Data Loss Prevention (DLP) is a critical security feature that enables system administrators to audit and/or block the transfer of sensitive files and data from endpoints. This protection extends across various egress points, including web browsers, applications, USB drives, removable media, and Remote Monitoring and Management (RMM) applications.
In today’s data-driven landscape, safeguarding organizational data is paramount. DLP ensures that sensitive information remains protected from both insider threats and external malicious actors. Sensitive data encompasses a wide range of critical assets, such as: supplier list, customer list, account details, payroll information, billing details, designs, drawings, code which are important assets of the organization.
Data Loss Prevention
Action: Admins can select audit (Report Only) or block action. It is recommended first to set on Report only and monitor for few days to observe all violations and tune-up the policy, instead of directly going for block action.
Snapshot Monitoring: Upon any DLP policy violation, a screenshot is automatically captured and made available in the Reports section. Administrators can specify the number of screenshots to capture and the interval between subsequent captures. These screenshots provide crucial contextual information regarding the violation, such as:
Enable Alert: The Enable Alert feature provides immediate user notification. When a user attempts to upload an attachment via their browser and it is blocked by a DLP policy, a pop-up notification will appear on their PC, informing them of the blocked action.
Upload Monitoring
Upload Monitoring is a vital feature that meticulously tracks user interactions within web applications, specifically focusing on uploads and data transfers. It enforces policies to prevent and report the unauthorized upload of sensitive data to restricted websites. Comprehensive reporting is available for both Audit (Report Only) and Block and Report modes.
Follow these steps to configure your Upload Monitoring policies:
- Browser-Based Data Loss Prevention: Select the web browsers where you want to enable this data loss prevention feature. Then, choose the appropriate action: Audit (Report Only) or Block, based on your organization’s security posture and preference.
- RDP Client Data Loss Prevention: Choose the Remote Desktop Protocol (RDP) clients on which you want to enable data loss prevention. Similar to browsers, select your preferred action: Audit (Report Only) or Block.
- Bluetooth Data Transfer Control: To monitor and control Bluetooth usage on a PC, enabling this feature helps prevent users from connecting to unauthorized Bluetooth devices to share data in various formats (e.g., .pdf, .csv, .txt, .xlsx). Depending on your selected action (Audit (Report Only) or Block), you can review policy violation details accordingly.
- Excluding Specific URLs for Uploads: If your organizational requirements necessitate allowing users to upload resources (data) outside the organization via selected browsers, you can specify the legitimate website URLs in the ‘Exclude URL/Title’ field. This enables users to upload data to these approved destinations while maintaining controlled access for all other sites.
- Excluding Specific File Extensions for Uploads: The ‘Exclude on Extension’ feature allows you to permit specific file extensions for upload on selected browsers. If you need to allow certain file types to be uploaded, you can enable this feature to customize access accordingly, balancing security with operational needs.
Download Monitoring
Download Monitoring is a crucial feature that tracks and restricts the downloading of specific file types, such as executables, compressed archives, and sensitive documents. This helps prevent unauthorized data exposure and enhances your organization’s security posture.
Follow these steps to configure your Download Monitoring policies:
- Browser Selection: Choose the web browser(s) where you want to restrict data downloads.
- Download Monitoring Modes: There are two modes available for download monitoring actions:
- Allow All Except Block List: In this mode, you specify file extensions that are not permitted for download (the “block list”). All other file types will be allowed.
- Block All Except Allow List: With this mode, you specify file extensions that are permitted for download (the “allow list”). All other file types will be blocked.
- Reporting: Comprehensive reporting is available for both modes to help you track download activities and policy violations.
- Report for “Allow All Except Block List” Mode: If you’ve selected “Allow All Except Block List” and specified blocked extensions (e.g.,
.pdf
,.log
), all other extensions will be allowed. You can then designate specific allowed extensions (e.g.,.txt
) for which you want detailed download reports. - Report for “Block All Except Allow List” Mode: If you’ve selected “Block All Except Allow List” and specified allowed extensions (e.g.,
.mp4
,.png
), all other extensions will be blocked. You can then designate specific blocked extensions (e.g.,.xlsx
) for which you want detailed download reports.
- Report for “Allow All Except Block List” Mode: If you’ve selected “Allow All Except Block List” and specified blocked extensions (e.g.,
Drive Monitoring
Drive Monitoring is a critical security feature that provides comprehensive oversight and control over data stored and transferred across local drives, removable devices, and network drives. This functionality prevents unauthorized actions such as Copy, Rename, Move, and Delete operations.
1. Process List
DLP Process Monitoring is an advanced feature integrated within Drive Monitoring, designed to enforce granular control over file operations. This capability specifically blocks or allows file actions—such as copying, moving, renaming, or deleting—when initiated through common system processes like Windows Explorer and the Command Prompt (CMD). This ensures enhanced security and precise control over data access and manipulation.
Configuration:
- Blocked Processes: Enter the name of any process you wish to block from performing the restricted file operations.
- Allowed Processes: Enter the name of any process you wish to explicitly allow to perform file operations, overriding any broader restrictions.
2. Removable Drive
This feature is specifically designed to prevent unauthorized modification of existing content on removable drives (e.g., USB flash drives).
- Enabling Removable Drive Protection: To activate these protective measures on your PC, select the corresponding checkbox in the configuration interface.
