How to Configure DataLock Policies
- DataLock polices can be configured for three different types of Data Loss Prevention:
- Email/Email Attachment Policy
- Removable Media (USB) Policy
- Data at Rest (DAR) Policy
- When a customer purchases DLP software, they must select to use the specified DLP installer from the Settings > Downloads and Licensing section of the account. Customers cannot assign DLP to a previously purchased SONAR, Web Filtering or Employee Monitoring product. In this circumstance they must uninstall this software and re-install with the specific DataLock installer.
- To begin configuring policies, login to www.sonarcentral.com and navigate to DataLock > Policy Management section (below).
- Firstly, select the group that you would like to create the policy for (above). After the group is selected, click the “Add” button.
- This will launch the Policy Wizard which will guide you through the process of creating a new policy.
Email / Email Attachment Policy
- Email policy: Select Email / Email Attachment (above)
- For selecting DLP policy based on “Alert words” to trigger a violation select Email Content and Attachments (above).
- To Select DLP policy based on file types select Block File Types. (Skip to block file types window, below)
- Note: Both types of conditions cannot be selected when setting up the same policy. You will need to create two different policies to achieve this.
- For Email Content and Attachments policy, the wizard will ask for at least one alert word category to be selected. Multiple categories can be selected if desired.
- Number of occurrences represents the number of times that an “alert word” is typed or viewed on a monitored machine before the policy violation is triggered. Increasing the number of occurrences will reduce the number of violations reported.
- If the policy in question is requested to be configured for only one type of email, this can be changed here (above).
- Webmail includes all types of supported webmail: Hotmail, Gmail, Yahoo Mail, AOL Mail and Outlook Web Access.
- The option to exclude specific emails is based off of entire Alert Word categories. If any words in a specified category are present, this will prevent the policy from causing a violation.
- The group(s) that the policy is set to be implemented for can be selected here (above). One or multiple groups can be selected for the newly created policy.
- To create a policy to Block File Types, the user will be prompted to select one of the listed categories of file types. DLP scans the metadata of the file so if the file extension is changed it will not throw off the scan.
- Individual file extensions cannot be selected. DLP block by file type will scan the meta-data of the file to identify the type of file that is present, regardless whether or not the file extension has been renamed. Multiple file categories can be selected for each policy.
- Internal Emails: Internal emails (emails sent between users in the same company) can be excluded from DataLock Policy Violations. From the Policy Management section click Internal Emails next to Delete. Enter in the email address or addresses to ignore from policy violations when Outlook emails are sent.
- Once the new policy has been generated, it will need to be enabled. See Fig. 1 for enabled toggle switch.
- IMPORTANT: When a new DLP policy is created, any machines that the policy has been enabled for must be rebooted for the policy to work. Due to the nature of DLP, this step is a requirement. Forcing a settings download will not activate the policy.
File Removable Media Policy:
- File Removable Media policies are created using the same policy wizard application. Removable Media policy can be configured for both “Alert Word” content and file types.
- DLP scan for USB policy violation will occur when the removable device is exited from the machine. File transfer will look as though it has completed successfully but the file will become corrupt when the device is removed.
- The actual policy violation prompt will also not occur until the device is removed from the machine.
- The device can be removed by “safely ejecting” or by manual removal. In both circumstances DLP policy will cause a violation if triggered.
Disable Removable Media Policy:
- When selecting “Disable Removable Media Policy” the following prompt will appear confirming this policy:
- If a policy for Disable Removable Media is created, it can be disabled later without deleting the policy thus re-enabling any previous USB polices.
- The Policy Wizard for Disable Removable Media provides the option to both prevent Write only or Read and Write access to the USB device. Selecting the policy for Write only will prevent any files from being transmitted while Read and Write will prevent a user from accessing files that are present on the device.
Data at Rest Policy:
- Data at Rest policy is used to scan files on a monitored machine with DLP installed. Data at Rest policy will look for potential violations that match the policy in place on all files present on a file system. As opposed to Email and file transfer polices, which only scan at the moment data is being sent or removed, Data at Rest or DAR will continuously scan the file system searching for file types or files that contain alert words which in turn will cause a violation of the policy.