You can prevent unauthorized loss, pilferage, or leakage of confidential company data using the Data Loss Prevention (DLP) feature.
It is necessary to enable DLP on endpoints. To do this, see DLP License.
The DLP policy can stop an unauthorized activity that is carried out through the following channels:
- Using the Print Screen option to save the screenshot (Applicable only for Windows platform). The file/data is not monitored.
- Using Removable Devices to copy data (Applicable only for Windows platform)
- For selected File Types, the Removable Devices go to ‘Read Only’ mode when ‘Monitor Removable Devices’ option is selected.
- Using Network Share accessed using UNC Path or Mapped Network Drive (Applicable only for Windows platform).
- Using the Clipboard to paste information from one application to another.
- Using printer activity, printing through local and network printer. The file/data is not monitored. (Applicable only for Windows platform)
- Using online services of third-party Application/Services to send data such as email, file sharing apps, cloud services, Web browsers and other applications using social media.
User need to purchase a DLP pack separately to avail this policy.
Data Loss Prevention
To configure policy for Data Loss Prevention, follow these steps:
- Create Container/feature policy for Data Loss Prevention.
On the Feature Policy page, you can see list of settings with expand sign and toggle button. Expand and enable settings that you want to configure.
- Data Loss Prevention
- Data Transfer Channels
- Data Settings
- Enable Data Loss Prevention. Select the Display alert message on DLP policy violation check box.
- Select Action to configure the action to be performed after the attempts is carried out, either Report only or Block and Report. Alert prompts will not be displayed for Report Only action.
Expand Data Transfer Channels. Select the channels that you want to monitor from the following options:
- Print Screen (applicable only in Windows platforms)
- Removable Devices (applicable only in Windows platforms)
- Network Share (applicable only in Windows platforms)
- Printer Activity (applicable only in Windows platforms)
- Application/Online Services
Select the applications that you want to monitor for attempts at data pilferage by clicking the Applications list. Do one of the following:
You can select all the applications in the group.
- Select the applications one by one after expanding the group caret.
- Select all Mac platform applications by clicking the Mac group icon.
- Select all Windows applications by clicking on the Windows icon.
- Select all Web Browsers or one by one after expanding the group caret.
- Select all E-mail applications or one by one after expanding the group caret.
- Select all Instant Messaging applications or one by one after expanding the group caret.
- Select all File Sharing/Cloud Services applications or one by one after expanding the group caret.
- Select All Social Media/Others applications or one by one after expanding the group caret.
- To configure email SSL settings, select the Enable Email scanning over SSL check box. This is applicable only when you select Email option in the Application / Online Service. Ensure that you perform the procedure to import the certificate for the mail client that you are using. This feature is available only in the clients with Microsoft Windows operating system.
- Expand Data Settings to configure the settings for File Types, Confidential Data, and User Defined Dictionary.
Select the Monitor File Types check box. Select the File Types caret from the following:
- Graphic Files (Audio, Video, Images)
- Office Files (MS Office, Open Office, Kingsoft Office)
- Programming Files
- Other Files (Compressed files etc.)
To add the Custom Extensions, do the following:
- Select the Custom Extensions check box.
- Click Add button. Add Custom Extensions dialog appears.
- Type an extension in the text box and press enter.
- Click Add.
You can delete the custom extension with the help of delete icon.
Select the Monitor Confidential Data check box. Select the Confidential data carets from the following:
- Confidential data such as Credit/Debit Cards
- Personal information such as Social Security Number (SSN), Email ID, Phone Numbers, Driving License Number, Health Insurance Number, Passport Number, ID, International Banking Account Number (IBAN), Individual My Number, Corporate My Number, Pin Code, Aadhar Number and Vehicle Registration Number.
- Select the Monitor User Defined Dictionary check box. The User Defined Dictionaries are created at Data Loss Prevention.
- The words/strings must be flagged if used in communication.
You can either choose to be notified through email notification when an attempt is made to leak information, or prevent the attempt from being carried out successfully.
- Expand Action to configure the action to be performed after the attempts is carried out, either Block and Report or Report only. Alert prompts will not be displayed for Report Only action.
Expand Exceptions. To add the domain names that you want to exclude from Data Loss Prevention, do the following:
- Enter the domain name in the text box.
- Click Add. You can see the list of domain names. You can edit, delete and export the domain names.
- To import the domain name, click Import. The File Upload dialog appears.
- Select the valid exported domain data file.
- Click Open. The database file is imported.
- Domain Exceptions support the Windows platform only.
- Domain Exceptions support Microsoft Outlook and Thunderbird email clients only.
- If sender and receiver are from different domains, add both domain names in Domain Exception.
In Application Whitelisting, you can import application in .dat file format to exclude applications from Data Loss Prevention. Do the following:
- To download DLP Application Whitelisting Tool, click Download.
- After downloading the Whitelisting Tool, add applications for DLP whitelisting in the tool.
- Generate DLPAppWhiteList.dat file.
- Click Import to import DLPAppWhiteList.dat file. The applications are whilelisted.
To add the network paths, do the following:
- Enter the Network path the text box.
- Click Add.
- You can see the list of Network path. You can edit, delete and export the Network path.
- To import the Network path, click Import. The File Upload dialog appears.
- Select a valid exported network share data file.
- Click Open. The database file is imported.
- Network path supports the Windows platform only.
Click Save Policy.
For Mac Client:
- Confidential & User Dictionary Data will not be blocked in subject line, message body of email or messenger communication.
- Prompts and report will be generated in case if monitored file type is downloaded.
- Certain file types (POT, PPT, PPTX, DOC, DOCx, XLS, XLSX, RTF) containing unicode data will not be blocked.
- Seqrite provides you an advanced scanning feature, Data-At-Rest Scan. With this feature you can search for a particular type of data in various formats.