Data Loss Prevention

what are the different method for policy tune up?

Hello. Have you look this artical https://www-secure.symantec.com/connect/articles/approach-fine-tune-dlp-policies https://www-secure.symantec.com/connect/articles/symantec-dlp-policy-note-beginners

Hi Akhilesh,

You can mature DLP policy by

1)adding some new threat detection as per periodic security review and

2)adding exception to reduce false positive incidents.

 

Above both can be achieved for network and enpoints, for network u can prepare some list of senders which can be whitelisted and some can be blacklisted based on policy creation and classifiaction. At endpoints u can apply IP filtering solution to reduce false positive.Also u can detect or excluse certain file types,folders etc.U can designed effective and accurate detection keywords to detect more precise DLP incidents of policy vialtion.

reduction in false positive not only reduce application, server,network utilization but also aattention to in neccesay generated incidents which reduce time to handle incidnet.

Please also refer below links

https://www-secure.symantec.com/connect/articles/approach-fine-tune-dlp-policies

There are many different methods for "policy tuneups" as you call it.  Who owns the policy(s)?  Schedule a review with the policy owner to review the incidents being captured, or not captured to define what should be added (a detection rule) or excluded (an exclusion) from said policy.  How often are incidents being remediated?  Who is remediating incidents for this policy and are they doing so according to the agreed upon sla?

 

This is just a starting point and there are many other things to discuss in regards to this but I would suggest scheduling a meeting with the policy owners as a starting point to at least talk about how to improve upon the policy(s).