Out of the Box

In This Section:

Default Deployment

The first stage of DLP deployment uses the Data Loss Prevention policy provided Out of the Box.

Automatic inspection of data is based on built-in Check Point expert heuristics and compliance to various regulations.
Users in your organization will transmit data as a part of their daily tasks. DLP will catch incidents that match rules of the policy. Rules in this stage will be set to Detect, allowing you to monitor usage and understand the specific needs of your organization without disrupting your users.
You will audit the data, using experience-driven severity ratings, and the Logs & Monitor tracking to find the key data leaks.

Data Loss Prevention in SmartDashboard

To show these pages in SmartDashboard:

In SmartConsole, select Security Policies > Shared Policies > DLP and click Open DLP Policy in SmartDashboard.

SmartDashboard opens and shows the DLP tab.

Page	Function

Policy	Manage the rule base for Data Loss Prevention policy.
Whitelist Policy	Manage files that will never be matched by the DLP Rule Base.
Data Types	Define representations of data assets to protect.
Repositories	Manage the fingerprint and whitelist repositories. The fingerprint repository contains documents that are not allowed to leave the organization. The whitelist repository contains documents that can leave the organization.
My Organization	Define the internal environment: networks, users, email addresses, and VPN communities.
Gateways	Enable the Data Loss Prevention Software Blade on Check Point Security Gateways. You can define DLP gateways and Exchange Agents. An Exchange Agent lets you scan internal emails between Microsoft Exchange clients once you install the Exchange Security Agent on the Exchange Server. The table shows status, uptime, inspected items, version, CPU usage and comments for the gateways and Exchange Agents. You can see a graphical representation of this information in SmartView Monitor.
UserCheck	Manage UserCheck objects that are used in a Rule Base to: Help users with decisions that can be dangerous to the security of the organization. Share the organization's changing internet policy for web applications and sites with users, in real-time.
Additional Settings:
Protocols	Enable the protocols to be checked on individual DLP Gateways.
Mail Relay	Configure the mail server for DLP to send notification emails.
Email Addresses or Domains	Manage email address lists and domains for use in DLP rules and Data Types.
Watermarks	Configure the tracking option that adds visible watermarks or invisible encrypted text to Microsoft Office documents (Word, Excel, or PowerPoint files from Office 2007 and higher) that are sent as email attachments (outgoing and internal emails).
Advanced	Incident Tracking - Define whether to log all emails (to calculate ratio of incidents) or just DLP incidents. Email Notifications - Define if users are notified after a DLP violation on the selected protocols. Learn User Actions - Define whether DLP learns Ask User answers for all messages of a thread, or asks each time a message violates a DLP rule. Extreme Conditions - Lets you define if to bypass DLP SMTP, FTP and HTTP inspection and prefer connectivity under these extreme conditions: CPU load levels are more than the high CPU load watermark Other extreme conditions including: Internal errors Protocol message sizes are more than the default value File attachments are more than the default value Archive depth level is more than the default value If necessary, you can change the default values. Watermarks - Define whether watermarks are applied on DLP rules and how to handle a document that already has a watermark.
HTTPS Inspection (located in a separate tab)	Configure inspection of HTTPS/SSL traffic from enterprise networks to external destinations.