Views:

Configuring DLP

Log on to the WFBS-SVC console.
Go to the Configure Policy page by performing one of the following:
- Classic Mode: Go to SECURITY AGENTS and select a group. Click the Menu icon (three vertical dots) > Configure Policy.
- Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.
Click on the Windows icon.
On the left panel, click Data Loss Prevention.
The following scenarios require users to restart their endpoints to apply the DLP settings:
- Enabling DLP for the first time.
- Adding or moving devices to a group that has enabled DLP.
- A child domain group that uses customized policy settings restores policy inheritance to apply the parent group policy settings, and the parent group has enabled DLP.
On the Rules tab, click Add.

A policy can contain a maximum of 40 rules.
Select Enable this rule.
In the Rule name field, specify a name for the rule then add a description in the Description field.
Select templates from the list.

Each rule can contain a maximum of 200 templates.

Select the All templates list or the search field to help you find the templates.
Select the channels for the rule.

If you selected any of the network channels, specify the transmission scope.
Under the Action section, specify the action to take after detecting sensitive data transmitted through a selected channel then click Add.
- Pass and log: Allows and logs the transmission
- Block: Blocks and logs the transmission
Click Save.

Configuring DLP Exceptions

Log on to the WFBS-SVC console.
Go to the Configure Policy screen by performing one of the following:
- Classic Mode: Go to SECURITY AGENTS and select a group. Click the Menu icon (three vertical dots) > Configure Policy.
- Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.
Click on the Windows icon.
On the left panel, click Data Loss Prevention.
Go to the Exceptions tab.
Under Non-monitored Targets, configure any required settings.
1. Click Add Target.
2. Specify the network channel.
  - Email clients: Specify the target using the X500 format (for internal communication only) or the recipient's email domain or address.
    
    Target Format Examples
    X500 /o=company
    /o=company/ou=subdomain/cn=recipients/cn=user
    Email domain or address company.com user@company.com
    
    To get the LegacyExchangeDN values, refer to the KB article: Using Microsoft ldp GUI Tool to get AD LegacyExchangeDN values.
  - HTTP, HTTPS, FTP, and SMB protocols: Specify the target by IP address, host name, FQDN, or network address and subnet mask.
3. Optionally, provide a note regarding the reason to exclude the target.
4. Click Add.
Under Non-monitored Removable Storage Devices, configure any required settings.
1. Click Add Device.
2. In the Vendor field, specify the vendor name of the device and optionally specify the device model and serial ID then click Add.
  
  Download and run the Device List Tool on an endpoint to obtain information about the external devices connected to the endpoint.
  
  For details on how to use the tool, refer to the Online Help section: Running the Device List Tool.
Under Compressed File Scanning, configure any required settings.

For details on decompression rules, refer to the Online help section: Decompression Rules.
Click Save.

Target Format	Examples
X500	/o=company /o=company/ou=subdomain/cn=recipients/cn=user
Email domain or address company.com	user@company.com

WFBS-SVC evaluates a file or data against a set of rules defined in DLP policies. Policies determine files or data that requires protection from unauthorized transmission and the action that WFBS-SVC performs after detecting a transmission.

WFBS-SVC does not monitor data transmissions between the server and Security Agents.

Settings	Description
Rules	A DLP rule can consist of multiple templates, channels, and actions. Each rule is a subset of the encompassing DLP policy. DLP processes rules and templates by priority. If a rule is set to "Pass", DLP processes the next rule in the list. If a rule is set to "Block", DLP blocks the user action and does not process that rule/template further.
Templates	A DLP template combines data identifiers and logical operators (And, Or, Except) to form condition statements. Only files or data that satisfy a certain condition statement are subject to a DLP rule. A DLP rule can contain one or several templates. DLP uses the first-match rule when checking templates. This means that if a file or data matches the data identifiers in a template, DLP no longer checks the other templates.
Channels	Channels are entities that transmit sensitive information. DLP supports popular transmission channels, such as email, removable storage devices, and instant messaging applications.
Actions	DLP performs the specified action when it detects an attempt to transmit sensitive information through any of the channels.
Exceptions	Exceptions act as overrides to the configured DLP rules. Configure exceptions to manage non-monitored targets and compressed file scanning.

Predefined DLP Templates

DLP comes with the following set of predefined templates that you can use to comply with various regulatory standards. These templates cannot be modified or deleted.

GLBA: Gramm-Leach-Billey Act
HIPAA: Health Insurance Portability and Accountability Act
PCI-DSS: Payment Card Industry Data Security Standard
SB-1386: US Senate Bill 1386
US PII: United States Personally Identifiable Information

For a detailed list on the purposes of all predefined templates and examples of data being protected, refer to the Online Help section: Data Protection Reference Documents.

DLP Channels

DLP monitors network, system, and application channels that can transmit sensitive information.

