Data Loss Prevention

Dears

i face a problem here

i have DLP v11.5.1 on windows server 2008

i implement the templet policy (payment card - PCI-DSS)

confiugerd policy to block any action on all channels for more than one card and it work good but after apply. i face two issues:

frist:- any one type one card number more than one time >> blocked although this is ONE!!!!!

second :- need to prevent all agent to send to share folders (on file servers)  EXCEPT one sfile server.how can i implement that

thants for your support

Mostafa

Hello mostafa,

 Default policy are sometimes not the best way to implement your control.

In your DLP policy, try to use credit card number data identifier to detect card and ask it to detect X unique CC numbers. Regexp and keywords DLP is not able to detect uniqueness so 5 times same CC number is equal to 5 different CC numbers.

Regards

Hello stephane

thanks for you replay

could you please give me some detials to be able to solve this issue...

thanks

Mostafa

Hi mostafa,

 It is not too complicated.

-Go to "Manage"/"Policy List"

- Select your exiting PCI-DSS policy

- Click on "Add Rule"

- Select "Content matches data identifier", and in dropdown menu select "Credit card number"

- Click on "Next"

- Give a Name to your rule

- Select "Narrow" (at least to start testing your policy, after that you will be able to be more restrictive)

- Select "Count all unique matches"

- Click on "OK"

- Then save your policy

 Regards

thanks for your response

but i didnt find "Count all unique matches"

 policy is configuerd as follwoing

Check for existence (don't count multiple matches)
Count all matches and only report incidents with at least matches

thanks

for your help

hello,

 sorry, i just read your first message...you are using 11.5.1, i think this functionality was introduced in 11.6 (at least it is available in 11.6).

 regards.