Video Screencast Help

Dlp policy

Created: 07 Feb 2013 • Updated: 20 Feb 2013 | 3 comments
This issue has been solved. See solution.

what are the different method for policy tune up?

Discussion Filed Under:

Comments 3 CommentsJump to latest comment

kishorilal1986's picture

Hi Akhilesh,

You can mature DLP policy by

1)adding some new threat detection as per periodic security review and

2)adding exception to reduce false positive incidents.

 

Above both can be achieved for network and enpoints, for network u can prepare some list of senders which can be whitelisted and some can be blacklisted based on policy creation and classifiaction. At endpoints u can apply IP filtering solution to reduce false positive.Also u can detect or excluse certain file types,folders etc.U can designed effective and accurate detection keywords to detect more precise DLP incidents of policy vialtion.

reduction in false positive not only reduce application, server,network utilization but also aattention to in neccesay generated incidents which reduce time to handle incidnet.

Please also refer below links

https://www-secure.symantec.com/connect/articles/a...

SOLUTION
fivelakes's picture

There are many different methods for "policy tuneups" as you call it.  Who owns the policy(s)?  Schedule a review with the policy owner to review the incidents being captured, or not captured to define what should be added (a detection rule) or excluded (an exclusion) from said policy.  How often are incidents being remediated?  Who is remediating incidents for this policy and are they doing so according to the agreed upon sla?

 

This is just a starting point and there are many other things to discuss in regards to this but I would suggest scheduling a meeting with the policy owners as a starting point to at least talk about how to improve upon the policy(s).