Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
848 Views 3 Replies Latest reply: Jan 31, 2013 5:17 AM by alexott RSS
mgarten Newcomer 18 posts since
Nov 23, 2011
Currently Being Moderated

Jan 31, 2013 2:05 AM

Web Gateway 7.3 - DLP

Hello,

 

I have the need to use the DLP  function within the Webgateway 7.3.

It shall be used to block the update of documents which have a specific text string inserted (e.g. Confidential -only for internal use).

 

I checked the different DLP options and the properties, which can be used for the DLP rules.

Im confused about the settings. So my question is whether somebody does have it already running and could put a rule example.

 

Thanks

 

mgarten

  • alexott McAfee Employee 125 posts since
    Jan 19, 2011
    Currently Being Moderated
    1. Jan 31, 2013 2:32 AM (in response to mgarten)
    Re: Web Gateway 7.3 - DLP

    Hello

     

    DLP in MWG consists from 2 filters:

    1. DLP using predefined set of DLP classifications
    2. DLP using user-defined set of words & patterns (regexes)

     

    Each filters is controlled by corresponding Settings, so before use, you need to go to Settings tab, and create new settings (both settings have common options described below):

    1. To use DLP classifications, you need to create corresponding Settings, and select needed DLP Classifications from tree view
    2. To use DLP dictionaries, you need to create corresponding Settings, and enter several words or patterns that you want to look in text

     

    Common options in Settings:

    1. Tracking policy: Maximum - DLP filter will search for all terms, even when threshold will already reached. Minimum - stop searching if threshould reached
    2. Reported content width - how much text around match should be shown in results. The match itself in square brackets (for example, '[ test ]'), but using text around, you can find where it's in the text
    3. Context list size - how much matches will be reported back. If text will contain more matches than specified - they will be counted against threshold, but won't be shown

     

    Both DLP filters are used similar way - you need to create rule like 'DLP.Classification.BodyText.Matched equals True' or 'DLP.Dictionary.BodyText.Matched equals True' and specify which settings you want to use.  When this rule will be evaluated to 'true', then you can use properties like DLP.Classification.BodyText.MatchedClassifications or DLP.Classification.BodyText.MatchedTerms to log the list of classifications and/or terms that were found in text that was extracted from current body (document, etc.). For dictionaries, there is DLP.Dictionary.BodyText.MatchedTerms property that returns information about terms that were found in your text.

     

    Besides DLP properties that works with text, extracted from current body (they have BodyText in their names), there is als another set of properties with 'AnyText' in the name - these properties has similar functionality, but can be used with any text, for example you can combine Body.Text with values of some headers, etc.

     

    You can import examples of rules for DLP from MWG's Rule Library, but if you want to check only uploaded documents, then you need to disable DLP for response cycle (default rules consists from 2 rulesets - for requests & for responses).

     

    I hope, that this will help you. If something isn't clear, I'll try to answer to your questions.

  • alexott McAfee Employee 125 posts since
    Jan 19, 2011
    Currently Being Moderated
    3. Jan 31, 2013 6:37 AM (in response to mgarten)
    Re: Web Gateway 7.3 - DLP

    we have problems with extraction of text from some PDF files, so this maybe a case.

     

    on 31/01/13 13:37:57 CET

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points