Web DLP policy

Technical Library | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Predefined Policies and Classifiers > Data Loss Prevention policies > Quick Policies > Web DLP policy

Predefined Policies and Classifiers | Data Security Solutions | Version 7.8.x

The Web DLP "quick policy" includes the PCI policy, PHI policies, and PII policies listed in this document (including financial policies). In addition, the Web DLP policy includes several policies for the data theft attribute:

Common password information

Searches for outbound passwords in plain text.

Common passwords information

Common passwords information (Wide)

Common passwords information (Narrow)

Encrypted files - known format

Searches for outbound transactions comprising common encrypted file formats.

Encrypted files (known format)

Encrypted files - unknown format

Searches for outbound files that were encrypted using unknown encryption formats.

Encrypted files - unknown format

Encrypted files - unknown format (Wide)

IT asset information

Searches for suspicious outbound transactions, such as those containing information about the network, software license keys, and database files. Rules in this policy include:

IT asset information (Default)

IT asset information (Narrow)

IT asset information (Wide)

Malware communication

Identifies traffic that is thought to be malware "phoning home" or attempting to steal information. Detection is based on the analysis of traffic patterns from known infected machines. Applies only when Web Security Gateway is installed. Rules in this policy include:

Malware communication (Default)

Malware communication (Narrow)

Searches for outbound password files, such as a SAM database and UNIX / Linux passwords files. Rules in this policy include:

Password Files: Shadow Files

Password Files: Shadow Files (Wide)

Password Files: Password Files

Password Files: Password Files (Wide)

Password Files: SAM files

Password Files: General files

Suspicious behavior over time

Accumulates transaction data like http posts, post size, and encryption information over a period of time to search for suspicious behaviour that could be indicative of malicious activity. Rules in this policy include:

Number of HTTP posts per time

Cumulative post size per time

Cumulative generic encryption per time

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Predefined Policies and Classifiers > Data Loss Prevention policies > Quick Policies > Web DLP policy

Copyright 2016 Forcepoint LLC. All rights reserved.