In the Rule Base, you can change the default Source (My Organization) and the default Destination (Outside My Org) to any network object, user, or group that is defined in SmartConsole, and you can fine tune user definitions specifically for DLP.
To create a domain object:
The New Domain window opens.
You can set the Source of a rule to be any defined user, group, host, network, or VPN. You can then set the Destination to be Outside. The rule will inspect data transmissions from the source to any destination outside of the source. This will create DLP rules specific to one group of users.
Note the different between Outside Source (external to a source that is a subset of My Organization) and Outside of My Org (external to My Organization). To enable use of Outside Source, the DLP gateway must be functioning in front of the servers that handle the data transmission protocols. For example, to use Outside on SMTP transmissions, the DLP gateway must inspect the emails before the Mail Server does. |
Alternatively, the Destination of the rule could be another user, group, host, and so on. This would create DLP rules to inspect and control the data transmissions between two groups of users.
Examples:
Data |
Source |
Destination |
Action |
---|---|---|---|
Salary Reports |
Finance |
Outside Source |
Prevent |
Data |
Source |
Destination |
Action |
---|---|---|---|
Customer Names |
My Organization |
Temps |
Prevent |
The Legal Department sends confidential legal documents to your legal firm. They need to be able to send to that firm, but never to leak to anyone else, either inside the organization or outside.
HR needs to send legal contracts to all employees, but not to leak to anyone outside the organization.
All other departments should have no reason to send legal documents based on your corporate template to anyone, with the exception of sending back the contracts to HR.
The first rule would be:
The second rule would be:
The third rule would be:
Note - In this rule, you would have to exclude the two groups if you want to ensure that the previous rules are applied. If you chose My Organization as the source of the third rule, it would apply to the users in Legal and HR and thus negate the other rules. |
To ensure that data transmissions to the DMZ are checked by Data Loss Prevention, define the DMZ as being outside of My Organization.
For example, the PCI DSS Requirement 1.4.1 requires that a DMZ be included in the environment to prevent direct Internet traffic to and from secured internal data access points.
To ensure traffic from My Organization to the DMZ is checked for Data Loss Prevention:
SmartDashboard opens and shows the DLP tab.
You may choose to define the strictest environment possible. Using these settings ensures that data transmissions are always checked for Data Loss Prevention, even if the transmission is from and within your secured environment.
Important - You must ensure that legitimate transmissions are not blocked and that Data Owners are not overwhelmed with numerous email notifications. If you do use the settings explained here, set the actions of rules to Detect until you are sure that you have included all legitimate destinations in this strict definition of what is the internal My Organization. |
To define a strict My Organization:
SmartDashboard opens and shows the DLP tab.