Manual Classification and Content Fingerprinting in DLP

Version 2

    Introduction

     

    McAfee Data Loss Prevention provides multiple ways of "tagging" content to classify it and assign policies to sensitive files.

     

    McAfee DLP can use manual classifications as well as content fingerprinting to classify documents.

     

    Video

     

     

    Manual Classification

     

    Manual Classification applies classifications to the files that are not related to the content, but are embedded in the file. These classifications stay with the file even if the contents of the files are changed.

     

    The type of file determines where this data is stores within the files.

     

    File TypeClassification Location
    Microsoft Office FilesStored as a Document Property
    Other Supported FilesStored as an XMP Property
    EmailStored as markup text

     

    Manual Classifications work with McAfee DLP Endpoint, McAfee DLP Prevent, and McAfee DLP Discover.

     

    These manual classifications can be assigned by end users and be applied with a contextual menu, during saving the file, or while the document is open. This allows great flexibility since end users may have a better idea of what documents should be classified as when automated methods have difficulties.

     

    To set up a Manual Classification, Log into ePO. Click on Menu > Classification

     

     

    Then, click on the Manual Classification tab. You can use existing classifications or create a new classification. For more information on creating manual classifications, click here.

     

     

    When a client opens supported Microsoft Office Applications, there is a button that allows the use to perform a manual classification.

     

     

    In addition, supported file types can be classified with the contextual menu (right clicking on a file) with the Data Protection menu option.

     

     

    Content Fingerprinting

     

    Content Fingerprinting provides McAfee DLP with the ability to classify files based on the file location, application used to access the file, or the content within the file.

    McAfee DLP Endpoint client tracks any file that is opened from the locations, or by the applications, defined in the content fingerprinting criteria and creates fingerprint signatures of these files in real time when the files are accessed. It then uses these signatures to track the files or fragments of the files. Content fingerprinting criteria can be defined by application, UNC path (location), or URL (web application).

     

    To apply an application content fingerprint, go to Menu > Classification

     

     

    Make sure that the Classification tab is selected and create a New Classification with the button on the bottom left.

     

     

    Then click on Actions > New Content Fingerprinting Criteria > Application

     

     

    Here, you can name the criteria and select which application you would like to create fingerprints on the files that it creates.

     

     

    Keep in mind that content fingerprints are not embedded in the file and are lost when the file is in motion or uploaded to the cloud (as opposed to Manual Classifications which retains its classification information even when the file is moved or modified).

     

    Registered Documents

    Registered documents is a feature that pre-scans all files in specified repositories and create signatures of fragments of each file in these repositories. These signatures are then distributed to all managed endpoints. The McAfee DLP Endpoint client is then able to track any paragraph copied from one of these documents and classify it according to the classification of the registered document signature.

     

    This allows for classification of documents based on the contents of the documents. It's worth keeping in mind that if the contents of a document changes too much, the document will no longer be classified.

     

    Also, there is a performance penalty when using registered documents so it is recommended to only use registered documents for extremely sensitive files that require it.

     

    To register a document, click on Menu > Classification

     

     

    Then, click on the Register Documents tab.

     

     

    Finally, click on the File Upload button and select the file with the sensitive data that you'd like to classify.

     

     

    This will allow you to upload to document to register and classify documents that match its signature.