificate .................................................................................................. 69 Users inner tab .................................................................................................................... 70 Administrative Users ...................................................................................................... 70 Types of Administrative Users Roles in MyDLP........................................................... 70 Adding a super administrator user.................................................................................. 71 Adding an administrator user ......................................................................................... 72 Adding an auditor user ................................................................................................... 72 Adding a classifier user .................................................................................................. 73 Deleting an administrative user ...................................................................................... 74 Editing an administrative user ........................................................................................ 74 Setting password for an administrative user ................................................................... 75 Endpoint inner tab ............................................................................................................... 76 Log level ........................................................................................................................ 76 Sync interval................................................................................................................... 76 Log limit ......................................................................................................................... 76 Discovery interval .......................................................................................................... 76 Discover on startup ........................................................................................................ 76 Ignore max size exceeded logs for discovery channel.................................................... 76 Log Spool Soft Limit ..................................................................................................... 76 Log Spool Hard Limit .................................................................................................... 76 Advanced inner tab ............................................................................................................. 77 Maximum Object Size .................................................................................................... 77 USB ACL inner tab ............................................................................................................. 78 Enterprise inner tab ............................................................................................................. 79 Mail Archive .................................................................................................................. 79 MyDLP Administration Guide 5
MyDLP Web Archive .................................................................................................................. 79 ICAP Minimum Archive Size ........................................................................................ 79 Edit Denied Page ............................................................................................................ 79 Email Notification .......................................................................................................... 81 Syslog Settings ............................................................................................................... 81 IRM inner tab ...................................................................................................................... 82 The dashboard tab .................................................................................................................... 83 Adding dashboard items ................................................................................................. 83 Display Weekly Report .................................................................................................. 83 The revisions tab ...................................................................................................................... 84
MyDLP
About MyDLP
MyDLP is a fully fledged data leakage prevention solution that offers network and endpoint protection and confidential data discovery.
MyDLP Features
You can monitor and control data flow and stored data in your organization with MyDLP. You can pass, log, archive and quarantine moving data, encrypt removable devices and delete discovered files on storages using policy actions. The two main components of MyDLP are the MyDLP Network Server and MyDLP Endpoint. These two components work together to protect your sensitive information in your organization.
Protection and Administration with MyDLP Network Server

Network protection enables you to detect and prevent outgoing data from your organizations network. MyDLP Network Server also functions as the administration center.
Protection & Discovery with MyDLP Endpoint

MyDLP Endpoint protection enables you to detect and prevent any data moved to removable devices such as USB sticks or smart phones from workstations or laptops in your organization. You can also enforce full disk encryption on removable devices. Endpoint protection also covers any document printed using network and local printers connected to computers. Endpoint data discovery also enables you to detect and enforce policy on stored data on computers in your network.
MyDLP
Getting started with MyDLP

Installation
For MyDLP Network Server installation and MyDLP Endpoint deployment please refer MyDLP Installation Guide and MyDLP Endpoint Installation Guide.
Logging on to Management Console

Management Console is a web based management user interface That allows users to build up policies, review brief history about incidents and monitor user activity. You need to have a Flash enabled web browser to connect to Management Console. You can get the latest Flash plugin for your browser here: http://get.adobe.com/flashplayer/ Using web browser connect to management interface using following URL: https://servername "servername" is the hostname or IP address of MyDLP Network Server which is configured during installation. See MyDLP Installation Guide document, MyDLP Network Server Initial Configuration section. Default username is "mydlp" and password is "mydlp" (without the quotes). Enter the username and password than click Login.
Log out
Click icon on the upper right of the Management Console to log out.
Checking Server Version

You can check currnetly logged on user and server version on the upper right of the Management Console as seen below. It will be easier to get a fast response if you provide version number in support calls or in the community forum questions.
Changing the default password

You need change the default password before anything else. 1. 2. 3. Click on the wrench icon in the management console.
In the Edit User Dialog enter your current password as "mydlp" (without the quotes). Enter your new password and re-enter it into respective fields. Password must have at least one uppercase and one lower case letter and a number. It should be at least six characters long.
4. MyDLP Administration Guide
Click Save button. 8
MyDLP
Changing the user information

You can change your user name and email address with following steps: 1. 2. 3. 4. 5. 6. Go to Settings tab. Go to Users tab. Select the user with username mydlp. Click Edit User button at the below. Change Email and User Name. Click Save.
MyDLP
Enforcing policies
Introducing the policy tab
The policy tab is used to define policies. On the left hand side there is the policy objects tree which is used to drag and drop predefined or custom objects into policy rules. On the right hand side there is the rule table which is empty after installation and represents your DLP policy.
Rule table
The rule table contains DLP rules in its rows. It has a priority order where top rule has the highest priority and applied first.
Rule types
There eight different available rule types classified according to inspection data channel. Each rule type is effective only on related data flow channel: : Web rule is used to monitor and control web traffic. : Mail rule is used to monitor and control e-mails. : Removable Storage rule is used to control data moved to removable memory devices such as USB memory sticks, removable hard drives, smart phones and etc. : Removable Storage rule is used to control data moved to removable memory devices such as USB memory sticks, removable hard drives. : Removable Storage Inbound rule is used to archive data copied from removable memory devices on to computer. : Printer rule is used to control print jobs. : Discovery rule is used to control data on storages. : Screenshot rule prevents print screen function while a sensitive application is running. : API rule is a unique feature of MyDLP allows you to integrate your custom applications with MyDLP.
10
MyDLP
Rule structure
Each rule has the following five part structure:
The first part is the Channel type and name. The icon near the rule name shows the type of the rule. The type of the rule determines the data channel to be inspected. Name is given during rule creation. It is a descriptive short name to show the purpose of the rule. The second part is the Sources constraint which restricts the rule on a certain user or a user group which can be denoted by IP address, network, Active Directory element or an email address depending on the rule type. Sources column is required for all types of rules. The third part is the Destinations. Destination function changes by the rule type, it can be domain, directories or application names. Destination column is not required for removable storage, removable storage inbound, printer and API rules. The fourth part is the Information Types. This represents the information to be searched in the related data channel during inspection. There many types of information types and custom information types can be defined. Information type column is not required for removable storage inbound and screenshot rules. Last part is the action. This shows the desired action to be taken when defined information type found on a data channel. Available actions are PASS, BLOCK, LOG, QUARANTINE, and ARCHIVE. Selected action type is shown on the last part of the rule with related icon.
Rule actions
PASS action allows information to pass through data channel freely without any logs. This action is available for all rule types. LOG action allows information to pass through data channel but generates event log. This action is not available for screenshot rules. ARCHIVE action allows information to pass through data channel, generates event log and archives a copy of information. This action is not available for screenshot rule. BLOCK action prevents information to pass through data channel and generates event log. This action is not available for removable storage inbound rules. QUARANTINE action prevents information to pass, generates event log and archives a copy of information. This action is not available for removable storage inbound rules and screenshot rules. ENCRYPT action is only available for removable storage encryption rules. It enforces encryption of connected removable devices. DELETE action is only available for discovery rules. It deletes matched discovered files. Use this action very carefully.
11
MyDLP
Rule Email Notification

