Out of the Box

Default Environment

The first stage of DLP environment uses the Data Loss PreventionClosed Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP. policy provided Out of the Box.

  • Automatic inspection of data is based on built-in Check Point expert heuristics and compliance to various regulations.

  • Users in your organization transmit data as a part of their daily tasks. DLP catches incidents that match rules of the policy. In this stage you set the Rules to Detect, it allows you to monitor usage and understand the specific needs of your organization, and you do not disrupt your users.

  • You audit the data as you use experience-driven severity ratings, and the Logs & Monitor tracks to find the key data leaks.

Data Loss Prevention in SmartDashboard

To show these pages in SmartDashboard:

In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., select Security Policies > Shared Policies > DLP and click Open DLP Policy in SmartDashboard.

SmartDashboardClosed Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. opens and shows the DLP tab.

Page

Function

Policy

Manage the rule baseClosed All rules configured in a given Security Policy. Synonym: Rulebase. for Data Loss Prevention policy.

Whitelist Policy

Manage files that the DLP RuleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. Base never matches.

Data Types

Define representations of data assets to protect.

Repositories

Manage the fingerprint and whitelist repositories. The fingerprint repository contains documents that are not allowed to leave the organization. The whitelist repository contains documents that can leave the organization.

My Organization

Define the internal environment: networks, users, email addresses, and VPN communities.

Gateways

Enable the Data Loss Prevention Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. on Check Point Security Gateways. You can define DLP gateways and Exchange Agents. An Exchange Agent lets you scan internal emails between Microsoft Exchange clients once you install the Exchange Security Agent on the Exchange Server. The table shows status, uptime, inspected items, version, CPU usage and comments for the gateways and Exchange Agents. You can see a graphical representation of this information in SmartView Monitor.

UserCheck

Manage UserCheck objects that are used in a Rule Base to:

  • Help users with decisions that can be dangerous to the security of the organization.

  • Share the organization's changing internet policy for web applications and sites with users, in real-time.

Page

Function

Protocols

Enable the protocols to be checked on individual DLP Gateways.

Mail Relay

Configure the mail server for DLP to send notification emails.

Email Addresses or Domains

Manage email address lists and domains for use in DLP rules and Data Types.

Watermarks

Configure the tracking option that adds visible watermarks or invisible encrypted text to Microsoft Office documents (Word, Excel, or PowerPoint files from Office 2007 and higher) that are sent as email attachments (outgoing and internal emails).

Advanced

  • Incident Tracking - Define whether to log all emails (to calculate ratio of incidents) or just DLP incidents.

  • Email Notifications - Define if users are notified after a DLP violation on the selected protocols.

  • Learn User Actions - Define whether DLP learns Ask User answers for all messages of a thread, or asks each time a message violates a DLP rule.

  • Extreme Conditions - Lets you define if to bypass DLP SMTP, FTP and HTTP inspection and prefer connectivity under these extreme conditions:

    • CPU load levels are more than the high CPU load watermark

    • Other extreme conditions including:

      • Internal errors

      • Protocol message sizes are more than the default value

      • File attachments are more than the default value

      • Archive depth level is more than the default value

    If necessary, you can change the default values (seeAdvanced Configuration).

  • Watermarks - Define whether watermarks are applied on DLP rules and how to handle a document that already has a watermark.

HTTPS InspectionClosed Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi.
(located in a separate tab)

Configure inspection of HTTPS / SSL traffic from enterprise networks to external destinations.