Data Loss Prevention

  • Private Community
 View Only

  • 1.  Policy Group Best Practices

    Posted Oct 02, 2013 04:34 PM

    All,

     

    I am just curious to see ideas of what some of you have done regarding policy groups in DLP. I usually create policy groups around server types (DIM, DAR, DIU) so that I can create policies that are specific to each detection server. This allows me to create policies that are meant for Endpoint or Web Prevent so that our endpoint agents do not need to suffer performance impact from policies that may not belong in the endpoint world. Another example would be that a Web Prevent policy should never need to be burdened with exclusions/inclusions for email related info (sender/recipient).

    My issue has always been with reporting though. By creating policy groups around the detection sever types, this usually results in policies with names like "CCN - Endpoint" and "CCN - Web Prevent" and then assigned to the approriate policy group. I understand that policy names can be the same as long as the policy group is different but the summarization and reports don't show which policy group a policy belongs to.

    I'm just curious to see what others have done or am I just under estimating the capabilities of the detection servers and should just combine all server types into one policy group?

    Thanks,



  • 2.  RE: Policy Group Best Practices

    Posted Oct 03, 2013 12:41 AM

    Well, to the best of my knowledge there is no recommended best practice around this. However, this is more of a decision to be taken according to your requirements.

    Considering the reporting and Incident Management access, It will be helpful to create Policy Groups based on different business unit policies. Thus you shall be able to grant access to individual business unit stakeholders to view their incidents only. Moreover, this will also be helpful for reporting.



  • 3.  RE: Policy Group Best Practices

    Trusted Advisor
    Posted Oct 03, 2013 01:56 AM

    hi tim,

     You can also used policy group when you have different profile who are allowed to create policies and you need to have a seggregation between them

     regards



  • 4.  RE: Policy Group Best Practices

    Posted Oct 09, 2013 12:12 PM

    We use policy groups as you have described.  We have DIM/DAR/Endpoint policy groups, and a duplicate set of test policy groups also.

     



  • 5.  RE: Policy Group Best Practices

    Posted Oct 30, 2013 09:01 AM

    We have Policy groups based on line of business to assist in "need to know" mantra.  The privacy users don't need to see the compliance incidents and vice versa. We also create policy groups based on the solution - DIM, DAR, EDP.