Following rule types can be configured to send an alert email to administrator when specified incident occurs: Web Mail Removable Storage Printer Discovery API
You can customize these notifications from Settings -> Enterprise tab.
12
MyDLP
Message to User
You can specify messages for blocked request for user for Email Rules and Web Rules as below. See Settings/Enterprise inner tab/Edit denied page section for further information.
13
MyDLP
Web Rule
Web Rule covers the whole Web channel. In order to enforce policies for protocols like HTTP, HTTPS, FTP, we will use this rule type. Social networking sites, Web mail services, blogs, wikis, forums, almost everything can be accessed from browser are under this topic. To use Web Rules you need to configure your web traffic to pass over MyDLP Network Server. Please see MyDLP Installation Guide.
Web Sources
You can use all kind of users (IP addresses, subnets, User defined users, AD users, AD groups, AD organization units) or predefined or user defined network objects as Source in this rule type. See Objects Tab chapter for creating user defined sources.
Web Destinations
You can use Domain objects as Destination for this rule type. Domains are Fully Qualified Domain Name (FQDN) accessed by users in web requests. See Objects Tab chapter for creating Domain objects.
Web Information Types

You can use all Information Types in Web rules.
Example Web Rule

Here is an example web rule below which quarantines all web requests by users from sales department to all websites that contains credit card information. This rule is named as PCI because it is a part of PCI compliance policy.
14
MyDLP
Mail Rule
Mail Rule covers mail channel. In order to enforce policies for SMTP protocol you can use this rule type. Emails which have been sent through local mail servers will be analyzed using mail rules. Please see MyDLP Installation Guide for email server integration.
Mail Source
You can use all kind of users (User Defined Users, AD users, AD groups, and AD organization units), network objects or source domain objects as Source for this rule.
Mail Destination
You can use Domain objects as Destination for this rule. See Objects Tab chapter for creating Domain objects. You can also use miscellaneous destination properties for emails. In Policy Objects Tree under Predefined Destinations there is Mail has External BCC item which is used to match mails that have BCC field.
Mail Information Types

You can use all Information Types in Mail Rules.
Example Mail Rule

Here is an example mail rule below which quarantines all mails sent by users from sales department to all mail domains that contains credit card information. This rule is named as PCI because it is a part of PCI compliance policy.
15
MyDLP
Removable Storage Rule

(Previously known as Endpoint Rule) This rule covers data moved to removable devices at endpoints. In order to enforce policies for removable storage devices at endpoints you use this rule type. Any operation that transfers information from computer to a removable storage device will be covered. To be able to use Removable Storage Rules MyDLP Endpoint Agent should be deployed, please see MyDLP Endpoint Agent Installation Guide.
Removable Storage Source

You can use all kind of users (User Defined Users, AD users, AD groups and AD organization units), network objects or source domain objects as Source for this rule.
Removable Storage Destination

Since it is not possible to specify destination for removable storages, Destination Column is not required to be specified in this rule.
Removable Storage Information Types

You can use all Information Types in this rule.
Example Removable Storage Rule

Here is a removable storage rule below which quarantines all files copied by users from sales department to removable storage devices, such as USB sticks connected to their workstations or laptops, that contains credit card information. This rule is named as PCI because it is a part of PCI compliance policy.
16
MyDLP
Removable Storage Inbound Rule

This rule covers file copy or read operations from removable devices to endpoint at endpoints. This rule does not make any kind of DLP analysis, it simply Pass, Logs or Archives data transfer. Any operation that transfers information to computer from a removable storage device is covered with this rule. To be able to use Removable Storage Inbound Rules MyDLP Endpoint Agent should be deployed, please see MyDLP Endpoint Agent Installation Guide.
Removable Storage Inbound Source

Removable Storage Inbound Destination and Information Type

Since Destination is always the endpoint itself and Information Type is not checked in this rule type. They are not required and not possible to define in this rule type.
Example Removable Storage Inbound Rule

Here is a removable storage inbound rule below which logs all files copied by users from sales department from removable storage devices to their workstations or laptops. This rule is named as storage logging and can be used to audit memory stick usage behavior of users.
Note: Removable Storage Inbound Rule operates on any files smaller than Maximum Object Size (see Settings Tab / Advanced Subtab). If you use Archive action, depending on your users behavior you may need significant storage to store archived files.
17
MyDLP
Removable Storage Encryption Rule

This rule covers encryption of removable devices connected to endpoints. This rule does not make any kind of DLP analysis, it simply Pass (Do not encrypt) or Encrypts removable storage devices and all the files stored in them. Using this rule, it is possible to ensure that removable storage devices which are used in the company cannot be used in any other network. To be able to use Removable Storage Encryption Rules MyDLP Endpoint Agent should be deployed, please see MyDLP Endpoint Agent Installation Guide.
Removable Storage Encryption Source

Removable Storage Encryption Destination and Information Type

Since Destination is always the endpoint itself and Information Type is not checked in this rule type. They are not required and not possible to define in this rule type.
Example Removable Storage Encryption Rule

Here is a removable storage encryption rule below which encrypts all removable storage devices connected to workstations or laptops in the company network. This rule is named as all encryption and can be used to ensure no data leak will occur through removable storage devices from company network to other networks. This the most common usage scenario for this rule.
18
MyDLP
Printer Rule
This rule covers printers at endpoints. MyDLP has unmatched printer inspection support. MyDLP supports network printers, USB printers, shared printers, and much more. Actually MyDLP supports anything that can print. That is why we call MyDLPs printer inspection channel unmatched. In order to enforce policies for printers at endpoints we will use this rule type. In order to inspect every single printing operation, MyDLP will use this rule type. To be able to use Printer Rules MyDLP Endpoint Agent should be deployed, please see MyDLP Endpoint Agent Installation Guide.
Printer Source:
Printer Destination
It is not possible to define a destination in a Printer Rule.
Printer Information Types

You can use all kind of Information Types for this rule.
Example Printer Rule

Here is an example printer rule below which quarantines all print jobs sent by users from sales department that contains credit card information. Print job will be blocked and content of the document that would be printed is saved as a XPS document on MyDLP. This rule is named as PCI because it is a part of PCI compliance policy.
19
MyDLP
Discovery Rule
This rule will be used to discover resting sensitive information in endpoints. Discovery rules will let you help you to see information leakage risk before any incident happened.
Discovery Source
You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
Discovery Destination
You can use File System Directory objects as Destination for this rule. The folders specified as Destinations on endpoints will be scanned by Discovery Rule to find whether they match the specified Information Type.
Discovery Information Types

Example Discovery Rule

Here is an example discovery rule below which logs all files on C:\Users and C:\Documents and Settings (usual user file paths on Microsoft Windows XP, Windows Vista and Windows 7) on endpoint machines such as laptops and workstations of users from sales department that contains credit card information. This rule is named as PCI because it is a part of PCI compliance policy.
Note: Discovery Rule operates on any files smaller than Maximum Object Size (see Settings Tab/ Advanced Subtab). If you use Archive or Quarantine action, depending on your users behavior you may need significant storage to store archived files. Note: If you use Delete or Quarantine action be sure to specify Destination directories and Information Types carefully. Discovery Rule deletes any files matched without confirmation if you select Delete or Archive actions on endpoints.
20
MyDLP
ScreenShot Rule
This rule will be used to prevent screenshots when sensitive applications are running in endpoints. This rule does not send any log to management server. It simply blocks screenshot actions for selected Applications.
ScreenShot Source
ScreenShot Destination
You can use Application objects as Destination for this rule.
Example ScreenShot Rule

