Data Loss Prevention

Hi all,

I'm a pretty new user to Symantec DLP and would like to find out how i can index my sensitive documents saved on remote SMB share.

Though i know the steps to create the document profile, i.e Manage -> Data Profiles-> Indexed documents-> Configure Document Profile -> Use Remote SMB share<the actual directory of the remote SMB share>, i would like to find out if saving all my sensitive documents, be it in .doc, .xlsx, pdf, etc on the same directory, will allow me to create that IDM profile once i follow the steps that i described in bold and underlined? Are there other steps that i need to be aware of? 

Will DLP be able to index scanned images of a physical document?

Thanks

Noelle

Noelle,

First you need to understand how and IDM works.. an IDM is a digital fingerprint of a document and creates a hash of the file that are part of the IDM. This hash is then matched against documents and content of of the transmission of data.

When it comes to files we can OPEN (Doc, PDF etc) we can then match against the content hash of the files, this way we can see if we find certain percentages of the document as a threshold of the matching file. (20%, 75% etc)

So when it comes to Images we will ONLY be able to look at exact matches of the hash, so the whole file.

I would ONLY use IDM for specific files that you care about and be restrictive on using the inclusions or exclussion of files. This is NOT to be used as a catch all. It will cosue more problems and false positives if you use it as one.

Once you reate the IDM profile, you will then need to create a polciy for that IDM profile and a Matching threshold (60% etc).. then it will capture the policy violations.

Good luck!!

Ronak

PLEASE MARK AS A SOLUTION IF POSSIBLE