Data Loss Prevention

I have recently inherited a DLP system after moving in an information security role and am slowly getting up to speed on administering the product.
The primary purpose for DLP in our organisation is to detect PCI related incidents.

I want to add some exceptions to the PCI policy whereby specific URL's are ignored and not reported on e.g. personal banking etc.

Is it possible to do this on a case by case basis?

Any help would be greatly appreciated - thanks in advance.

Paolo,

Welcome to the DLP world.

Yes you can do exceptions for specific URL's when it comes to any policy.

1. When you are editting the PCI policy, look at the 2nd Tab of the policy (Group or Recpient).
2. Under that section you can ADD an EXCEPTION. (bottom area)
3. The Exception will be for the Recpient or Destination IP
4. In that section you will see a field for the URL.
5. Add the URL or a wildcard for it and Save. (when on that page look at the online help for more details)

Another idea that you can do with the policy is to increase the minimum match count for the PCI matching to 2 or more. This will remove a lot of the issues with flase positives.

I have explained this to all of my clients that you are more concerned about LOSS of data, and 1 single CCN is typically not how people will try to steal or send information out. SO 2 or more will take care of those personal sites and emails that are legitimate.

Check with your security team before makng the changes.

Hope this makes sense.

If this solves your questions please marked as solved.

Ronak

Many thanks Ronak, much appreciated...