Here is an example screenshot rule below which prevents print screen functionality when office applications are running. This is the most common usage scenario.
21
MyDLP
API Rule
This rule will be used to manage behavior of MyDLP API. MyDLP API will help you to integrate MyDLP with other applications. See Integration/ MyDLP API Integration chapter for integrating your applications with MyDLP.
API Sources
API Information Types

Example API Rule

Here is an API rule below sends block response to web requests from applications on 10.0.0.0/24 network if the request body contains credit card number.
22
MyDLP
Policy objects tree

Policy objects tree is the collection of objects which can be used in rules by dragging them from the tree into source and information type field of rules. An example policy objects tree can be seen below: Predefined objects are used for easy access for frequently used objects.
Predefined sources represent common network addresses. Predefined information types are common information types such as credit card numbers, IBAN, SSN. It also includes all matcher which is used to match all traffic. Compliance is an information type that includes predefined policies such as PCI DSS, SOX, and GLBA etc. Destinations are items that can be used in Destination column of a rule.
23
MyDLP
Information Types
Data Leakage Prevention concept relies on detecting information on a data transfer or residing data. The most important thing in a DLP product is being able to define this information with easy-to-use instruments. In MyDLP, this content definition instrument as Information Type. DLP inspections on channels, such as Web, Mail, Removable Storage, Printer, Discovery and others, is done according to associated information types. MyDLP has been shipped with a lot of predefined information types, new predefined information types are added in each version. Picture below show some of these information types:
Data format
Data Formats are used for determining the data formats (a data format is combination of several mime types ) that will be considered as a candidate for this Information Type. For example, if you select All Formats, all kind of files (or data) will be a candidate and DLP inspection (which will be defined in Information Features section) will be done for every single file. As similar, if you select PDF, PS, only files (or data) in Portable Document Format and PostScript formats will be considered as a candidate and DLP inspection will be done on only this kind of files.
24
MyDLP
Information Features
Using Information Features, you are be able to define properties of data content to be analyzed. Most important part of an Information Feature is the Matcher. All other properties of the Information Feature will be asked after selecting the Matcher, because every single Matcher has different functionalities and these different functionalities require different configuration options. The Matcher simply declares what you are looking for in a file ( or flowing data through a channel). Picture below is an example of Birth Date Matcher. Birth Date matcher matches birth dates and requires a property named Threshold value. This Threshold value specifies the number of occurrences of positive matching (in this case birth dates) in file (or flowing data chunk). For example, with this Information Feature (below), you are looking for (at least) two valid and separate birth date occurrences:
Distance
Distance is a property of Information Feature which is not applicable for all kind of Information Features. Distance property allows you to specify a context in terms of data size for a specific Information Feature. Simply, DLP analysis will return positive only if all defined Information Features have been found in specified distance. This feature lets you make DLP analysis in a context and drastically decrease false positives in big files. Screenshot below describes Distance usage briefly. In this example, there are two Information Features: Birth Date with threshold value 2 and Keyword MyDLP with threshold value 3. Distance is applicable for these Information Types and it has been set to value 250. It means that you are looking for two birth dates and three separate MyDLP keywords (keyword matcher directly matches exact string [case insensitive] ) in a 250 characters length sequence.
25
MyDLP
Information Type Example

A retail company two bank account number and a credit card number is kept in company database. The security administrator wants to prevent sending any office file that contains this information of a customer to the outside of the company. To match such information flow security administrator should define an information type named "Customer Accounts" and add "Office Files" as a data format. He should add a credit card number feature with threshold 1 and an IBAN number feature with threshold 2.This information type will match any office files containing at least one credit card number and two IBAN number.
26
MyDLP
Available Information Features

Feature: 5-8 Digit Account Number
Feature: 9 Digit Account Number Feature: ABA Routing Number
Feature: All Matcher

Description: All matcher matches any type of information. It can be used in rules for certain data formats such as prevent any outgoing office file.
Feature: Credit Card Number

Credit card number feature matches occurrences of credit card number in data stream. If you use credit card number with threshold 5 it will match any document with 5 or more credit card numbers in it.
Feature: Social Security Number

Social Security Number is the United States social security number. This feature matches each of social security number in the data stream.
Feature: IBAN Account Number

IBAN is the International Bank Account Number. This feature matches each bank account number in IBAN format in data stream.
Feature: Turkey National ID Number

Turkey National ID Number or T.C. Kimlik No. is the citizen number in Turkey. This feature matches each occurrences of this number in data stream.
Feature: Canada Social Security Number

This feature matches Canada Social Security number in data stream.
Feature: France INSEE Number

This feature matches France INSEE number in data stream.
Feature: UK National Insurance Number

This feature matches United Kingdom insurance number in data stream.
27
MyDLP
Feature: South African ID Number

This feature matches South Africa citizen ID number occurrence in data stream.
Feature: Keyword
This feature matches occurrence of entered keyword during creation of information type.
Feature: Regular Expression

This feature matches entered regular expression in data stream.
Feature: Source Code (C/C++/C#/Java)

This feature matches expressions in C, C++, C# and Java programming languages in data stream.
Feature: Source Code (Ada)

This feature matches Ada programming language expressions in data stream.
Feature: Document Database (Hash)

This feature matches any document in data stream which exactly has the file hash of one of the documents in document database.
Feature: Document Database (PDM)

Partial document matching (PDM) feature matches any chunk of document in data stream where it significantly resembles a part of a document in document database.
Feature: Encrypted Document Matcher

Encrypted document will match a password protected or encrypted file.
Feature: Encrypted Archive Matcher

