|
|
|
TRITON RiskVision System Management : Configuring your RiskVision data profile
|
|
Data loss detection looks for data that represents specific types of compliance violations For example, an email message containing credit card numbers would violate Payment Card Industry (PCI) rules.
|
|
|
Data theft detection identifies data transfers consistent with malicious third-party attempts to steal sensitive information (such as a collection of network passwords).
|
|
1.
|
Specify a Geographical region to ensure that specific types of content are identified correctly.
|
|
A Personally Identifiable Information (PII) policy is used to detect private information, like drivers license or passport numbers.
|
|
|
A Protected Health Information (PHI) policy is used to detect health-related information, like DNA profiles and sensitive drug or disease names.
|
|
|
A Payment Card Industry (PCI) policy is used to detect credit card numbers and magnetic strip data.
|
|
3.
|
In most cases, the Sensitivity setting should remain at Default. This setting is most likely to avoid both false positives (matches that do not represent actual data loss) and false negatives (data loss that is not detected).
|
|
|
Wide is highly sensitive and detects more potential data loss incidents than the other levels. It is more likely to produce a false positive (creating an incident for a benign transaction).
|
|
|
Narrow is less sensitive. While it may help avoid false positives, it is also more likely that data loss events will not be detected, and therefore not be flagged as incidents.
|
|
|
Select Common password information to identify passwords in outbound plain text communication.
|
|
|
Select Encrypted file - known format to identify outbound transactions that use common encrypted file formats.
|
|
|
Select Encrypted file - unknown format to identify outbound files that were encrypted using unknown encryption formats.
|
|
|
Select IT asset information to identify outbound transactions that contain suspicious information, such as information about the network, software license keys, and database files.
|
|
|
Select Malware communication to identify "phone home" traffic based on analysis of traffic patterns from machines known to be infected.
|
|
|
Select Password files to identify outbound password files, including SAM database information and Linux password files.
|
|
2.
|
In most cases, the Sensitivity setting should remain at Default. This setting is most likely to avoid both false positives (matches that do not represent actual data theft) and false negatives (data theft that is not detected).
|
|
|
Wide is highly sensitive and detects more potential data theft incidents than the other levels. It is more likely to produce a false positive (creating an incident for a benign transaction).
|
|
|
Narrow is less sensitive. While it may help avoid false positives, it is also more likely that data theft events will not be detected, and therefore not be flagged as incidents.
|
|
|
|
|
TRITON RiskVision System Management : Configuring your RiskVision data profile
|