Does anyone knows something about the DLP capabilities of the web appliance ?
Cause I've only seen few options under malware engine about network behavior and dlp.. and I don't really understand what does it do, is that it ?
I was thinking about build a wildcard filtering rule making it mach to any "contect" and if it mach -> block.. and so..
But I can't figure out how to make it work, and also, can it track a document content or only a http/ftp/https information post or none of them ?
At the end I need to understand if this appliance may act as a dlp device and in what terms.
generally MWG has all the required tools on board, we have archive openers, document openers, can extract text, check inside POSTS, even in SSL, etc.
The thing we don't have is simply a lexicon/template that contains stuff like special phrases for HIPAA, PCI, SOX and the like.
What you can do is creating a rule that will match extracted text against a list. You need to have the composite opener enabled.
If Media.Type ensured matches at least one in list
Body.Text matches in list
This was tested with MS Office Documents.
Attaching a rule.
MichaelMessage was edited by: Michael Schneider on 04/11/2010 12:22:22 CET
In addition, here are my test docs. The Test URL I used is http://www.csm-testcenter.org/test?do=show&subdo=common&test=file_upload
How can i import the dictionary of HIPAA, SOX, Etc, from "Email and Web Security 5.6 Appliances", if another McAfee products has the lexicon/templates, why not import to mwg?
the best answer would be 'please be patient'. For more info, contact me per PM on the this forum.
I am testing DLP Capabilities in Webgateway 7.2 and I`ve got some questions. May be someone can help me with them?
1.Using the criterion DLP.Dictionary.BodyText.Matched <TEST Dictionary> for blocking it is necessary that all the terms of the dictionary (TEST Dictionary) have been in the POST message. How to set up the rule so that the presence of any term from the dictionary should perform blocking?
2. How to receive reports on the Users for which the block was performed according to DLP politicies?
Thanks in advance.
When you're using DLP.Dictionary property, it will match if any of the specified terms is present in the Body.Text property. But don't forget to enable Composite Openers before using any of property that use Body.Text
Regarding reporting, I think, that you can write al necessary data into log file and then analyze it
Hi. Thanks for your replay.
When I use DLP.Dictionary.Body.Text.Matched I can choose only equals or does not equal operator.
Message was edited by: geek on 7/19/12 4:58:23 PM GMT+03:00
Yes, this is by design - the DLP in MWG 7.2 is working following way:
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center