Toronto Data Loss Prevention User Group

 View Only

  • 1.  White List issue faced in DLP

    Posted May 08, 2018 06:02 PM

    Hello

    My objective is to block confidential documents sent via mail outside the network, as per business req I had to white list a particular destination e.g example.com. The problem I faced was on whitelisting the said URL, the Recipients having that particular whitlelisted URL as one of its several destinations gets totally ignored by DLP . No incident was generated.  For example:
     

    White listed: xyz@example.com

    Sender: abc@mycompany.com

    Recipient: xyz@example.com , pqr@gmail.comcvb@yahoo.com

    A simple PCI rule would trigger an event if Confidential Documents was being sent to above Recipient and should block it via response rule. Since xyz@example.com is under white list, no events were generatedDLP ignored the other destinations such gmail, yahoo etc in Recipient. As a result we have no visibility over data moving to other destinations .

    Please suggest some ways to tackle this issue.

     

    Regards,

    Vishnu



  • 2.  RE: White List issue faced in DLP
    Best Answer

    Posted May 08, 2018 06:11 PM

    Hi Vishnu,

    Duble check the exclusion rule to ensure that you have selected the radio button that says 'All Recipients Must Match - SMTP Only'.

     

    If this has not been done, make the change and test again.

     

    This means that for the above scenario an incident would trigger if an email was sent to : Recipient: xyz@example.com , pqr@gmail.com , cvb@yahoo.com

     

    Please verify and send screenshot if possible.

     

    Thanks!

    SL