Data loss prevention
Data loss prevention (DLP) allows your organization to identify and block sensitive or confidential data that's uploaded from a corporate network and transmitted to the public Internet. DLP scans data that’s posted over an HTTP or HTTPS connection. It does not scan data that’s uploaded with another method such as email, the file transfer protocol (FTP), or the remote desktop protocol (RDP). This feature scans data or files that’s 5 MB or less.
- Personal identifiable information (PII) such as social security numbers, home addresses, email addresses, driver’s license numbers, and more.
- Financial and credit card information, such as bank account and credit card numbers.
- Personal health and healthcare information, such as electronic medical records, health insurance information, and more. DLP allows your organization to maintain compliance with the United States Health Insurance Portability and Accountability Act (HIPAA).
Enterprise Threat Protector (ETP) is able to identify sensitive information through a DLP dictionary. A DLP dictionary contains the patterns or the regular expressions that are used to find this information. ETP also includes patterns for data that is specific to a region and must be secured to comply with business and regulatory standards. You create a dictionary or multiple dictionaries with the patterns your organization requires. You then associate the dictionaries to a policy.
Both ETP Proxy and inline payload analysis must be enabled in the policy settings to scan files that are uploaded.
- Block - Error Page. Blocks data that’s specified in the dictionary. With this action, outbound traffic is blocked and the user experiences an error page when attempting the upload. For more information on the error page that appears to the user, see Error pages.
- Monitor. Allows a user to upload data while ETP monitors traffic. As part of inline payload analysis, files that are 5 MB or less are scanned before they are sent out of the corporate network. If sensitive data is detected based on the dictionary, a threat event is logged. This is the default policy action that’s assigned to a dictionary.
When configuring a dictionary, you also define the threshold. A threshold indicates how many matches from a dictionary are detected before a policy action is enforced. If you assign the same dictionary to multiple policies and different policy actions are applied, the block policy action is always enforced.
If there are files that you don’t want scanned by DLP when they are uploaded, you can create a list that contains hashes of these files. You can assign a file hash list to a policy. By default, these lists are assigned the bypass policy action. For more information, see File hash lists.
Uploaded files that are encrypted or password protected are not scanned by DLP. At this time, the upload of these files is automatically allowed.