Encrypted archive matcher will match an encrypted archive file such as zip, rar etc.
28
MyDLP
Finance Compliances
PCI
Matchers: Credit Card number Credit Card track 1 Credit Card track 2 Credit Card track 3
Threshold values: o Credit Card number: 1 o o o Credit Card track 1: 1 Credit Card track 2: 1 Credit Card track 3: 1
Distance: 32
EU FINANCE
Matchers: CCN with UK NINO Description: Consist of Credit card number and UK national number Threshold values: o o Credit card number: 1 UK national number: 1
Distance: 100 CCN with France INSEE Description: Consist of Credit Card Number and France INSEE Number Threshold values: o o Credit Card Number:1 France INSEE Number:1
Distance: 100 CCN with Spain DNI Description: Consist of Credit Card Number and Spain DNI Number Threshold values: o o MyDLP Administration Guide Credit Card Number: 1 Spain DNI Number: 1 29
MyDLP Distance: 100 CCN with Italy FC Description: Consist of Credit Card Number and Spain DNI Number Threshold values: o o Credit Card Number: 1 Spain DNI Number: 1
Distance: 100
GLBA
Matchers:
Name with sensitive Drug Description: Consist of Keyword Group Names and Keyword Group Sensitive Drug Names Threshold values: o o Keyword Group Names: 1 Keyword Group Sensitive Drug Names: 1
Distance: 100 Name with sensitive Disease Description: Consist of Keyword Group Names and Keyword Group Sensitive Drugs Names Threshold values: o o Keyword Group Names: 1 Keyword Group Sensitive Drug Names: 1
Distance: 100
CCN Description: Credit card number Threshold value: o Credit card number: 1
Distance: Disabled Name with SSN Description: Consist of Social Security Number and Keyword Group Names Threshold values: o o MyDLP Administration Guide Social Security Number: 1 Keyword Group Names: 1 30
MyDLP Distance: 100 SSN with Personal Finance Terms Description: Consist of Social Security Number and Keyword Group Personal Finance Terms Threshold values: o o Social Security Number: 1 Keyword Group Personal Finance Terms: 1
Distance: 100 Name with Personal Finance Terms Description: Consist of Keyword Group Names and Keyword Group Personal Finance Term Threshold values: o o Keyword Group Names: 1 Keyword Group Personal: 1
Distance: 100 ABA Routing Number Description: Consist of ABA routing number Threshold value: o ABA routing number: 1
Distance: Not enabled Name with 10 Digit Account Numbers Description: Consist of Keyword Groups Names and 10 Digit Account Number Threshold values: o o Keyword Groups Names: 1 9 Digit Account Number: 1
Distance: 100 Name with 9 Digit Account Number Description: Consist of Keyword Group Names and 9 Digit Account Number Threshold values: o o Keyword Group Names: 1 9 Digit Account Number: 1
Distance: 100
Name with 5-8 Digit account Description: Consist of Keyword Group Names and 5-8 Digit Account Numbers Threshold values: o o Keyword Group Names: 1 5-8 Digit Account Numbers: 1
Distance: 100 MyDLP Administration Guide 31
MyDLP
SOX
Description: SOX consists of two subfolders as 10K forms and 10Q forms. These subfolders contain lots of matchers and description of each matcher given below; 10K Forms: A comprehensive summary report of a companys performance that must be submitted annually to U.S Securities and Exchange Commission (SEC) 10Q Forms: A comprehensive report of a companys performance that must be submitted quarterly by all public companies to U.S Securities and Exchange Commission (SEC) Matchers; 10K Forms: 10K Forms Cover Page Description: Consist of Keyword Group 10K Form Cover Page Keyword Threshold value: 6 Distance: 1500 10K Forms Table of Contents Page Description: Consist of Keyword Group 10K Form Table of Contents Keyword Threshold value: 12 Distance: 3500 10K Forms Stock Performance Graph Description: Consist of Keyword Group 10K Form Performance Graph Keyword Threshold value: 2 Distance: 200 10K Forms Financial Statements Description: Consist of Keyword Group 10K Form Financial Statement Keyword Threshold value: 3 Distance: 250 10K Forms Selected Financial Data Description: Consist of Keyword Group 10K Form Financial Data Keyword Threshold value: 500 Distance: 3
10Q Forms: 10Q Forms Cover Page Description: Consist of Keyword Group 10Q Form Cover Page Keyword Threshold value: 5 Distance: 1500 MyDLP Administration Guide 10Q Forms Table of Contents Page 32
MyDLP Description: Consist of Keyword Group 10Q Form Table of Contents Keyword Threshold value: 5 Distance: 3000 10Q Forms Consolidated Balance Sheets Description: Consist of Keyword Group 10Q Form Consolidated Balance Sheet Threshold value: 6 Distance: 1500 10Q Forms Other Information Description: Consist of Keyword Group 10Q Form Other Information Keyword Threshold value: 4 Distance: 2000
Investments Information
Matchers:
Investment Related Document Description: Includes Keyword Group Investment Information Threshold values: 5 Distance: 1000
Pricing
Matchers: Pricing Information Description: Includes Keyword Group Pricing Information Threshold values: 5 Distance: 1000
33
MyDLP
Federal Regulations
Description: Federal Regulations section created to meet requirements of HIPAA. HIPAA, the Health Insurance Portability and Accountability Act is Federal Regulation health records. The purpose of Act is to protect billing and the confidential medical records of patient. MyDLP allows the institution to protect customers confidential information and meet the requirements of HIPAA with following matchers. Matchers:
HIPAA
CCN with Sensitive Drug Names Description: Consist of Credit Card Number and Keyword Group- Sensitive Drug Names Threshold values: o o Credit Card Number: 1 Keyword Group- Sensitive Drug Names: 1
Distance: 100 CCN with Sensitive Disease Names Description: Consist of Credit Card Number and Keyword Group-Sensitive Disease Names Threshold values: o o Credit Card Number: 1 Keyword Group-Sensitive Disease Names: 1
Distance: 100 SSN with Sensitive Drug Names Description: Consist of Social Security Number and Keyword Group-Sensitive Drug Names Threshold values: o o Social Security Number: 1 Keyword Group-Sensitive Drug Names: 1
Distance: 100 SSN with Sensitive Disease Names Description: Consist of Social Security Number and Keyword Group-Sensitive Drug Names Threshold values: o o MyDLP Administration Guide Social Security Number: 1 Keyword Group-Sensitive Drug Names: 1
Distance: 100 CCN with Common Disease Names 34
MyDLP Description: Consist of Credit Card Number and Keyword Group-Common Disease Names Threshold values: o o Credit Card Number: 1 Keyword Group-Common Disease Names:2
Distance: 100 SSN with Common Disease Names Description: Consist of Social Security Number and Keyword Group- Common Disease Names Threshold values: o o Social Security Number: 1 Keyword Group- Common Disease Names: 1
Distance: 100 Date of Birth with Names Description: Consist of Birth Date and Keyword Group-Names Threshold values: o o Birth Date: 1 Keyword Group-Names: 1
Distance: 100 Names with Common Disease Description: Consist of Keyword Group-Common Disease Names and Keyword Group Names-Names Threshold values: o o Keyword Group-Common Disease Names: 1 Keyword Group Names-Names: 1
Distance: Not enabled Name with Sensitive Drug Description: Consist of Keyword Group-Names and Keyword Group-Sensitive Drug Names Threshold values: o o Keyword Group-Names: 1 Keyword Group-Sensitive Drug Names: 1
Distance: 100 Name with Sensitive Disease Description: Consist of Keyword Group-Names and Keyword Group- Sensitive Disease Names Threshold values: o o MyDLP Administration Guide Keyword Group-Names: 1 Keyword Group- Sensitive Disease Names: 1 35
MyDLP Distance: 100 DNA Description: Consist of DNA Pattern matcher Threshold values: 1 Distance: Disabled National Drug Codes Description: Consist of National Drug Codes Threshold values: 1 Distance: Not available
Sensitive Documents
Description: Sensitive Documents consist of three main subfolders such as Strategic Business Document, Resume for HR and Sensitive Keywords Matchers: Strategic Business Document Description: Consists of Keyword Group Strategic Business Document Keywords Threshold values: 10 Distance: 2000 Resume For HR Description: Consists of Keyword Group Curriculum Vitae Keywords Threshold values: 8 Distance: 2000 Sensitive Keywords Description: Consist of Keyword Confidential Threshold values: 6 Distance: 5000 Top Secret Keyword Description: Consists of Keyword top secret Threshold: 6 Distance: 5000 Restricted Keyword Description: Consists of Keyword-Restricted Threshold: 6 Distance: 5000 Sensitive Keyword Description: Consist of Keyword-Sensitive Threshold: 6 MyDLP Administration Guide 36
MyDLP Distance: 5000
Network Security Information

