DataLock Policy (DLP) Guide

  Add-On Product Guides

DataLock polices can be configured for three different types of Data Loss Prevention:

  • Email/Email Attachment Policy
  • Removable Media (USB) Policy
  • Data at Rest (DAR) Policy

 

Note: Customers cannot assign DLP to a previously purchased InterGuard, Web Filtering or Employee Monitoring product. In this circumstance they must uninstall this software and re-install with the specific DataLock installer.

If you would like to install the DLP along with other InterGuard products on a single device, install the DLP product first and then you will be able to provision other products such as InterGuard Employee Monitoring from the user interface.

To begin configuring policies, login to https://login.interguardosftware.com and navigate to DLP > Policy Management

  1. Policies will be displayed by Group, which can be changed in the filter at the top left section of the page.
  2. After the group is selected, click the “Add” button, which will open a “Policy Wizard” to configure the type and conditions of the policy.

Email / Email Attachment Policy

Email and Email attachment policies allow you to scan outgoing emails and their attachments to ensure the content of an email is not violating said policy.

You can choose to:

  • Monitor the content of the email body and the attachments, based on Alert Words.
  • Block specific file types from being attached and sent in an email.
  • You can only choose one of the above conditions per policy.

 

  1. Select Email / Email Attachment
  2. To create a DLP policy based on “Alert Words” to trigger a violation select Email Content and Attachments and click “Next”.
    • Note: Both types of conditions cannot be selected when setting up the same policy. You will need to create two different policies to achieve this.

 

  1. Select one or more “Alert Word Category” and set the occurrence rate, which triggers the violation if a word from that category is present that many times in the email. A higher number of occurrences will report less violations.
    • Note: If you select more than one category, words from each category will need to appear to trigger the violation.

  1. Select the email client type you’d like to apply the policy to.
    • If the policy in question is requested to be configured for only one type of email, you can select to apply the policy to Outlook or Webmail only.
      • Webmail includes all types of supported webmail: Gmail, Yahoo Mail, AOL Mail and Outlook Web Access.
    • The option to exclude specific emails is based off of entire Alert Word categories. If any words in a specified category are present, this will prevent the policy from causing a violation.

5. Select the Group(s) you’d like the policy to apply to.

  1. Name the report and configure the violation notice settings.
    • Severity: Sets the severity label of the report. Severity Is an Internal label used to easily Identify the scope of a violation.
    • Overridable: Allows an administrator to be notified and subsequently override the violation event.
    • Upload Context: If set to “Yes” will upload the full context of violation (i.e. the body of the email), or If set to “no” will upload just the alert word that triggered the violation.
    • Upload Data: If set to “Yes” will upload a physical copy of the offending file which can then be downloaded from UI, or If set to “no” will only show the name of the offending file.
    • Report Only: This will only generate a notification that a policy violation has occurred, but it will not prevent the user from committing the violation. The user will not see any prompt on their screen for this policy type.

7. Select the recipients and frequency of the policy violation notification.

8. Once the new policy has been generated, it will need to be enabled from the Policy Management Dashboard.

    • IMPORTANT: When a new DLP policy is created, any machines that the policy has been enabled for must be rebooted for the policy to work. Due to the nature of DLP, this step is a requirement. Forcing a settings download alone will not activate the policy.

9. To create a DLP policy that blocks file types from being sent as attachments select “Block File Types”

    • Select one or more of the listed categories of file types. DLP scans the metadata of the file so if the file extension is changed it will still be flagged as a violation of the set policy file type.
      • Individual file extensions cannot be selected. DLP block by file type will scan the meta-data of the file to identify the type of file that is present, regardless whether or not the file extension has been renamed.

 

Removable Media Policy

File Removable Media policies are created using the same policy wizard application detailed above. Removable Media policy can be configured for:

  1. “Alert Word” content.
  2. File types.

DLP scan for USB policy violation will occur when the removable device is ejected or removed from the machine. File transfer will look as though it has completed successfully but the file will become corrupt when the device is removed.

 

Disable Removable Media Policy

 

IMPORTANT: This policy type will override all other Removable Media policies

The Policy Wizard for Disable Removable Media provides the option to both prevent Write only or Read and Write access to the USB device.

    • Write will prevent any files from being uploaded to the device.
    • Read and Write will prevent a user from uploading files to the device or from accessing files that are present on the device.”
  1. Select the policy restriction type

  1. Follow steps 5 through 8 listed above to complete the policy setup.

 

Data at Rest Policy