Technical Library | Support

Go to the previous page Go to the next page View or print as PDF
TRITON AP-DATA Predefined Policies and Classifiers > Data Loss Prevention policies > Quick Policies > Web DLP policy
Web DLP policy
Predefined Policies and Classifiers | TRITON AP-DATA | Version 8.3.x
The Web DLP "quick policy" includes the PCI policy, PHI policies, and PII policies listed in this document (including financial policies). In addition, the Web DLP policy includes several policies for the data theft attribute:
*
Common password information
Searches for outbound passwords in plain text. The rules for this policy are:
*
Common password information
*
Common password information (Wide)
*
Common password information (Narrow)
*
Encrypted files - known format
Searches for outbound transactions comprising common encrypted file formats. The rules for this policy are:
*
Encrypted files (known format)
*
Encrypted files - unknown format
Searches for outbound files that were encrypted using unknown encryption formats. The rules for this policy are:
*
Encrypted files - unknown format
*
Encrypted files - unknown format (Wide)
*
IT asset information
Searches for suspicious outbound transactions, such as those containing information about the network, credit card magnetic tracks, and database files. Rules in this policy include:
*
IT asset information (Default)
*
IT asset information (Narrow)
*
IT asset information (Wide)
*
Suspected Malware Communication
*
Identifies traffic that is thought to be malware "phoning home" or attempting to steal information. Detection is based on the analysis of traffic patterns from known infected machines. Applies only when TRITON AP-WEB is installed. Rules in this policy include:
*
Suspected Malware Communication (Default)
*
Suspected Malware Communication (Narrow)
*
Password files
Searches for outbound password files, such as a SAM database and UNIX / Linux passwords files. Rules in this policy include:
*
Password Files: Shadow Files
*
Password Files: Shadow Files (Wide)
*
Password Files: Password Files
*
Password Files: Password Files (Wide)
*
Password Files: SAM files
*
Password Files: General files
*
Suspicious Behavior Over Time
Accumulates transaction data like HTTP posts, post size, and encryption information over a period of time to search for suspicious behavior that could be indicative of malicious activity. Some rules apply only when TRITON AP-WEB is installed. Rules in this policy include:
*
Number of HTTP Posts per Time
*
Cumulative Post Size per Time
*
Cumulative Generic Encryption per Time

Go to the previous page Go to the next page View or print as PDF
TRITON AP-DATA Predefined Policies and Classifiers > Data Loss Prevention policies > Quick Policies > Web DLP policy
Copyright 2016 Forcepoint LLC. All rights reserved.