Transcript Exchange Archiving TechDeck

2
DLP helps to
identify
monitor
protect
sensitive data through
deep content analysis
Administrators
How much sensitive content is
flowing? What policies should I
use? What s the effect?
Information Workers
Don t get in the
way of work
Compliance Officer
Are we compliant?
Is there a problem?
What it will not do?
•
Provide 100% unbreakable
solution to data loss
•
It will not prevent analog data
loss
What kinds of files
can DLP scan?
Extension
File Type
Doc , Docx
Word 2003 to Word 2013
XLS, XLSX, XLSB
Excel 2003 to Excel 2013
PPT
PowerPoint 2003 to 2013
TXT, CSV
Text Files
Zip
Archive Files.
GZIP (GZ)
RAR
TAR (Tape Archive )
UU Encode (UUE)
Mime
S/Mime
TNEF
MSG
MacBin
RTF
Rich Text Format
HTML/XML
PDF
7
Portable Document Format
Sarbanes-Oxley Act of 2002 (SOX)
Security Exchange Commission Rule 17a-4 (SEC Rule 17 A-4)
National Association of Securities Dealers 3010 & 3110 (NASD 3010 & 3110)
Gramm-Leach-Bliley Act (Financial Modernization Act)
Financial Institution Privacy Protection Act of 2001
Financial Institution Privacy Protection Act of 2003
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Uniting and Strengthening America by Providing Appropriate Tools Required to
Intercept and Obstruct Terrorism Act of 2001 (Patriot Act)
• European Union Data Protection Directive (EUDPD)
• Japan’s Personal Information Protection Act
•
•
•
•
•
•
•
•
9
Defines the policy objectives
to help meet regulatory requirements
for identified content
Contains data type definitions
to help identify sensitive content
• Content to monitor
• User action
• Mail flow actions
contains
•
•
10
Credit cards
EU debit cards
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Integrated into ETR engine:
Transport Rule Agent
•
Runs in categorizer during
OnResolvedMessage
•
Integrated as a new ETR Predicate
•
Performs text extraction for body &
attachments followed by classification
•
Can be combined with any existing Predicates
& Actions
Text Extraction
Classification
How do the components work together?
Transport Rules
Agent
Policy Engine
Action Taken on the
message
Text Extraction
Agent
Classification Agent
How content analysis works in Exchange 2013
Get
Content
Joseph F. Foster
Visa: 4485 3647 3952 7352
Expires: 2/2012
RegEx 4485 3647 3952 7352  a 16 digit number is
Analysis detected
1. 4485 3647 3952 7352  matches
Function
checksum
Analysis 2. 1234 1234 1234 1234  does NOT match
1. Keyword Visa is near the number
Additional
2. A regular expression for date (2/2012) is
Evidence
near the number
Example
This content would match for Credit Cards
ACME Travel,
I have received updated credit card information for
Joseph
Joseph F. Foster
Visa: 4485 3647 3952 7352
Expires: 2/2012
Please update his travel profile.
This content will NOT match for Credit Cards
Hi Alex,
I expect to be in Hawai too. My booking code is 1234
1234 1234 1234 and I’ll be there on 3/2012
Verdict
1. There is a regular expression that matches a
check sum
2. Additional evidence increases confidence
Regards,
lisa
•
•
•
•
•
•
Doesn’t disrupt user workflow
•
Can work even when
disconnected
•
Contextual policy education
•
Admin customizable text and
actions
•
•
•
•
•
•

Backend policy
evaluation
Admin
DLP policy configuration
Audit & incident data
generation
Outlook
Contextual
policy
policy
distribution
education
Information Workers
Comprehensive view of DLP
policy performance
Downloadable Excel workbook
Drill into specific departures from
policy to gain business insights
27
Education experience in Outlook
Available in Exchange Server and Office 365
Out-of-the-box DLP policy templates
Predefined sensitive content types
Support for third party–defined DLP policy
templates
DLP administration in Exchange Admin Center
Rich reporting
29