Print Download PDF Send Feedback

Previous

Next

Out of the Box

In This Section:

Default Deployment

Data Loss Prevention in SmartDashboard

Defining My Organization

Data Loss Prevention Policies

Auditing and Analysis

Default Deployment

The first stage of DLP deployment uses the Data Loss Prevention policy provided Out of the Box.

Data Loss Prevention in SmartDashboard

To show these pages in SmartDashboard:

In SmartConsole, select Security Policies > Shared Policies > DLP and click Open DLP Policy in SmartDashboard.

SmartDashboard opens and shows the DLP tab.

Page

Function

Policy

Manage the rule base for Data Loss Prevention policy.

Whitelist Policy

Manage files that will never be matched by the DLP Rule Base.

Data Types

Define representations of data assets to protect.

Repositories

Manage the fingerprint and whitelist repositories. The fingerprint repository contains documents that are not allowed to leave the organization. The whitelist repository contains documents that can leave the organization.

My Organization

Define the internal environment: networks, users, email addresses, and VPN communities.

Gateways

Enable the Data Loss Prevention Software Blade on Check Point Security Gateways. You can define DLP gateways and Exchange Agents. An Exchange Agent lets you scan internal emails between Microsoft Exchange clients once you install the Exchange Security Agent on the Exchange Server. The table shows status, uptime, inspected items, version, CPU usage and comments for the gateways and Exchange Agents. You can see a graphical representation of this information in SmartView Monitor.

UserCheck

Manage UserCheck objects that are used in a Rule Base to:

  • Help users with decisions that can be dangerous to the security of the organization.
  • Share the organization's changing internet policy for web applications and sites with users, in real-time.

Additional Settings:

Protocols

Enable the protocols to be checked on individual DLP Gateways.

Mail Relay

Configure the mail server for DLP to send notification emails.

Email Addresses or Domains

Manage email address lists and domains for use in DLP rules and Data Types.

Watermarks

Configure the tracking option that adds visible watermarks or invisible encrypted text to Microsoft Office documents (Word, Excel, or PowerPoint files from Office 2007 and higher) that are sent as email attachments (outgoing and internal emails).

Advanced

  • Incident Tracking - Define whether to log all emails (to calculate ratio of incidents) or just DLP incidents.
  • Email Notifications - Define if users are notified after a DLP violation on the selected protocols.
  • Learn User Actions - Define whether DLP learns Ask User answers for all messages of a thread, or asks each time a message violates a DLP rule.
  • Extreme Conditions - Lets you define if to bypass DLP SMTP, FTP and HTTP inspection and prefer connectivity under these extreme conditions:
    • CPU load levels are more than the high CPU load watermark
    • Other extreme conditions including:
      • Internal errors
      • Protocol message sizes are more than the default value
      • File attachments are more than the default value
      • Archive depth level is more than the default value

    If necessary, you can change the default values.

  • Watermarks - Define whether watermarks are applied on DLP rules and how to handle a document that already has a watermark.

HTTPS Inspection
(located in a separate tab)

Configure inspection of HTTPS/SSL traffic from enterprise networks to external destinations.