Matchers: IP with Network Patterns Description: Consist of IP matcher and Keyword Group Network Patterns Threshold: 2 Distance: 200 Network Patterns Description: Consists of Keyword Group-Network Patterns Threshold: 4 Distance: 150 Mac Address Description: Consists of MAC Threshold: 4 Distance: 150
37
MyDLP
Policy actions
Adding policy rules
1. To add a rule into policy click rule table. button on the top or bottom of the
2. 3. 4. 5. 6. 7.
Move the rule place holder seen above to the desired place in the rule table. Click to add the rule.
Select the rule type that you want to add. Add a Name and Description for the rule. Click Save. Selected rule type with given name is created and can be seen on the top of the rule table.
Adding a user defined category

Categories are collections of user defined objects. They can be used as placeholder for grouping custom objects. 1. 2. 3. 4. 5. 6. Click on User Defined folder icon: Its color turns to blue and a plus icon Click on the plus icon. Select the item type: by clicking on it. . should appear.
In Edit Dialog enter a descriptive name for category. Click Ok.
Adding a user defined network

Networks can be used in all types of rules except the mail rules. 1. Click on User Defined folder icon: .
2. 3.
It's color turns to blue and a plus icon Click on the plus icon.
should appear:.
38
MyDLP 4. 5. 6. 7. 8. 9. Select the item type: by clicking on it.
In Edit Dialog enter a descriptive name for network. Enter a valid IP address into IP Base. Example: 192.168.1.25 Enter a valid IP net mask into IP Mask. Example : 255.255.255.0
10. Click Save. 11. New user defined network object will be listed under user defined section at the left side of the Policy Screen. This new network object can be used as source with all types of rule except for mail rule.
Adding a user defined information type

Information types can be used in following types of rules; 1. 2. 3. 4. 5. 6. 7. 8. Web Rule Mail Rule Removable Storage Rule Printer Rule Discover Rule API Rule . should appear.
Click on User Defined folder icon: Its color turns to blue and a plus icon Click on the plus icon. Select the item type:
In Edit Dialog enter a descriptive name for information type. Select a data format from available data formats by clicking on it. Move selected data format to current active by clicking on icon.
Click on icon under Feature Configuration to add a feature into your information type. Select the feature type.
9.
10. Enter the threshold for feature type. MyDLP Administration Guide 39
MyDLP NOTE: Threshold value must be numeric value starting from 1 11. Click on Save. 12. If you need more than one feature return to step 9. 13. Click on Save.
Adding an User Defined Domain Name

Manually created Domain Name can be used on Web and Email rules 1. 2. 3. 4. 5. 6. Click on User Defined folder icon: It's color turns to blue and a plus icon Click on the plus icon. Select the item type: Enter a descriptive name. Enter a domain name . should appear:
40
MyDLP
7.
Click Save.
New Domain will be listed under predefined section at the left side of the Policy screen. You can use this domain as a destination for Web and Email rules
Adding an user defined File System Directory

Manually created File System Directory objects can be used on Discovery Rule 1. 2. 3. 4. 5. 6. Click on User Defined folder icon: It's color turns to blue and a plus icon Click on the plus icon. Select the item type: Enter a descriptive name Enter a directory Example: C:\Users\Administrator . should appear:
7.
Click Save
New File System Directory object will be listed under predefined section at the left side of the Policy screen. You can use this File System Directory as a destination for Discovery Rules
Adding a user defined Source Domain

Manually created Source Domain can be used email rules only. 1. 2. MyDLP Administration Guide Click on User Defined folder icon: It's color turns to blue and a plus icon . should appear: 41
MyDLP 3. 4. 5. 6. Click on the plus icon. Select the item type: Enter a descriptive name Enter a source domain name
Example: mydlptest.com Click Save. New Source Domain will be listed under predefined section at the left side of the Policy screen. You can use this Source Domain as a Source for Email Rules
Adding a user defined Application Name

Manually created Application Name can be used on Screenshot Rule only
1. 2. 3. 4. 5. 6.
Click on User Defined folder icon: It's color turns to blue and a plus icon Click on the plus icon. Select the item type: Enter a descriptive name Enter an application executable name including extension (ex: Excel.exe). You can check application name using Task Manager while running target application. Click Save New Application Name object will be listed under predefined section at the left side of the Policy screen. You can use this as a destination for Screenshot Rules should appear:
7.
Adding a user defined user object

1. 2. 3. MyDLP Administration Guide Click on User Defined folder icon: It's color turns to blue and a plus icon Click on the plus icon. 42 . should appear:
MyDLP 4. 5. 6. 7. Select the item type: To create a user manually select Enter a descriptive name. Enter username as one of the options below: a. (Option 1) Enter a username for e-mail or account such as user@domain.com. (Option 2) Enter a username for Active Directory user account such as user@domain.com. (Option 3) Enter a username local user account such as user@computername
b.
c.
For Option 2 and 3 when targeted user is logged on to his endpoint you can check Logged On User Name under Endpoints tab to be sure about user name. 8. Click Save.
Adding an active directory user object

Active directory user objects can be used in all rule types except API rules. 1. 2. 3. 4. 5. 6. 7. 8. Click on User Defined folder icon: Its color turns to blue and a plus icon Select the item type: To create an Active Directory user select Enter a descriptive name for user. Select the domain. Select the user or group under the domain tree. Click Save. . should appear then click on the plus icon.
Note: Before you do this action you need to integrate with Active Directory using objects tab.
Dragging a source object into rule

You can drag more than one source into a rule. The rule will match if data originates from any one of the defined source. 1. Select the source object in the objects tree as below:
43
MyDLP
2.
Drag it into the source part of the rule as below:
Dragging an information type into rule

You can drag more than one information type into a rule. The rule will match if any of the information type matches data. 1. Select the information type in the objects tree as below:
2.
Drag it in to the information type part of the rule as below:
44
MyDLP
Setting a rule action

Each rule can have only one action. To set a rule action: 1. Select the rule in rule table by clicking on it:
2.
Click on the action combo box:
3.
Select the desired action by clicking on it in the combo box:
Changing the rule priority

You can move a rule up and down to change its priority. 1. Click on the rule that you want to move.
2.
Drag the selected rule desired place , place line will assist you while dragging the rule.
45
MyDLP
3.
After you dropped the selected rules , new arrangement will be as follows
Deleting a rule
1. 2. Click on the rule that you want to delete. Click on the icon.
Disabling a rule
Disabled rules will not have an effect on your policy. Disabled rules have an their rule name. 1. Click on the rule that you want to disable. 2. Click on the icon. icon near
Editing the rule name and description

1. 2. 3. 4. 5. Click on the rule that you want to disable. Click on the icon.
Change the name as you need. Change the description as you need Click Save.
46
MyDLP
Copying a rule
1. 2. 3. 4. 5. 6. Click on the rule that you want to copy Click on icon to copy the rule.
Change the name for the copied rule. Change the description for the copied rule. Click Save. Copied rule will added below the original rule.
Expanding and collapsing a rule

