Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Web Policies > Data Security tab
Data Security tab
Click the Data Security tab in the policy to configure options for blocking or monitoring data loss over web channels.
 
Important 
When data security features are enabled, the cloud service searches for sensitive data or files being posted to HTTP, HTTPS, and FTP sites, and reports on any incidents that it discovers. Sensitive data may include intellectual property, data that is protected by national legislation or industry regulation, and data suspected to be stolen by malware or malicious activities. You can configure whether such incidents are blocked or just monitored.
To search for data over HTTPS, be sure SSL decryption is enabled by following the instructions provided in Enabling SSL decryption.
When blocking is enabled for data security incidents, users receive a special block page. To configure this block page, do one of the following:
*
Click the Data Security block page link at the top of the Data Security tab in a policy.
*
Go to the Web > Policy Management > Block & Notification Pages page, expand the General section, and then select Data Security.
Regulations
Most countries and certain industries have laws and regulations that protect customers, patients, or staff from the loss of personal information such as credit card numbers, social security numbers, and health information.
To set up rules for the regulations that pertain to you:
1.
Click No region selected. (To edit regions, click the link, "n regions selected.")
2.
3.
 
4.
Select an action to take when matching data is detected. Select Block to prevent the data from being sent through the web channel. Select Monitor to allow it. (Incidents are created either way.)
The Action column now appears in the Incident Manager by default, showing whether each incident was monitored or blocked.
5.
Select Wide for the strictest security. Wide has a looser set of detection criteria than Default or Narrow, so false positives may result. Select Narrow for tighter detection criteria. This can result in false negatives or undetected matches. Default is a balance between the two.
Severity is automatically calculated for these regulations.
For more information on the detection rules for these regulations, see Data Security Content Classifiers.
Data Theft
Use this section to detect when data is being leaked due to malware or malicious transactions. When you select these options, the cloud service searches for and reports on outbound passwords, encrypted files, network data, and other types of information that could be indicative of a malicious act.
To see if your organization is at risk for data theft:
1.
 
2.
Select an action to take when matching data is detected. Select Block to prevent the data from being sent through the web channel. Select Monitor to allow it. (Incidents are created either way.) You can filter by action in the Data Security Incident Manager.
3.
Select Wide for the strictest security. Wide has a looser set of detection criteria than Default or Narrow, so false positives may result and performance may be affected. Select Narrow for tighter detection criteria. This can result in false negatives or undetected matches. Default is a balance between the two.
Some data theft classifiers cannot be changed from their default setting.
Severity is automatically calculated for these types.
Custom
Use this section if you want to detect intellectual property or sensitive data using custom phrases, dictionaries, or regular expressions containing business-specific terms or data.
1.
Define new classifiers on the Web > Policy Management > Content Classifiers page. See Configure Content Classifiers for instructions.
2.
3.
Select a severity for each classifier to indicate how severe a breach would be. Select High for the most severe breaches. Severity is used for reporting purposes. It allows you to easily locate High, Medium, or Low severity breaches when viewing reports.
4.
Also indicate if you want the system to count only unique matches when calculating the threshold or all matches, even duplicates. Example: your classifier has the key phrase "top secret" and a threshold of 5. If the key phrase is found 6 times in a single web post, the system would count that as one match if you select Count only unique matches or 6 matches if you select Count all matches even duplicates. In the first case, the threshold is not triggered. In the second case, it is.
Trusted Content
1.
In Trusted domains, enter the domains you do not want to be monitored, one entry per line. For example:
forcepoint.com
cnn.com
The system does not analyze trusted domains. This means users can send them any type of sensitive information via HTTP, HTTPS, or other web channels from your network.
Duplicate domains are not permitted. Wildcards are supported.
You can add up to 100 trusted domains per policy. Each one can have up to 256 characters.
2.
Click Select Categories to select website categories that do not require DLP analysis—for example, office collaboration sites.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Web Policies > Data Security tab
Copyright 2020 Forcepoint. All rights reserved.