Data Loss Prevention Part 2: Working with DLP

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Welcome back to the M s. 3. 65 Security Administration. Course.
00:05
I'm your instructor, Jim Danes.
00:07
We're a module for industry 65 3rd protection less than three. Data loss prevention,
00:14
part two. Working with deal t
00:18
This lesson. We're going to go over how deal? P integrates with the foul classification and thanks F c I.
00:24
We're gonna look more at deal P policy creation, configuration and customization.
00:29
And how does Cindy lp alert Stewed administrators
00:33
in this 3 65 can use a deal p policy to identify, monitor and protect sensitive information.
00:40
The deal P policy can be created in Mystery 65 that recognizes properties that Windows server FC I has applied the documents.
00:50
Oh, wait.
00:52
This kind of blurs on prim and in the clown, doesn't it? Yes, it does
00:59
deal P policies or not retroactive.
01:02
When you create a policy doesn't automatically go out and do everything.
01:06
Only new content edit. The content will be detected automatically after policies enabled.
01:11
A manual re index is needed to detect existing content.
01:18
If you create a new deal P policy and you have 1000 documents sitting on your file server
01:23
isn't me like OK, well, I don't care about this.
01:26
However,
01:27
if a new documents created after the policies created is gonna check it out
01:33
to get those 1000 documents that pretty existed that policy,
01:36
you have to do a manual re index. Then that policy will go through those 1000 documents.
01:42
That's an important key to remember
01:47
before Policy can be enforced
01:49
course as to be created.
01:51
So let's look at creating the policy from a building policy template.
01:57
We go into the security compliance center, go to data loss prevention, got a policy
02:00
creative policy
02:02
for this one must do financial and US financial data. So US financial data is one of the built in pre defined, sensitive information types.
02:14
We're gonna name it US financial data
02:16
and choose locations.
02:19
You can have it unified, which is the first radio button toe where you protect content in exchange teams.
02:25
One drop in SharePoint
02:28
or, if you want, you have a deal P policy for one specific service. If you just want for exchange, for example,
02:36
if you go into customized of locations,
02:38
it was just like a content search. Like it, he discovered search
02:43
so you can go then exclude accounts
02:46
there's tons of capabilities. If you want a policy that just applies to starting members within the department, you could do that
02:53
if you want to just applies to
02:55
three SharePoint sites. Yeah, you can do that. It's very granular and very flexible.
03:01
So now since we define the location, we're gonna look at
03:07
customization settings.
03:09
We're going to detect the content when it's shared. You can do people outside
03:15
or only on the inside.
03:16
If something's shared externally, you can have a different policy than if something shared internally.
03:23
So here's some of the advanced settings we can do. We could have multiple rules in the same policies. You can have your internal and external sharing
03:31
within the same policy.
03:34
Do you detect your volume
03:36
if it's a low volume with high volume, so you can go say at there's five
03:43
financial records within undocumented triggers. What there's 10 with was one was theirs, too.
03:47
If all these different thresholds that you can set
03:53
next, we're going to choose what happens when the policy triggers this is the action
03:59
because some policy tips and you know notifications can be set up here
04:02
for restrictions and encryption. Weaken block the content from being shared. Or we can force encryption and exchange FX a email message.
04:12
We can
04:13
test out the policy
04:15
or turn it on right away.
04:18
You can even restrict the scope of your testing
04:20
if you choose the locations
04:24
and do your test base from that,
04:27
the policy is ready to go off. Then you can go back,
04:30
open the scope up,
04:31
widens, go
04:33
and enable it.
04:35
That's always best practice.
04:38
Usually, we test things in I T.
04:40
Or his financial made will be test and auto department purchasing.
04:44
H or for P I.
04:46
You can never just go down, even to a couple of users.
04:49
Test them, see how it works.
04:51
Make sure everything's correct. Feedback is good. Expanded Tesco.
04:57
The back is good, then expanded out to your whole organization.
05:00
Remember, you don't have to turn it one for everybody. All lost testing is a good thing.
05:05
Helps eliminate user frustration, which increases adoption.
05:11
Once everything was good. We just review our settings and click on create
05:17
to edit an existing DLP policy.
05:20
We sign in the n 3 65 admin and go to the security compliance. Seven.
05:25
Get a policy that most prevention policy then we select the policy we want to edit.
05:30
We pull it up and we got at it.
05:33
This is a
05:34
closer view of the volume thresholds
05:39
within those policies, and within those rules,
05:42
accuracy tweaking can help decrease false positives.
05:46
Always tweet during testing.
05:48
Testing is your time to determine efficacy
05:51
and determined false positives
05:54
that match your policies. Risk
06:00
instance. Count one to any there's could be customized accuracy. Men Max. There's going to customize as well.
06:08
Additional rule settings conclude user over US Exceptions Actions User notification incident Report Options.
06:15
You can require a user to provide a business justification to overrun,
06:20
or you can Voronin automatically if they reported as a false positives.
06:26
Incident Reports admits. Configure inaction to generate incident reports f an event occurs.
06:32
Here's an example of the incident report
06:35
to where the service was exchanged.
06:38
It goes through
06:40
all of these different informations person sharing to from severity. If it's a false positive or over Ron that the user did those that we just saw in the previous frame that will be long as well.
06:54
It will tell you how it mass
06:55
the rule that amassed
06:57
the action Taken one. It's a very good
07:00
mechanism when you start to develop the LP policies,
07:06
quis the quickest way to start using Deal P policies is to create a new policy from any existing template. True or false.
07:15
Of course, the answer to that is true.
07:17
Same place where, therefore, reason the template makes something harder.
07:21
It shouldn't be a template
07:26
to create a custom DLP policy. The first couple steps you upload a document with the need of property into industry. 65.
07:32
You create a manage property insert 0.1 on
07:38
this
07:39
crawls the property within industry. 65.
07:44
Step three. We created the LP policy. It's a condition document. Contains Values are not available in the U on. We gotta east ourselves
07:53
ourselves to the rescue.
07:54
We have new set. Get those with the verbs.
07:58
National Command
07:59
GOP Compliance policy
08:01
So new GOP compliance policy said
08:05
deal. Be compliance policy. Get DLP components policy
08:11
to recap The lesson. A deal P policy can be created in Mystery. 65 recognizes properties that Windows Server FC I has applied the documents
08:20
before Deal P can be enforced. A GOP policy isn't heated.
08:26
Administrators can configure inaction to generate incident reports
08:30
F A DLP event occurs.
08:33
Thank you for joining me on this lesson. All about GOP.
08:37
You see, for the next one take care.
Up Next