If a rule contains more than one Source, Destination or Information Type item, these items will be hidden and grouped automatically. To see or hide whole items exists in column please follow the procedure below.
1.
Click the rule that you want to expand
2.
Click on
icon to expand the rule
3.
Group will be expanded and all hidden items will be seen listed Sources, Destination and Information Types column.
4.
Click on
collapse icon to hide expanded items
47
MyDLP
Expanding and collapsing all rules

You can expand or collapse all policy rules to view rules or navigate through your policy effectively. To expand all rules in policy click To collapse all rules in policy click Expand All button. Expand All button.
48
MyDLP
Installing policy
The policy you created in policy tab is not activated instantly after you edit it. You need to install the current policy as below: 1. 2. Click on button on the top of the screen
Click on Close in Policy Installation dialog
Note: Once you make any changes on MyDLP UI please do not forget to click install policy button otherwise the changes made will be canceled out and newly added rules, policy changes will not apply to endpoints.
49
MyDLP
Objects tab
Introducing the objects tab
Objects tab is used to define advanced policy object which cannot be created in policy tab. On the left hand side there is the objects tree. On the right hand side there is the object editing pane.
Creating a data format

You can create new data formats by defining MIME types for that data format. 1. 2. Click on in objects tree
It should change its color to blue and a plus icon should appear
3. 4. 5.
Click on
icon.
Give a descriptive name for new data format Click on icon to add a new MIME type
6.
Enter MIME. Example: application/pdf
7. 8. 9. MyDLP Administration Guide
Click Save in dialog Go to step 5 if you want to add more MIME types Click Save. 50
MyDLP
Note: For further information about MIME types please see also, http://www.iana.org/assignments/media-types
Creating a keyword group

You can create new keyword groups. 1. 2. 3. Click on in objects tree
It should change its color to blue and a plus icon should appear Click on icon.
4. 5.
Give a descriptive name for the new keyword group Click on icon to add new keyword
6. 7.
Select enter as a text. Enter keyword.
8. 9.
Click Save in dialog Go to step 5 if you want to add more keywords.
10. Click Save.
51
MyDLP
Importing keywords from file

Instead of entering one by one you can import a keyword text file in to a keyword group. 1. 2. Click on in objects tree.
Click on the keyword group that you want to change.
3. 4. 5.
Click on
icon.
Select import keywords from file. Click Select file.
6. 7. 8. 9.
Select the keyword file on your PC. Click open. You can deselect found keywords by clearing checkbox near a keyword. Click Save in dialog.
10. Click Save.
52
MyDLP
Importing Keywords using RDBMS connection

1. Click on Configure in a Keyword Group to synchronize document database with a RDBMS column.
2.
Select a RDBMS connection created previously.
3.
Enter table name, table name will be completed automatically if a matching table exists.
4.
Enter column name, column name will be completed automatically if a matching column exists .
5.
Example items are shown. Click Close to proceed.
53
MyDLP
6.
Click Save. Entries will be updated at each night automatically and new items in selected column will be included in Keyword Group.
7.
(Optional) If you want to enumerate immediately click Enumerate Now, this will fetch the entries and add it to Keyword Group.
54
MyDLP
Creating a document database using files

You can create a new document database which can be used in PDM and Hash features in information types. 1. 2. 3. Click on in objects tree It should change its color to blue and a plus icon should appear Click on icon.
4. 5. 6.
Give a descriptive name for the new document database in opened edit dialog. Click on icon to add a file into database.
Once you click the plus button you will be presented with upload dialog. There two upload options are available for document databases as below:
7.
Select and follow one of the Web-based Uploader or Multiple File Uploader methods described below.
Web-based Uploader
Web-based uploader enables the users upload files one by one. Usage: Continue from step 7 of Creating a document database using files 1. 2. 3. 4. 5. 6. 7. 8. 9. Please select Web-based Uploader Click Browse to find the file on your local PC. Select the file in file open dialog. Click Open. Wait for file upload and analyzing to be finished. This can take a while. Click OK. Go to step 2 if you want to add more files in to document types Click Save. Then click Install Policy button
55
MyDLP
MyDLP Multiple File Uploader

Multiple File Uploader enable the users upload many files sequentially one at a time with just clicking on your target folder. Before first usage you need to install MyDLP Multiple File Uploader Adobe AIR application to your PC as described below. Note: Adobe AIR should be installed on your computer to use MyDLP Multiple File System Utility. Please download and install latest Adobe AIR package: Download Link: http://get.adobe.com/air/
Installing MyDLP Multiple File Uploader Application

Usage: Continue from step 7 of Creating a document database using files 1. 2. Select the MyDLP Multiple File Uploader Application Click icon to download the Application
3.
Download link will be open at another tab on the browser. Please click the mydlp-ui-tools-uploader-1.0.0-SNAPSHOT.air to start the download.
4. 5.
Double click on downloaded Installer Package Please select Install on Application Install wizard
56
MyDLP
6. 7.
Then select Continue Wait until Installation completed
8.
MyDLP Uploader wizard will be open once installation completed.
Using MyDLP Multiple File Uploader Application

Usage: Continue from step 7 of Creating a document database using files 1. 2. Select the MyDLP Multiple File Uploader Application Click Generate Token button
3. 4. 5. 6.
Run MyDLPUploader.exe under Program Files\MyDLP Uploader Switch to MyDLP Multiple File Uploader application Paste generated token into MyDLP Multiple File Uploader Click Enter
57
MyDLP
7. 8.
Click Browse Select directory you want to upload and click OK
9.
All files under selected folder will be listed. Click click to start upload
10. Wait until all files are uploaded then click Close 11. Switch back to MyDLP Web Management interface. Click Install Policy button
58
MyDLP
Synchronizing a document database using RDBMS Connections

1. Click on Configure in a Document Database to synchronize document database with a RDBMS column.
2.
Select a RDBMS connection created previously.
3.
Enter table name, table name will be completed automatically if a matching table exists .
4.
Enter column name, column name will be completed automatically if a matching column exists .
59
MyDLP 5. Example items are shown. Click Close to proceed.
6.
Click Save. Entries will be updated at each night automatically and new items in selected column will be included in Document Database.
7.
(Optional) If you want to enumerate immediately click Enumerate Now, this will fetch the entries and add it to document database. Warning, enumerating large amount of data during business hours may result in performance issues.
60
MyDLP
Integrating with Active Directory Domain

If you use Microsoft Active Directory (AD) in your organization you can use AD users and groups to define policies and to monitor events. To use AD groups and users in your policy rules first you need to integrate MyDLP with AD domain controller. 1. 2. 3. 4. 5. Click on in objects tree
It should change its color to blue and a plus icon should appear Click on icon.
In Active Directory Domain Edit Dialog fill following: Enter domain name. a. This is the fully qualified domain name (FQDN) of your domain defined in you domain controller.
6.
Enter IP address of your domain controller. a. This is the IP address or the resolvable hostname of the AD domain controller. b. If you have more than one domain controller in your domain enter the primary domain controller IP or hostname. c. If you have more than one domain with separate domain controllers you need to integrate them separately starting form step 1 for each domain.
7. 8.
Enter NetBIOS name of your domain controller. Enter Active Directory username. a. This should be a user account which has privilege to enumerate all users and groups in your AD domain. b. For security reasons, create a separate account for integration which has no administrative privileges.
9.
Enter Active Directory password for entered username.
10. If you have domain alias for email addresses click on 11. Enter domain alias. 12. Click Save. 13. If you need more aliases go to step 10. 14. Click Save & Enumerate. 15. Wait for enumeration to complete.
61
MyDLP
Integrating with RDBMS Systems

