Rules for Protocols
Content-Aware Rules extend the protocol contextual access control functionality of DeviceLock DLP by adding comprehensive content-level protection of corporate data containing confidential company information. They enable automatic content inspection of data/files transmitted over the network, detection of sensitive content and help with the enforcement of regulatory policies.
Content-Aware Rules can selectively allow or deny access to specific content transmitted over the network regardless of the preset permissions at the protocol-level. They can also be used to allow or deny the shadow copying of specific content, or to detect user attempts to transfer specific content over a protocol without blocking transfer or creating shadow copies. For flexibility, Content-Aware Rules can be defined per network protocol channel on a per-user or per-group basis.
It is possible to apply Content-Aware Rules to access control operations, to shadow copy operations, to detection operations, or configure them to perform all of the above.
The following examples illustrate the use of Content-Aware Rules.
•Example 1 - Using Content-Aware Rules for access control operations. Rules can prevent certain users or groups from uploading files containing credit card numbers, telephone numbers, and addresses to an FTP server.
•Example 2 - Using Content-Aware Rules for shadow copy operations. Rules can be configured so that IM conversations containing credit card numbers and/or email addresses will be shadow copied for security auditing and incident investigation purposes.
•Example 3 - Using Content-Aware Rules for detection operations. Rules can be configured so that any attempts to transfer executable files will be audit logged and alerted on, without blocking the transfer or creating shadow copies.