2 Replies Latest reply on Oct 29, 2010 8:29 AM by greyone0356

    Advanced Compliance and encrypted email

       

      We’ve been running 6.7.2 for a while (and just applied HF4), and we have been running the system with the standard dictionaries for PCI and HIPAA as a safety net (poor man’s DLP).  One of the things we’ve noticed is that the system is working a little TOO well, and we’ve been getting some high profile false positives (that is, director level and above).

       

       

      With that said, I’m looking for some alternatives.  Near as I can tell, they are:

       

       

      1. Start tweaking the dictionary definitions under normal compliance (outbound)
      2. Give high profile users an ‘open says-me’ that will bypass normal compliance (outbound)
      3. Start training the system with the false positives in an attempt to make the system ‘smarter’

       

       

      #1 and #2 are horrible ideas.

       

       

      #1 is bad because we’ve already been down that road with dictionaries for false positives (and false negatives) for spam, and the amount of time it requires to ‘get it right’ is just more than my management is willing to tolerate.

       

      #2 is bad because it takes the protection out of the system, and subverts the function for one of the more important groups it was put in place for.

       

      Which brings me to #3, and the advanced compliance system.  Does anyone have any experience with using this feature for data loss prevention?  Any tips on setup and management?

       

       

      I’d also be interested in running it in parallel (monitor only mode) with our current setup, to be able to prove that we would be getting improved detection.  Anyone have any experience with that?