If you have a database which contains information you want to use in your DLP policy you can integrate MyDLP with this database. 1. 2. 3. 4. Click on RDMS Connections objects tree It should change its color to blue and a plus icon should appear Click on icon.
In RDBMS Edit Dialog fill following:
5. 6.
Enter a descriptive name for connection. Select type of Database Server. If your server type is not listed please contact support@mydlp.com.
7. 8. 9.
JDBC URL of your database as seen in example above. Enter database username. Enter database user password.
10. Click Test Connection to test the connection.
11. Click Save to save connection if successfully connected to RDBMS.
62
MyDLP
Logs tab
Introducing the logs tab
You can monitor all DLP related events in logs tab. On the top side there is the log tool bar. Using log tool bar you can search for logs in a specific time period. You can do a full text search in archived and quarantined files using search in content button. On the middle there is the log table.
Log Structure
Logs listed in log table have the following structure: 1. 2. 3. 4. 5. 6. Date: Data and time of the event Source: Source of data Destination: Destination of data Policy: Related policy rule Details: Details about rule Files: If log is the result of a rule with archive or quarantine action you can download the archived files here.
63
MyDLP
Log Actions
Finding events in a specific time period
1. 2. 3. 4. 5. Click icon near the start date
Find the start date using calendar widget Click icon near the end date
Find the end date using the calendar widget Click on the Search button
Detailed log search

1. 2. Click button.
Specify a Source IP if necessary.
3.
Specify a Sour User if necessary.
4.
Specify a Destination if necessary.
5.
Select an Action if necessary.
6.
Select a Channel if necessary.
7.
Click on the Search button
64
MyDLP
Resetting log filter

1. Click on Reset button.
Refreshing logs
1. Click on the Refresh button.
Showing Hiding Archive Logs

Show all checkbox disabled by default, hides overwhelming log entries like Removable Storage Archive Inbound, Web Archive and Email Archive logs. Enable this option to see these logs in logs tab.
Searching term in quarantined or archived files

1. Enter term near Search in content button
2.
Click on Search in content
When you search a term, a new column appears on the right showing files or data content including term. If you click on the column you can see the related incident with that data or content on the logs table at the left side.
Exporting Logs as an Excel File

You can export filtered logs as a Microsoft Excel file. Only first 1000 lines will be exported. Please restrict you search query as described above if you have more logs in logs tab.
65
MyDLP
Resending quarantined emails

MyDLP can pass, log, archive, block and quarantine emails which have confidential information according to email policy rules. When emails are passed, logged or archived they will reach their recipients. Block action discards emails and prevents them to reach their recipients. Quarantine action also prevents emails to reach their recipients but a copy of each email is archived. After administrator or auditor examination these emails can be found legitimate and can be sent to their original recipients. 1. Find the event log of quarantined email. You should see in Policy column of the log Action: Quarantine and Channel: Mail 2. 3. 4. 5. Click on event log row, requeue icon should appear in Policy column. icon.
If you want to resend email to its recipient click on In Policy column Requeue on progress... can be seen.
Click Refresh button on the log toolbar, if mail is successfully requeued
66
MyDLP
The Endpoints tab

Endpoints tab lists all MyDLP Endpoints connected to MyDLP Server. You can see current number of endpoints as below:
Searching Endpoints
You can filter endpoint listed in the endpoints table according to IP address, username and version. Enter term to be searched in to text box and click Search button. To clear the search click Reset button.
Clearing Endpoints Database

Endpoints database on server will repopulated according to received requests when you clicked Truncate button.
Online Endpoints
Online Endpoints are shown as below with Endpoint ID, IP Address, Logged on user, Installed Agent Version, Last Update Date and First Seen Date.
Endpoint ID is the unique ID given to each Endpoint via secure protocol and remains unchanged if your endpoint host changes IP address or hostname. If you have relevant discovery rule in Policy Tab, you can initiate endpoint discovery on online endpoints by clicking Discover Now.
67
MyDLP
Offline Endpoints
Offline endpoints will be shown as faded with colored background in the table.
68
MyDLP
The Settings tab

Protocols inner tab
SMTP HELO name
SMTP protocol greeting hostname. Default value is "mydlp.com"
SMTP next hop host

It is the next SMTP hop which will be used during outgoing mail delivery.
SMTP next hop port

TCP port number of the SMTP next hop.
SMTP bypass on fail

SMTP bypass on fail option determines the behavior of email engine of MyDLP in case of any error. If this option is checked MyDLP will pass mails on error case for availability. If this option is not checked MyDLP will block mails on error for security.
ICAP request mod path

ICAP request mod path is used during ICAP integration with web proxy. Default value is "/dlp".
ICAP response mod path

ICAP response mod path is used during ICAP integration with web proxy. Default value is "/dlp-respmod".
ICAP maximum connections

ICAP maximum connections is the limit of connections between MyDLP and the ICAP enabled proxy server. Default value of "0" denotes unlimited connection.
MyDLP user certificate

MyDLP user certificate is used while intercepting SSL traffic by MyDLP. You can download this SSL certificate here. After adding this certificate into your Active Directory domain certificate store domain users will not see certificate error in intercepted web pages.
69
MyDLP
Users inner tab

Administrative Users
Administrative users are users who can log on to MyDLP Management Console to change settings and DLP policy or view logs, reports and archived files. Administrative users have specified roles which can be used to provide segregation of duties. Each user can have only one role.
Types of Administrative Users Roles in MyDLP

ROLE_SUPER _ADMIN
Super Administrator role has the ultimate authority in a MyDLP system. Super Administrator sets up and configures MyDLP during deployment. Default "mydlp" user in a fresh installed MyDLP Server has this role. Super Administrator has all the privileges as below: Create administrative users. Assign roles ROLE_SUPER_ADMIN, ROLE_ADMIN, ROLE_AUDITOR, ROLE_CLASSIFIER to other administrative users. Delete other administrative users. Edit Email, Username and Is active property of other administrative users. Set password for self and other administrative users. See DLP event logs and content data attached to event logs. Set and Edit AD Authority Scope to administrative users with ROLE_AUDITOR role. Edit DLP policy and objects Install policy Edit all settings under Settings Tab.
ROLE_ADMIN
Administrator has restricted technical management access. Administrator manages day to day operations Administrator is able to control DLP policy and edit almost all settings. . Usually Administrator is an employee from the IT department and does not need to have the privilege to see confidential file contents captured during Archive or Quarantine actions. Administrator is not able to see the content data in DLP incident logs. Administrator has the below privileges: Create administrative users. Assign roles, ROLE_ADMIN, ROLE_CLASSIFIER to administrative users. Delete administrative users which does not have ROLE_SUPER_ADMIN role other than itself. Set password for self and other administrative users which do not have ROLE_SUPER_ADMIN and ROLE_AUDITOR. See DLP event logs not to see content data attached to logs. Edit DLP policy and objects. Install policy. Edit all settings under Settings Tab, has restricted access to Users Tab.
70
MyDLP
ROLE_AUDITOR
Auditor has restricted access to Logs Tab. Auditor needs very little technical knowledge and do not have the ability to change any settings or DLP policy. Auditor can be an executive, legal department and Auditor is able to see DLP event logs and content data attached to these logs. Authority Scope is a restriction which can be defined when MyDLP integrated with Microsoft Active Directory, limits the events that can be seen by Auditor to one or more specified organization units. Auditor has following privileges: Set password for self. See all DLP logs and content data attached to logs (If Authority Scope is not specified) See DLP logs related to specified Authority Scope(If Authority Scope Specified)
ROLE_CLASSIFIER
Classifier has restricted access to Objects Tab. Classifier is able to upload documents to previously specified Document Databases. Set password for self. Upload documents to predefined Document Databases
Adding a super administrator user

