Dears 

the customer need to mask the DLP Credit Card incidents , any ideas ?

Chapter 2 - The Concept of DLP - Monitoring and Blocking Confidential Data

Hi Praveen , 

This is not relevant to masking the incidents that contains confidential data 

Thanks

Hello,

The easiest way that comes to my mind is to review the DLP roles which can open such inidents/policies and remove the access to the Matches. If you dont want anyone with access to it, I would remove also the attachments, body and ability to export to XML.

Regards,

Hello Morgado , 

There is no other option other than the roles of the users ?

Thanks

As far as I know there is no other option.. taking in consideration it's the credit card match which triggers the incident.

I just put a ticket in for this a few days ago. Basically our auditors do not want the full credit card or ssn stored in the database so I reached out to support and they responded back by saying there is no way that DLP will mask or only store the last 4 of either the credit card or ssn. It will only store the full number.

The only time it will mask it or remove it is when roles are used in the console. I understand from the auditors perspective as it brings DLP into scope but from an audit trail perspective it is a bad idea.

They just need to trust those that have admin access to the console to do the right thing.

Hi,

As of now Symantec DLP does not have any option for credit card number/ masking of sensitive data.

There is an existing enhancement request opened for masking the credit card number/ masking of sensitive data.

You can contact the DLP Support team for getting more details for masking.

I have posted this as an Idea. please do vote in and share your feedback that as a comment. the product development team and directly visibility to this section and they do periodic review and implement the ideas wherever possible.

https://www-secure.symantec.com/connect/ideas/mask-sensitive-infromation

All,

I know this is not the anser you are all looking for... 

Just as a side note.. if you get push back from auditors or anyone on the storage of SSN or CCN's in the DLP DB.. let them know the following.

The Oracle DB that DLP uses is following the PCI requirements for the storage of that data. Meaning that the DB is encrypted and the information that is within the DB cannot be accesses except through the DLP console. The DLP console has user based roles and access restrictions which will limit the view and access to the data stored within the DB. 

The CCN or SSN data can be purged from the system after the incident is reviewed or deemed as not necessary to store the attachments or transmission payload. This will eliminate the risk of continaully storing the data, This needs to be part of a remedeation process to purge data on a regular basis.

Also as mentioned you can create roles to BLOCK the viewing of data/attachments/body of the incidents. Though in most cases you need to have this information in order to do some sort of review.

This might help remove concerns on the storage of information.

Thanks

Ronak

PLEASE MARKED SOLVED WHERE POSSIBLE