All,
I am just curious to see ideas of what some of you have done regarding policy groups in DLP. I usually create policy groups around server types (DIM, DAR, DIU) so that I can create policies that are specific to each detection server. This allows me to create policies that are meant for Endpoint or Web Prevent so that our endpoint agents do not need to suffer performance impact from policies that may not belong in the endpoint world. Another example would be that a Web Prevent policy should never need to be burdened with exclusions/inclusions for email related info (sender/recipient).
My issue has always been with reporting though. By creating policy groups around the detection sever types, this usually results in policies with names like "CCN - Endpoint" and "CCN - Web Prevent" and then assigned to the approriate policy group. I understand that policy names can be the same as long as the policy group is different but the summarization and reports don't show which policy group a policy belongs to.
I'm just curious to see what others have done or am I just under estimating the capabilities of the detection servers and should just combine all server types into one policy group?
Thanks,