Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Data Theft Risk Indicators
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
Forcepoint DLP includes the following types of Data Theft Risk Indicator policies:
*
*
*
Suspicious User Activity
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
*
Detects data that is sent at an unusual time. You define what is considered an unusual time in the script classifier, Unusual Hours. Each rule in this policy target a different type of data, such as Office or archive files.
Example: If you define working days in the classifier as Monday-Friday and unusual hours as 9pm-5am, then data sent on Saturday, Sunday, or during the working week between 9 p.m. and 5 a.m. triggers this policy.
*
*
*
*
*
*
Policy for detecting deep web URLs that appear in analyzed content such as textual documents or email messages and end with the pseudo-top-level domains .onion and .i2p. The deep web is a portion of World Wide Web content that is not indexed by standard search engines and that is intentionally hidden from the regular Internet, accessible only with special software, such as Tor. Such URLs are used for anonymous defamation, unauthorized leaks of sensitive information and copyright infringement, distribution of illegal sexual content, selling controlled substances, money laundering, bank fraud, credit card fraud and identity theft, among other things. The rules for this policy are:
*
*
*
*
A policy for detecting email messages that are being sent from one's corporate email address to his or her personal email address. The rules for this policy are:
*
*
*
*
Policy for detection of content suspected to be manipulated to avoid detection.This may cause false positives. The rules for this policy are:
*
*
*
*
*
*
*
*
Detects content suspected to be a password in clear text. The rules for this policy are:
*
*
*
*
*
*
*
*
*
Detects expressions that are indicative of problem gambling; for example, "I am addicted to gambling", "My gambling is out of control". The rule for this policy is:
*
*
Policy for detecting email messages that are being sent from one's corporate email address to his or her personal email address. The rules for this policy are:
*
*
*
*
*
*
*
*
*
*
*
*
Detects when unencrypted binary files of unknown formats are being sent repeatedly over a period of time. For example, if 50 unencrypted files of an unknown format are sent during 1 hour, this policy is triggered. The rules for this policy are:
*
*
*
*
*
Policy for detection of suspicious behavior of users by measuring the rate and type of transactions over time. This may cause false positives. The rules for this policy are:
*
*
*
*
Policy for detection of files that contain macros.
*
*
*
*
Indicators of Compromise
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
*
Policy for detecting .REG files (Windows Registry files). The rule for this policy is:
*
*
Policy for detecting records of SQL table data extracted from a database. The rules for this policy are:
*
*
*
*
Policy for detection of encrypted PGP files, password-protected files of known formats, like Microsoft Word and ZIP, and unknown encrypted files. The rules for this policy are:
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
Searches for outbound password files, such as SAM database and UNIX/Linux password files. The rules for this policy are:
*
*
*
*
*
*
*
*
*
*
*
*
Policy for detecting private keys or file formats that contain them. The rule for this policy is:
*
*
*
*
*
*
*
*
*
*
*
*
Identifies traffic that is thought to be malware "phoning home" or attempting to steal information. Detection is based on the analysis of traffic patterns from known infected machines. Applies only when Forcepoint Web Security is installed. Rules in this policy include:
*
*
*
Policy for the detection of a suspected malicious content dissemination such as: encrypted or manipulated information, passwords files, credit card tracks, suspected applications and dubious content such as information about the network, software license keys, and database files. The rules for this policy are:
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
Employee Discontent
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
*
Policy for detection of documents comprising resumes and CVs in English.
The rule for this policy is:
*
*
Policy for detection of resumes and CVs in French.
The rules for this policy are:
*
*
*
*
Policy for detection of resumes and CVs in German.
The rules for this policy are:
*
*
*
*
Policy for detection of resumes and CVs in Spanish.
The rules for this policy are:
*
*
*
*
Detects expressions that are indicative of disgruntled employees. For example: "I hate my boss", "I hate my job".
*
*
*
Policy for detection of documents comprising resumes and CVs in Hebrew and English. The rules for this policy are:
*
*
*
Policy for detection of documents comprising resumes and CVs in Russian, Ukrainian, and English. The rules for this policy are:
*
*
*
Policy for detecting employees who distribute their resume or Curriculum Vitae, indicating they may be searching for a new job. The rules for this policy include:
*
*
*
Policy for detection of documents comprising resumes and CVs in Ukrainian, Russian, and English. The rules for this policy are:
*
*
Quick Policies
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
Forcepoint DLP includes the following types of quick policies:
*
*
*
Web DLP policy
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
The Web DLP "quick policy" includes the PCI policy, PHI policies, and PII policies listed in this document (including financial policies). In addition, the Web DLP policy includes several policies for the data theft attribute:
*
Searches for outbound passwords in plain text. The rules for this policy are:
*
*
*
*
Searches for outbound transactions comprising common encrypted file formats. The rules for this policy are:
*
*
Searches for outbound files that were encrypted using unknown encryption formats. The rules for this policy are:
*
*
*
Searches for suspicious outbound transactions, such as those containing information about the network, credit card magnetic tracks, and database files. Rules in this policy include:
*
*
*
*
*
*
*
Searches for outbound password files, such as a SAM database and UNIX / Linux passwords files. Rules in this policy include:
*
*
*
*
*
*
*
Accumulates transaction data such as number of HTTP/S posts, post size, and encryption information over a period of time to search for suspicious behavior that could be indicative of malicious activity. Some rules apply only when Forcepoint Web Security is installed. Rules in this policy include:
*
*
*
Email DLP policy
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
The Email DLP "quick policy" includes the PCI policy, PHI policies, and PII policies listed in this document (including financial policies).In addition, the Email DLP policy includes:
*
Detects images that may be objectionable or pose a liability to your organization. There is one rule in this policy:
*
*
Detects dictionary terms that may be unacceptable in the work place, including adult, drugs, gambling, hate speech, job search, and violent terms. There is one rule in this policy:
*
This policy includes terms in 12 languages:
*
*
*
*
*
*
*
*
*
*
*
*
Mobile DLP policy
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
The Mobile DLP "quick policy" includes the PCI policy, PHI policies, and PII policies listed in this document (including financial policies). In addition, the Mobile DLP policy includes:
*
Detects images that may be objectionable or pose a liability to your organization. There is one rule in this policy:
*
*
Detects dictionary terms that may be unacceptable in the work place, including adult, drugs, gambling, hate speech, job search, and violent terms. There is one rule in this policy:
*
This policy includes terms in 12 languages:
*
*
*
*
*
*
*
*
*
*
*
*

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2020 Forcepoint. All rights reserved.