For the list of supported channels, refer to the Online Help section: Data Protection Reference Documents.

Network Channels

Channel	Description
Email clients	Monitoring occurs when an email client attempts to send an email. DLP checks the email subject, body, and attachments for data identifiers.
FTP	Monitoring occurs when an FTP client attempts to upload files to an FTP server. DLP checks for the presence of data identifiers in the files.
HTTP and HTTPS	Monitoring occurs before data is encrypted and transmitted through HTTP and HTTPS.
IM applications	Monitoring occurs before users send messages or files through instant messaging (IM) applications. DLP does not monitor messages or files that users receive.
SMB protocol	Monitoring occurs when another user attempts to copy or read a user's shared file. DLP checks if the file is or contains a data identifier.
Webmail	Monitoring occurs when a supported web-based email service attempts to transmit data through HTTP. DLP checks the data for the presence of data identifiers.

System and Application Channels

Channel	Description
Cloud storage services	Monitors files that users access using cloud storage services
Data recorders (CD/DVD)	Monitors data recorded to a CD or DVD
PGP Encryption	Monitors data to be encrypted by PGP encryption software. DLP checks the data before encryption proceeds.
Peer-to-peer applications	Monitors files that users share through peer-to-peer applications
Printer	Monitors printer operations initiated from various applications DLP does not block printer operations on new files that have not been saved because printing information has only been stored in the memory at this point. For the list of supported channels, refer to the Online Help section: Data Protection Reference Documents.
Removable storage	Monitors data transmissions to or within removable storage devices
Synchronization software (ActiveSync)	Monitors data transmitted to a mobile device through synchronization software
Windows clipboard	Monitors data to be transmitted to Windows clipboard before allowing or blocking the transmission

Keywords: dlp,data loss prevention,dlp templates,dlp exceptions,dlp exceptions WFBS services,dlp exceptions WFBS-SVC,dlp policies,dlp channels,dlp configuration

Configuring Data Loss Prevention in Worry-Free Business Security Services (WFBS-SVC)

Product / Version includes:

Worry-Free Business Security Services6.5 , Worry-Free Business Security Services6.7 , Worry-Free Business Security Services6.3 , Worry-Free Business Security Services6.6

Last updated: 2021/08/28

Solution ID: KA-0008198

Category: SPEC , Configure

Summary

Worry-Free Business Security Services (WFBS-SVC) provides pre-defined Data Loss Prevention templates for hundreds of global regulatory and compliance regulations, including PCI/DSS, HIPAA, GLBA, SB-1386, US PII, and others.

This article aims to aid administrators in configuring Data Loss Prevention in WFBS-SVC.

EXPAND ALL

Configuring DLP

Log on to the WFBS-SVC console.
Go to the Configure Policy page by performing one of the following:
- Classic Mode: Go to SECURITY AGENTS and select a group. Click the Menu icon (three vertical dots) > Configure Policy.
- Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.
Click on the Windows icon.
On the left panel, click Data Loss Prevention.
The following scenarios require users to restart their endpoints to apply the DLP settings:
- Enabling DLP for the first time.
- Adding or moving devices to a group that has enabled DLP.
- A child domain group that uses customized policy settings restores policy inheritance to apply the parent group policy settings, and the parent group has enabled DLP.
On the Rules tab, click Add.

A policy can contain a maximum of 40 rules.
Select Enable this rule.
In the Rule name field, specify a name for the rule then add a description in the Description field.
Select templates from the list.

Each rule can contain a maximum of 200 templates.

Select the All templates list or the search field to help you find the templates.
Select the channels for the rule.

If you selected any of the network channels, specify the transmission scope.
Under the Action section, specify the action to take after detecting sensitive data transmitted through a selected channel then click Add.
- Pass and log: Allows and logs the transmission
- Block: Blocks and logs the transmission
Click Save.

Configuring DLP Exceptions

Log on to the WFBS-SVC console.
Go to the Configure Policy screen by performing one of the following:
- Classic Mode: Go to SECURITY AGENTS and select a group. Click the Menu icon (three vertical dots) > Configure Policy.
- Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.
Click on the Windows icon.
On the left panel, click Data Loss Prevention.
Go to the Exceptions tab.
Under Non-monitored Targets, configure any required settings.
1. Click Add Target.
2. Specify the network channel.
  - Email clients: Specify the target using the X500 format (for internal communication only) or the recipient's email domain or address.
    
