Fine Tuning

In This Section: Customized Deployment Setting Rules to Prevent Multi-Realm Authentication Support Defining Data Types Adding Data Types to Rules Repositories Whitelist Policy Defining Email Addresses Configuring the DLP Watermark Fine Tuning Source and Destination Defining Protocols of DLP Rules

Customized Deployment

Check Point DLP provides the MultiSpect set of features. These features provide the flexibility you need to monitor and ensure accuracy of your DLP deployment. For example, if you find incidents that called for actions but should have passed without delay, you can change the Data Types and/or the rules to ensure that this does not occur again. In this way you fine-tune DLP over a relatively short amount of time to create a trustworthy implementation.

You can also include User Decisions to fine-tune Data Types and rules. How useful this information is depends on how well you communicate with users. Make sure they know that their input can influence the DLP - if they want a type of data to be sent without delay, and can explain why, you will use their logged decisions to change the rules.

MultiSpect includes:

• Compound Data Type - This data type enables you to join multiple Data Types in AND and NOT checks. A rule using this a compound data type will match transmissions that have all the AND types, but does not include any of the NOT types.
• Data Type Groups - You can group together multiple Data Types of any category. The Data Types, when used in a rule, match transmissions on an OR check.
• CPcode Data Type - The CPcode syntax provides unmatched flexibility. You create the data type and its features, with all the power of an open programming language. Change the code as needed to improve accuracy, and to allow messages that user decisions tell you should be passed.
• Flags for Data Types and Rules - While managing Data Types and reading the logs and analysis of DLP usage, use the flags on Data Types and on rules to help ensure accuracy. Flagged Data Types and rules are added to the Overview page for efficient management.
• Placeholder Data Types - Several provided Data Types describe dictionaries and keywords that you should customize with your own lists. For example, the empty placeholder Employee Names should be replaced with your own list of employees. This Data Type is used in compound Data Types and provided rules. Placeholders are flagged with the Improve Accuracy flag out-of-the-box.

In this stage, you may decide to set some rules to Prevent. When DLP captures a Prevent incident, the data transmission is stopped completely; the user has no option to continue the send. (Best Practice - include notification to data owner and to user in such rules.)

Setting Rules to Prevent

To set a rule to Prevent:

1. In SmartConsole, select Security Policies > Shared Policies > DLP and click Open DLP Policy in SmartDashboard.

   SmartDashboard opens and shows the DLP tab.

2. From the navigation tree, click Policy.
3. In the Action column of the rule to change, right-click and select Prevent.
4. Click Save and then close SmartDashboard.
5. From SmartConsole, Install Policy.