Data Loss Prevention

 View Only

  • 1.  Exact Data Match Exclusion for Known Items

    Posted Apr 17, 2014 02:00 PM

    I know the Symantec DLP can idenify incidents from exact data matching for data in motion.  However, I do not know a way to  exclude incidents that match an EDM listing.  

    Specifially I have a list of 1000 numerical items that look like credit card numbers but should not trigger an incident with DLP.

    Has anyone found a way to do something like this?



  • 2.  RE: Exact Data Match Exclusion for Known Items

    Trusted Advisor
    Posted Apr 18, 2014 02:09 AM

    hello

     unfortunately you are right, you cant use EDM in exception rule.

    So the simplest way to do it, it is to do an exception rule with keywords..(but it is harder to manage it later if you have to update or delete some). if you find a specific pattern, you can try to use regexp (just be sure you are not excluding too much number). For both solution there, your issue after that will be that you still want to raise an incident if you find a real CC number, and using an exclusion wont allow you to do that as you will exclude completely your component or your message.

    So i think the best way to do it is using a data identifier (existing one or a new one) for credit card number in which you will add a  "exclude exact match" validator which will contains your list (you can have a look at the one which already exist in DLP, it is done excatly like that plus some other validators like Luhn check...)

     regards



  • 3.  RE: Exact Data Match Exclusion for Known Items

    Broadcom Employee
    Posted Apr 20, 2014 11:20 AM

    Actually, I cannot catch up with your exact requirements?

    The EDM profile can be added into a policy, and, can be added into a exception at the same time.

    So, what do you really want to do with the EDM profile?



  • 4.  RE: Exact Data Match Exclusion for Known Items

    Posted Apr 23, 2014 03:08 AM

    At the Manage > Policies > Policy List > Configure Policy - Add Exception screen you add one or more exceptions to a policy. If the policy matches an exception, the detection engine does not trigger an incident.

    To add an exception to a policy

    Add an exception to a policy.
    To add a detection rule exception, select the Detection tab and click Add Exception.

    To add a group rule exception, select the Groups tab and click Add Exception.

    Select the policy exception to implement.
    The Add Detection Exception screen lists all available detection exceptions that you can add to a policy.

    The Add Group Exception screen lists all available group exceptions that you can add to a policy.

    If necessary, choose the profile, data identifier, or user group.
    Click Next to configure the exception.