Rules for Devices
Content-Aware Rules extend the basic port/device contextual access control functionality of the DeviceLock DLP by adding comprehensive content-level protection of corporate documents containing confidential company information. They enable automatic content inspection of data copied to external storage devices, detection of sensitive content, and help with enforcement of regulatory policies.
Content-Aware Rules can selectively allow or deny access to specific file content regardless of preset permissions at the device type-level. They can also be used to allow or deny the shadow copying of specific content, or to just detect attempts to read, write or delete specific content without necessarily blocking access or creating shadow copies. For flexibility, Content-Aware Rules can be defined per device channel on a per-user or per-group basis.
It is possible to apply Content-Aware Rules to access control operations, to shadow copy operations, to detection operations, or configure them to perform all of the above.
The following examples illustrate the use of Content-Aware Rules.
•Example 1 - Using Content-Aware Rules for access control operations. Rules can be configured to allow certain users or groups to read files specifically containing a phrase like “not for distribution” from Removable, Floppy and Optical devices, but still prevent them from writing files containing sensitive data to the same Removable, Floppy and Optical devices.
•Example 2 - Using Content-Aware Rules for shadow copy operations. Rules can be configured so that just files containing identifiable patterns like credit card numbers, Social Security numbers, bank routing numbers, or even just key words like “Secret”, “Confidential”, “Restricted,” or the phrases “Top Secret”, and “For Official Use Only” will be shadow copied for security auditing and incident investigation purposes.
•Example 3 - Using Content-Aware Rules for unusual event detection operations. Rules can be configured so that only attempts to transfer files exceeding 20 MB, for example, will be audit logged and alerted on, without necessarily blocking/delaying the actual transfer or creating shadow copies.
Content-Aware Rules can be applied in various ways to the following device types: Clipboard, Floppy, iPhone, MTP, Optical Drive, Palm, Printer, Removable, TS Devices, and Windows Mobile.
Note: When defining Content-Aware Rules for the Printer device type, consider the following: •DeviceLock Service can perform content analysis of documents sent to print, but only if the following options are selected on the Advanced tab of the printer’s Properties dialog box: Spool print documents so program finishes printing faster and Start printing after last page is spooled. •File Type Detection content groups and the following parameters of Document Properties and Digital Fingerprints content groups are not applicable to documents sent to print: File size, Modified, File name, Accessed by process, Password protected, Contains text, Additional parameters, Exact file match, Use only binary fingerprints for password protected documents. |