    Target Format Examples
    X500 /o=company
    /o=company/ou=subdomain/cn=recipients/cn=user
    Email domain or address company.com user@company.com
    
    To get the LegacyExchangeDN values, refer to the KB article: Using Microsoft ldp GUI Tool to get AD LegacyExchangeDN values.
  - HTTP, HTTPS, FTP, and SMB protocols: Specify the target by IP address, host name, FQDN, or network address and subnet mask.
3. Optionally, provide a note regarding the reason to exclude the target.
4. Click Add.
Under Non-monitored Removable Storage Devices, configure any required settings.
1. Click Add Device.
2. In the Vendor field, specify the vendor name of the device and optionally specify the device model and serial ID then click Add.
  
  Download and run the Device List Tool on an endpoint to obtain information about the external devices connected to the endpoint.
  
  For details on how to use the tool, refer to the Online Help section: Running the Device List Tool.
Under Compressed File Scanning, configure any required settings.

For details on decompression rules, refer to the Online help section: Decompression Rules.
Click Save.

Target Format	Examples
X500	/o=company /o=company/ou=subdomain/cn=recipients/cn=user
Email domain or address company.com	user@company.com

DLP Policies

WFBS-SVC does not monitor data transmissions between the server and Security Agents.

Settings	Description
Rules	A DLP rule can consist of multiple templates, channels, and actions. Each rule is a subset of the encompassing DLP policy. DLP processes rules and templates by priority. If a rule is set to "Pass", DLP processes the next rule in the list. If a rule is set to "Block", DLP blocks the user action and does not process that rule/template further.
Templates	A DLP template combines data identifiers and logical operators (And, Or, Except) to form condition statements. Only files or data that satisfy a certain condition statement are subject to a DLP rule. A DLP rule can contain one or several templates. DLP uses the first-match rule when checking templates. This means that if a file or data matches the data identifiers in a template, DLP no longer checks the other templates.
Channels	Channels are entities that transmit sensitive information. DLP supports popular transmission channels, such as email, removable storage devices, and instant messaging applications.
Actions	DLP performs the specified action when it detects an attempt to transmit sensitive information through any of the channels.
Exceptions	Exceptions act as overrides to the configured DLP rules. Configure exceptions to manage non-monitored targets and compressed file scanning.

Predefined DLP Templates

DLP comes with the following set of predefined templates that you can use to comply with various regulatory standards. These templates cannot be modified or deleted.

GLBA: Gramm-Leach-Billey Act
HIPAA: Health Insurance Portability and Accountability Act
PCI-DSS: Payment Card Industry Data Security Standard
SB-1386: US Senate Bill 1386
US PII: United States Personally Identifiable Information

For a detailed list on the purposes of all predefined templates and examples of data being protected, refer to the Online Help section: Data Protection Reference Documents.

DLP Channels

DLP monitors network, system, and application channels that can transmit sensitive information.

For the list of supported channels, refer to the Online Help section: Data Protection Reference Documents.

Network Channels

Channel	Description
Email clients	Monitoring occurs when an email client attempts to send an email. DLP checks the email subject, body, and attachments for data identifiers.
FTP	Monitoring occurs when an FTP client attempts to upload files to an FTP server. DLP checks for the presence of data identifiers in the files.
HTTP and HTTPS	Monitoring occurs before data is encrypted and transmitted through HTTP and HTTPS.
IM applications	Monitoring occurs before users send messages or files through instant messaging (IM) applications. DLP does not monitor messages or files that users receive.
SMB protocol	Monitoring occurs when another user attempts to copy or read a user's shared file. DLP checks if the file is or contains a data identifier.
Webmail	Monitoring occurs when a supported web-based email service attempts to transmit data through HTTP. DLP checks the data for the presence of data identifiers.

System and Application Channels

Channel	Description
Cloud storage services	Monitors files that users access using cloud storage services
Data recorders (CD/DVD)	Monitors data recorded to a CD or DVD
PGP Encryption	Monitors data to be encrypted by PGP encryption software. DLP checks the data before encryption proceeds.
Peer-to-peer applications	Monitors files that users share through peer-to-peer applications
Printer	Monitors printer operations initiated from various applications DLP does not block printer operations on new files that have not been saved because printing information has only been stored in the memory at this point. For the list of supported channels, refer to the Online Help section: Data Protection Reference Documents.
Removable storage	Monitors data transmissions to or within removable storage devices
Synchronization software (ActiveSync)	Monitors data transmitted to a mobile device through synchronization software
Windows clipboard	Monitors data to be transmitted to Windows clipboard before allowing or blocking the transmission

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Configuring Data Loss Prevention in Worry-Free Business Security Services (WFBS-SVC)

Configuring DLP

Configuring DLP Exceptions

DLP Policies

Predefined DLP Templates

DLP Channels

Network Channels

System and Application Channels

Configuring Data Loss Prevention in Worry-Free Business Security Services (WFBS-SVC)

Product / Version includes:

Summary

Configuring DLP

Configuring DLP Exceptions

DLP Policies

Predefined DLP Templates

DLP Channels

Network Channels

System and Application Channels