Data Loss Prevention

 View Only

  • 1.  DLP v12.5 Query

    Posted May 27, 2015 06:10 AM

    Does DLP version 12.5 have the functionality to run a "random sample" policy where it is possible to review a set percentage of ALL email traffic?



  • 2.  RE: DLP v12.5 Query

    Posted May 29, 2015 10:47 AM
      |   view attached

    Hello,

    Let's say this way.. i'ts feasible: you could create a detection rule to capture all your traffic email; however also an incident will be created for each message exchanged and your servers would be highly impacted.

    The best solution you have is to install a DLP Network Monitor Server type, which will read all smtp messages exchanged by day, month  .. against the incidents.

    Have a look at attached print.

     

    Cheers,

    Morgado



  • 3.  RE: DLP v12.5 Query

    Trusted Advisor
    Posted Jun 04, 2015 04:48 AM

    hello scott

     

     I think best way to do this is to add in your policy a list of sender email address (in a list or using a DGM) so like that you will analyze only a sample of ALL email trafic (of course this sample will be based always on same list of people)...si you want to add some "random" pattern in your sample...you should use a DGM which you will compute automatically (adding random function) and then reload it automatically for example every hour.

     

     This is not exactly a random sample of ALL email trafic but seems to be the best way to do it (from my point of view).

     Regards