Data Loss Prevention

 View Only

  • 1.  How to avoid Disclaimer incidents from genetaing cause of "Confidential"

    Posted Jul 30, 2011 07:51 AM

    Hi All,

     

    We have Data Loss Prevention 10.5 Network Monitor. We have created policy with "Confidential" to be detected. However we are getting incidents for Disclaimers too. Which unneccessarily annoys and increases the count of incidents.  Is there any way we can avoid these as Incidents should not be generated only for disclaimers. It should be generated only if word is found within Message body (except disclaimer)

    I tried putting these words in to exceptions but resulted that entire mail was exempted from generating incident.

     

    Any suggestions and workaround are welcome

     

     

     



  • 2.  RE: How to avoid Disclaimer incidents from genetaing cause of "Confidential"

    Broadcom Employee
    Posted Aug 02, 2011 07:01 AM

    May be you can try to use ‘Content Matches Regular Expression’.

    For example, the disclaimer is the first 200 characters, then, create a regular expression to exclude the first 200 characters.



  • 3.  RE: How to avoid Disclaimer incidents from genetaing cause of "Confidential"

    Posted Aug 02, 2011 12:57 PM

    The above suggestion won't work.  The exception will get applied to the entire message, and you'll therefore except any message with that disclaimer from further inspection.

    What you want to do is create a Regular Expression that detects the word "confidential" when not in the context of the rest of the disclaimer (or subparts thereof).  Find someone who knows how to write good Regular Expressions.  Or better yet...get yourself upgraded to V11 and create yourself a Custom Data Identifier.  You could exclude preceding or trailing words within a Custom Validator using that, and it should be quite simple.

    ~Keith



  • 4.  RE: How to avoid Disclaimer incidents from genetaing cause of "Confidential"

    Posted Aug 02, 2011 01:05 PM

    Again, I'd prefer to go with a Custom Data Identifier...but if you had to go with the regex, you could easily do something like this (happened to find some notes from a customer that I did this for previously):

    Regex: confidential (?!document)

    Will match the word "confidential" in the following sentence: "The message that I am writing is confidential and for your eyes only."

    Will not match the word "confidential" in the following sentence: "This is a confidential document."

    You'll need to test that out, of course, and probably want something a little more robust, but that might get you started.

    Regards,

     

    ~Keith



  • 5.  RE: How to avoid Disclaimer incidents from genetaing cause of "Confidential"

    Posted Aug 03, 2011 01:39 AM

    Hi Keith

     

    Thanx for revert

    Will give a try and will let u know if found something out of box.

    :-)



  • 6.  RE: How to avoid Disclaimer incidents from genetaing cause of "Confidential"

    Posted Aug 23, 2011 09:50 AM

    Are there any guides for creating a Data Identifier.

    Thanks



  • 7.  RE: How to avoid Disclaimer incidents from genetaing cause of "Confidential"

    Posted Sep 29, 2011 07:25 AM

    a) Identify a set of keywords that are common amongst most disclaimers. Create a keyword based (DCM) exception rule along with a Regular expression (using AND).

    b) Validate the exceptions by creating another policy to Monitor the required AND the exclusions (DCM + Regex).

    c) Fine tune the DCM as well as Regex, until you get a decent success ratio.

    d) Once the exception gives a good success ratio (95 - 99%), you may decomission the validation policy.