Policy Rules v3

Posted by:

We are continuously adding new rule types and new rule components. In this document, I will try to sum up what all these stand for and what can we do with them.

What are these rule types?

  • Web Rule: This rule covers the whole Web channel. In order to enforce policies for protocols like HTTP, HTTPS, FTP, we will use this rule type. Social networking sites, Web mail services, blogs, wikis, forums, almost everything can be accessed from browser are under this topic.
    • Source: You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
    • Destination: You can use Domain objects as Destination for this rule.
    • Information Types: As always, you can use all kind of Information Types for this rule.
  • Mail Rule: This rule covers Mail channel. In order to enforce policies for SMTP protocol we will use this rule type. Emails had been sent through local mail servers will, be analyzed using Mail Rules.
    • Source: You can use all kind of users (User Defined users, AD users, AD groups, AD organization units), network objects or source domain objects as Source for this rule.
    • Destination: You can use Domain objects as Destination for this rule.
    • Information Types: As always, you can use all kind of Information Types for this rule.
  • Removable Storage Rule: Previously known as Endpoint Rule. This rule covers removable devices at endpoints. In order to enforce policies for removable storage devices at endpoints we will use this rule type. Any operation that transfers information from computer to a removable storage device is under this topic.
    • Source: You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
    • Information Types: As always, you can use all kind of Information Types for this rule.
  • Removable Storage Inbound Rule: This rule covers file copy or read operations from removable devices at endpoints This rule does not make any kind of DLP analysis, it simply ignores, Logs or Archives data transfer. Any operation that transfer information to computer from a removable storage device is under this topic.
    • Source: You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
  • Removable Storage Encryption Rule: This rule covers encryption of removable devices connected to endpoints. This rule does not make any kind of DLP analysis, it simply Pass (Do not encrypt) or Encrypts removable storage devices and all the files stored in them. Using this rule, it is possible to ensure that removable storage devices which are used in the company cannot be used in any other network. ( Removable Storage Encryption Screencast )
    • Source: You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
  • Printer Rule: This rule covers printers at endpoints. MyDLP has unmatched printer inspection support. MyDLP supports network printers, USB printers, shared printers, and much more. Actually MyDLP supports anything that can print. That is why we call MyDLP’s printer inspection channel unmatched. In order to enforce policies for printers at endpoints we will use this rule type. In order to inspect every single printing operation, MyDLP will use this rule type.
    • Source: You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
    • Information Types: As always, you can use all kind of Information Types for this rule.
  • Discovery Rule: This rule will be used to discover resting sensitive information in endpoints. Discovery rules will let you help you to see information leakage risk before any incident happened.
    • Source: You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
    • Destination: You can use File System Directory objects as Destination for this rule.
    • Information Types: As always, you can use all kind of Information Types for this rule.
  • ScreenShot Rule: This rule will be used to prevent screenshots when sensitive applications are running in endpoints. This rule does not send any log to management server. It simply blocks screenshot actions for selected applications.
    • Source: You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
    • Destination: You can use Application objects as Destination for this rule.
  • API Rule: This rule will be used to manage behaviour of MyDLP API. MyDLP API will help you to integrate MyDLP with inhouse applications. For further information about MyDLP API, please checkout this document.
    • Source: You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
    • Information Types: As always, you can use all kind of Information Types for this rule.

If you have any questions or comments, you can directly comment to this post.

Have a good day.

0


About the Author:

Add a Comment