Data Loss Prevention

 View Only
Back to Library

Create DLP Policy for Special User Group 

Oct 01, 2011 07:18 AM

The purpose of the DLP product is preventing the leakage of enterprise's confidential data. But, under an enterprise environment, the confidential data are different between each department.

For example, the key word 'Finance' maybe a sensitivity word of the Finance Department, but, the Research Department may regard this word as useless. That's mean the policy of key word 'Finance' should be implement to the Finance Department only. On the other hand, the key word 'Research' should be implement to the user on the Research Department only.

Symantec Data Loss Prevention provides Directory Group Matching (DGM) to detect the exact identities of users, senders, and recipients.

You select the group from the users, groups, and business units that are defined in your company's directory server. After the user group is constructed, you can associate it with the User/Sender and Recipient conditions, or with Discover targets. After you apply the policy or target to the group, it only applies to users who are in the group. Or, an alternate example is that you want to create a policy that applies to your entire company except the CEO. You can create a user group that contains only the CEO as a member and use that group as an exception to the policy.

Symantec Data Loss Prevention supports directory server connections to Microsoft Active Directory (AD). But, actually, you can implement this kind of policy within an AD environment or without an AD environment.

Below are the steps of the configuration within an AD environment:

1. Log into Enforce Console, choose 'System' --> 'Settings' --> 'Group Directories', click 'Create New Connection', enter the information of the AD:

You can choose to index the gorup directory:

2. Select 'Manage' --> 'Policies' --> 'User Groups', click 'Create New Group', under the 'Directory Server', choose the server added in step1, after the directory refreshed, select the OU from the directory tree:

Repeat this step to add the other group/OU.

3. Select 'Manage' --> 'Policies' --> 'Policy List', click 'Add Policy', choose 'Add a blank policy'.

4. Under 'Detection' tab, click 'Add Rule' to add a 'Content Matches Keyword' rule to detect the key word 'Finance':

5. Click 'Gorups' tab, click 'Add Rule', choose 'Sender/User based on a Directory Server Group' under 'Sender/User matches User Group', then click 'Next':

6. Under 'Conditions' section, click to choose the group that will implement this policy:

 

Then, this policy will be only implement to the group Finance.

If an user on the Finance OU send out a file that contain the word 'Finance', an incident will be generated. But, the other users on the other OU/group will not.

Statistics
0 Favorited
11 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Gowrisankar Pathivada
Feb 04, 2019 06:17 AM

Hi Rajinikanth,

You need to create a group policy and in sender/users matches pattern tab you will get an option for exception, you mention that particular mail and try it.

Regards

Gowrisankar

rajinikanth buyyan
Aug 31, 2018 12:09 PM

Dear Everyone,

 

1)One of our costumer requirement is Who ever sends the Documents like (Excel,pdf,txt) through Email,Dropbox anything else. They need to send mails only to particualar User id supose say (Rbuyy@gmail.com) if they said any documents other than this Email id (Rbuyy@gmail.com) should be Blocked.

2)i have written the policy as Exceprtion for (Rbuyy@gmail.com) but it is also blocking.

3)It is for Endpoint DLP. Without integration of AD server.

 

Note :1) If possible please ping me since longtime we are working on it but no output.

2) If it is possible through AD how??

TΩαsz
Jul 05, 2018 10:32 AM

Is it possible to export a list of all added groups "ou=Finance,dc=demo,dc=local..." ? In my environment we have let's say 100 independent User groups and each is conected with different group in AD. I would like to get information which AD groups are already used & connected with User Group and Policy.

ℬrίαη
Dec 16, 2015 12:26 PM

Best to get a new thread opened up. This one is two years old.

Migration User
Dec 16, 2015 12:13 PM

I appreciate this is an old post, but having the same problem on v 12.5.2. 

The system doesn't detect on Network Monitor, however the AD email attribute is popuplated correctly. 

Has anyone solved?

Migration User
May 29, 2013 09:21 AM

Hi Claire

I am having the same problem as you... Have you managed to fix this? If yes, what was the solution?

Thanks in advance

Migration User
Jul 30, 2012 09:47 PM

I also follow the step to create the special user group, but while I choose the specified user group, then DLP can't capture any incident, even the sender match the user group, my version is "11.5.1010.07001"

 

Related Entries and Links

No Related Resource entered.