- Configuring Restricted Actions: Within this section, you can specify the actions you wish to restrict on removable drives:
- Copy Prevention: If “Copy” is selected, no user will be able to copy data (regardless of format, e.g.,
.txt
files) to the removable drive. - Move Prevention: If “Move” is selected, no user will be able to cut and paste data (regardless of format) to the removable drive.
- Rename and Delete Prevention: If “Rename” and “Delete” are selected, users will be prevented from renaming or deleting resources within any connected removable drive.
- Copy Prevention: If “Copy” is selected, no user will be able to copy data (regardless of format, e.g.,
3. Network Drive
Network Drive Monitoring is a crucial feature designed to prevent unauthorized modification of existing content on your network drives. This ensures the integrity and security of your shared data.
Enabling and Configuring Network Drive Protection:
- Activate Network Drive Protection: To enable these protective features on your PC, simply check the corresponding checkbox in the configuration interface.
- Select Restricted Actions: Within this section, you can specify the actions you want to restrict on network drives:
- Copy Prevention: If Copy is selected, users will be unable to copy any data (e.g., .txt files, documents, etc.) to the network drive.
- Move Prevention: If Move is selected, users will be prevented from cutting and pasting any data to the network drive.
- Rename and Delete Prevention: If Rename and Delete are selected, no one will be able to rename or delete resources within the connected network drive.
4. Local Drive
Local Drive Monitoring is a vital feature designed to prevent unauthorized modification of existing content on your local drives. This helps ensure the integrity and security of critical data stored directly on endpoint machines.
Enabling and Configuring Local Drive Protection:
- Activate Local Drive Protection: To enable these protective features on your PC, simply check the corresponding checkbox in the configuration interface.
- Select Restricted Actions: Within this section, you can specify the actions you want to restrict on local drives:
- Copy Prevention: If Copy is selected, users won’t be able to copy any data (e.g., text files, documents, etc.) to the local drive.
- Move Prevention: If Move is selected, users will be prevented from cutting and pasting any data to the local drive.
- Rename and Delete Prevention: If Rename and Delete are selected, no one will be able to rename or delete resources within the local drive.
Data Transfer Channels
Data Transfer Channel Monitoring within DLP is designed to prevent unauthorized sharing or leakage of confidential information by restricting data movement through various egress channels.
Print Screen Blocking
To disable the Print Screen button functionality on the keyboard, simply enable the corresponding checkbox option. This ensures that users cannot capture screen images using the Print Screen key, thereby preventing the unauthorized capture of sensitive on-screen information.
Printer Monitoring
This feature provides comprehensive oversight of printing operations when a printer is connected to your PC. It meticulously tracks details such as:
- Number of Print Jobs: The total count of printing tasks initiated.
- Total Pages Printed: The cumulative page count across all print jobs.
- Document Names: The names of the documents sent to the printer.
This detailed monitoring capability offers enhanced visibility and control over printed output, aiding in compliance and security efforts.
MS Exchange Outlook (Microsoft 365)
Microsoft Exchange Outlook in Microsoft 365 plays a crucial role in Data Loss Prevention (DLP), ensuring sensitive information is protected and compliance requirements are met. DLP policies in Exchange Online help organizations identify, monitor, and protect sensitive data within emails by applying rules that prevent unauthorized sharing
Outgoing Email Monitoring: Instantly start monitoring all outgoing emails from Outlook configured with Exchange. Gain visibility into every message sent from your organization’s accounts.
Customizable Actions: Choose between “Report Only” or “Block & Report” actions. When DLP is active, you can automatically block or audit the sending of sensitive emails, ensuring compliance and preventing data leaks.
Flexible Reporting: If sensitive data scanning is turned off, Exchange Mode Monitoring will still report on all outgoing emails, giving you insight without interrupting workflow.
Sensitive data scan: Enable sensitive data scanning to automatically detect company insights or confidential information in the email body, subject, or attachments. Define your own sensitive keywords or other settings for tailored protection(refer H).
Sensitive Data Scanning (Browser & Mails)
Sensitive Data Scanning is a robust feature designed to identify and protect highly confidential information, such as credit card details, personal identifiers, and financial data. This ensures comprehensive protection against unauthorized access and data breaches across both browser-based activities and email communications.
- Scan Outgoing mails , if it contains sensitive data it will be blocked
- If you attempt to upload a password-protected file on any selected browser, the upload will be blocked to ensure data security and prevent unauthorized file sharing.
- If a file contains credit card or MasterCard details, it will be automatically detected and blocked to prevent unauthorized sharing and ensure data security.
- If a file contains sensitive personal information—such as an email ID, mobile number, driving license number, password details, PAN card details, or Aadhaar card details—it will be detected and blocked when a user attempts to upload it via the browser, ensuring data security and privacy.
- If a file extension is listed in the “Include Extension” menu, monitoring will be applied only to the specified extensions.
Note: If no extensions are added to the “Include Extension” menu, all file extensions will be considered for monitoring. - If you want specific file extensions for skip to monitor sensitive data, add them to the exclude extension list.
example: PDF, CSV, TXT, etc….. - If you want to exclude a specific folder from monitoring, you can add its path to the “Folder path to exclude” menu.
- You can add specific keywords for monitoring. If any of these keywords are detected within a file’s content, the file will be blocked to prevent sensitive data exposure.