2 Replies Latest reply on Dec 5, 2011 4:31 AM by townendk

    Is DLP suitable for my requirements?

    townendk

      Hello Guys/Girls,

      Apologies up front, there's a lot of assumed knowledge which I'm missing in regards to DLP so I may have a lack of basic understanding to overcome in this discussion.

       

      I've quite recently 'inherited' ePO and associated tools at my place of work and I've worked to get to grips with our agent handlers, basic policies and agent deployement - and I think I'm just about getting there!

       

      Up next is DLP, and to get started I'd like to see if it could be used to monitor and track the movements and interactions of a specific file. I've gone through the tagging wizard to create a tag which I *think* should apply to only a specific file format with a specific text string within it, but I'm struggling to put this tag to purpose and produce any kind of reporting/monitoring of it.

       

      Within the 'DLP Monitor' section of ePO I've setup a filter which should only display the 'tagged actions' but it isn't displaying much of anything at the moment!

       

      Before I get stuck into the specifics of what I'm doing wrong, can DLP be used to track the movements of a specific file whether it's emailed as an attachment, copied to physical media or saved to a desktop?

       

      Kind Regards,

        • 1. Re: Is DLP suitable for my requirements?

          There is no explicit monitoring of a single file.  To apply protection/monitoring to the file you need to apply a tag or a category with the appropriate tagging or categorization rules.  If the specific file you are looking to monitor is stored on a file share, you can use a Registered Document Repository to fingerprint the file and its content and apply a Content Category.  Otherwise, a combination of text patterns and dictionarys will be needed.

          • 2. Re: Is DLP suitable for my requirements?
            townendk

            Thanks dgriner. I've spent some time with DLP and I've now succesfully created a classification rule by identifying specific text strings combined with the file type and extension.

             

            I've applied this to a monitoring protection rule for Email and Network, and this seems to be working fine.

             

            Thanks again.