1. Go to users tab under options tab. 2. Click on 3. Enter email address for new user. 4. Enter user name for new user. 5. Check Is active? checkbox if you want to activate user. 6. Select ROLE_SUPER_ADMIN 7. Click Save
71
MyDLP
Adding an administrator user

1. Go to users tab under options tab.
2. Click on 3. Enter email address for new user. 4. Enter user name for new user. 5. Check Is active? checkbox if you want to activate user. 6. Select ROLE_ADMIN 7. Click Save.
Adding an auditor user

1. Go to users tab under options tab. 2. Click on 3. Enter email address for new user. 4. Enter user name for new user. 5. Check Is active? checkbox if you want to activate user. 6. Select ROLE_AUDITOR 7. If you want to restrict auditor user's log monitoring ability check Has Authority Scope? checkbox. To do this MyDLP should be integrated with a Microsoft Active Directory domain. Select an active directory domain group or user and click 8. Click Save. icon.
72
MyDLP
Adding a classifier user

1. Go to users tab under options tab. 2. Click on 3. Enter email address for new user. 4. Enter user name for new user. 5. Check Is active? checkbox if you want to activate user. 6. Select ROLE_CLASSIFIER 7. Select one or more previously defined Document Database. Click to move them to the list on the right. 8. Click Save. icon
73
MyDLP
Deleting an administrative user

1. Go to users tab under options tab 2. Select the user that you want to delete 3. Click on
Editing an administrative user

1. Go to users tab under options tab 2. Select the user that you want to edit 3. Click on 4. Change properties of user as you need. 5. Click Save.
74
MyDLP
Setting password for an administrative user

1. 2. 3. 4. 5. 6. Go to users tab under options tab Select the user that you want to change password for Click on Type new user password. Re-type new user password. Click Save.
75
MyDLP
Endpoint inner tab

Log level
Sets global operational log level for endpoint nodes. Available values are: error, info, debug.
Sync interval
Sync interval is the time between synchronizations between MyDLP Endpoints and MyDLP Network Server in microseconds.
Log limit
Size of the operational logs kept on MyDLP Endpoint in bytes. Default value is 1048570 (10 MB). Raising this value too much may fill hard drives of machines running MyDLP Endpoint.
Discovery interval
Discovery interval shows the time period between running discovery rules in microseconds.
Discover on startup
If discover on startup option is checked, discovery rules will be run during MyDLP Endpoint startup before waiting for the discovery interval.
Ignore max size exceeded logs for discovery channel

Suppress redundant logs which will appear while discovery of large number of files.
Log Spool Soft Limit

Size of DLP log and content on MyDLP Endpoint in bytes. If DLP log and content size passes this value content data will be discarded. Increase this value to keep more data on endpoints when they are not connected to company network.
Log Spool Hard Limit

Size of DLP log and content on MyDLP Endpoint in bytes. If DLP log and content size passes this value logs and content data will be discarded. Since log entries increases much more slower than logs, it is unlikely to reach this limit. However if you increate Log Spool Soft Limit, increase Log Spool HArd Limit accordingly.
76
MyDLP
Advanced inner tab

Settings in advanced tab are rarely required to be changed, only for very special deployment and clustering scenarios. It is not recommended to change these. Contact support@mydlp.com if you need further information.
Maximum Object Size

This field states the maximum chunk size of object which is processed in MyDLP in bytes. Increase this number to analyze larger files. Although MyDLP is very efficient, analyzing very large files can decrease performance and archiving or quarantining large files may require substantial storage space.
77
MyDLP
USB ACL inner tab

Using USB ACL inner tab you can add USB devices to white list and block unknown devices. In order to activate this property, you must check "USB Serial Access Control" checkbox. In order to identify new USB device to MyDLP, you can use "MyDLP Endpoint Device Console" tool which are available in your distribution package. Contact support@mydlp.com if you need further assistance. After finding device token and unique id with the help of this Add New USB Device tool, click button and enter these information to user interface in order to identify USB devices.
Adding descriptive comment such as user name, department purpose etc. is necessary since it is hard to determine Unique Id or Device Token of a USB stick later. You are also able to search identified USB devices by using search field and button. Searching on device token, unique id and comment is available. In addition, by clicking reset button, you are able to remove search criteria from USB devices.
78
MyDLP
Enterprise inner tab

Mail Archive
Mail archive option archives all mail traffic without checking its content. Check this to use MyDLP as a mail archive product.
Web Archive
Web archive option archives all web traffic without checking its content. This option may require substantial amount of storage depending on your web traffic.
ICAP Minimum Archive Size

Minimum size of data to be analyzed in a web response in bytes.
Edit Denied Page

Edit denied page is used to edit denied page template using HTML. This paged is used to reply requests blocked by Web Rules and Mail Rules. %%MESSAGE%% is a variable which can be defined for each Web Rule and Mail Rule differently. Any %%MESSAGE%% occurrence will be replaced by message defined in related rule before displaying the message to user.
79
MyDLP Example web rule using message.
Example blocked web page and mail in Microsoft Outlook below.
80
MyDLP
Email Notification
You can customize email notifications defined in policy rules as below.
Syslog Settings
You can define Syslog servers to redirect MyDLP logs by defining host, port and Syslog facility. You can redirect three types of logs as below: ACL logs are DLP logs which you will be most interested, shows DLP incidents. Diagnostic logs are logs about operation errors and system health. System Reports are audit logs which have detail about every action taken on MyDLP management server. It provides accountability.
81
MyDLP
IRM inner tab

This tab is used to integrate with Seclore IRM product. Please contact support@mydlp.com if you want to integrate MyDLP with Seclore.
82
MyDLP
The dashboard tab

Dashboard tab shows the status of product license and customizable status widgets.
Adding dashboard items

1. You can add new dashboard item by clicking:
2.
Select the dashboard items that you want to use as below
Display Weekly Report

Weekly reports are summary reports including dashboard items with last week's data
83
MyDLP
The revisions tab

Revisions tab is used to see and restore past policies. On the table on the left hand side you see the named policy bookmarks. On the table on the right hand side you see the past policy revisions. When you install a policy a policy revision will be created automatically. You can also save the policy that you define in the policy tab by clicking Save current revision. You can give a name to a specific revision by clicking on icon. Named revision will appear in the list of named revisions bookmark list.
84

MyDLP Administration Guide

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

MyDLP Administration Guide

Încărcat de

Drepturi de autor:

Formate disponibile

MYDLP