Data Loss Prevention Part 2: Working with DLP
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
Welcome back to the M s. 3. 65 Security Administration. Course.
I'm your instructor, Jim Danes.
We're a module for industry 65 3rd protection less than three. Data loss prevention,
part two. Working with deal t
This lesson. We're going to go over how deal? P integrates with the foul classification and thanks F c I.
We're gonna look more at deal P policy creation, configuration and customization.
And how does Cindy lp alert Stewed administrators
in this 3 65 can use a deal p policy to identify, monitor and protect sensitive information.
The deal P policy can be created in Mystery 65 that recognizes properties that Windows server FC I has applied the documents.
This kind of blurs on prim and in the clown, doesn't it? Yes, it does
deal P policies or not retroactive.
When you create a policy doesn't automatically go out and do everything.
Only new content edit. The content will be detected automatically after policies enabled.
A manual re index is needed to detect existing content.
If you create a new deal P policy and you have 1000 documents sitting on your file server
isn't me like OK, well, I don't care about this.
if a new documents created after the policies created is gonna check it out
to get those 1000 documents that pretty existed that policy,
you have to do a manual re index. Then that policy will go through those 1000 documents.
That's an important key to remember
before Policy can be enforced
course as to be created.
So let's look at creating the policy from a building policy template.
We go into the security compliance center, go to data loss prevention, got a policy
for this one must do financial and US financial data. So US financial data is one of the built in pre defined, sensitive information types.
We're gonna name it US financial data
and choose locations.
You can have it unified, which is the first radio button toe where you protect content in exchange teams.
One drop in SharePoint
or, if you want, you have a deal P policy for one specific service. If you just want for exchange, for example,
if you go into customized of locations,
it was just like a content search. Like it, he discovered search
so you can go then exclude accounts
there's tons of capabilities. If you want a policy that just applies to starting members within the department, you could do that
if you want to just applies to
three SharePoint sites. Yeah, you can do that. It's very granular and very flexible.
So now since we define the location, we're gonna look at
We're going to detect the content when it's shared. You can do people outside
or only on the inside.
If something's shared externally, you can have a different policy than if something shared internally.
So here's some of the advanced settings we can do. We could have multiple rules in the same policies. You can have your internal and external sharing
within the same policy.
Do you detect your volume
if it's a low volume with high volume, so you can go say at there's five
financial records within undocumented triggers. What there's 10 with was one was theirs, too.
If all these different thresholds that you can set
next, we're going to choose what happens when the policy triggers this is the action
because some policy tips and you know notifications can be set up here
for restrictions and encryption. Weaken block the content from being shared. Or we can force encryption and exchange FX a email message.
test out the policy
or turn it on right away.
You can even restrict the scope of your testing
if you choose the locations
and do your test base from that,
the policy is ready to go off. Then you can go back,
open the scope up,
and enable it.
That's always best practice.
Usually, we test things in I T.
Or his financial made will be test and auto department purchasing.
H or for P I.
You can never just go down, even to a couple of users.
Test them, see how it works.
Make sure everything's correct. Feedback is good. Expanded Tesco.
The back is good, then expanded out to your whole organization.
Remember, you don't have to turn it one for everybody. All lost testing is a good thing.
Helps eliminate user frustration, which increases adoption.
Once everything was good. We just review our settings and click on create
to edit an existing DLP policy.
We sign in the n 3 65 admin and go to the security compliance. Seven.
Get a policy that most prevention policy then we select the policy we want to edit.
We pull it up and we got at it.
This is a
closer view of the volume thresholds
within those policies, and within those rules,
accuracy tweaking can help decrease false positives.
Always tweet during testing.
Testing is your time to determine efficacy
and determined false positives
that match your policies. Risk
instance. Count one to any there's could be customized accuracy. Men Max. There's going to customize as well.
Additional rule settings conclude user over US Exceptions Actions User notification incident Report Options.
You can require a user to provide a business justification to overrun,
or you can Voronin automatically if they reported as a false positives.
Incident Reports admits. Configure inaction to generate incident reports f an event occurs.
Here's an example of the incident report
to where the service was exchanged.
It goes through
all of these different informations person sharing to from severity. If it's a false positive or over Ron that the user did those that we just saw in the previous frame that will be long as well.
It will tell you how it mass
the rule that amassed
the action Taken one. It's a very good
mechanism when you start to develop the LP policies,
quis the quickest way to start using Deal P policies is to create a new policy from any existing template. True or false.
Of course, the answer to that is true.
Same place where, therefore, reason the template makes something harder.
It shouldn't be a template
to create a custom DLP policy. The first couple steps you upload a document with the need of property into industry. 65.
You create a manage property insert 0.1 on
crawls the property within industry. 65.
Step three. We created the LP policy. It's a condition document. Contains Values are not available in the U on. We gotta east ourselves
ourselves to the rescue.
We have new set. Get those with the verbs.
GOP Compliance policy
So new GOP compliance policy said
deal. Be compliance policy. Get DLP components policy
to recap The lesson. A deal P policy can be created in Mystery. 65 recognizes properties that Windows Server FC I has applied the documents
before Deal P can be enforced. A GOP policy isn't heated.
Administrators can configure inaction to generate incident reports
F A DLP event occurs.
Thank you for joining me on this lesson. All about GOP.
You see, for the next one take care.
Data Loss Prevention Part 3: DLP User Experience
Cloud Application Security
Archiving and Retention Part 1
Archiving and Retention Part 2: Modern Retention
Archiving and Retention Part 3: Archiving and Retention in Exchange