Tip:
Highlight text to annotate it
X
Hello everyone and welcome to another episode of WebInformant dot tv. I am David Strom,
your host and reviewer. Today we looking at the dashboard of Blue Coat's DLP appliance,
which is used to protect leaks and prevent unauthorized users from seeing your most
confidential data. The product also works with Blue Coat's Proxy SG appliance to increase
content security.
Let’s get started by first going to register the data that you are most concerned with.
You see here it comes with a variety of different pre-defined types of structured data tags,
filters for particular file types, and patterns such as detecting social security and credit
card account numbers. To further refine its searches, you can also
upload files or other unstructured data that consist of employee or customer names and
addresses from your desktop. We click on Add RedList data button and then walk through
the wizard.
Once you have this setup, you create a policy to manage what happens when this data leaks
out. Go to the Protect Data tab and you can see here the dozens of default policy templates
that come pre-installed. We can either edit one of these or if we click on create a new one
we can start from scratch, and you see here that you can allow the data to pass through
your network and log the incident, or block the activity entirely. We can also create
policies that protect encrypted data too, and I will talk about that in a moment.
To make changes, we click on the pencil icon and then the Registered Data tab -- say we
want to change our inappropriate language policy to filter both inbound and outbound
traffic. We bring up the graphical rule editor where we make our changes to the logic
by clicking on the direction and protocols here.
Now let's set up a few data leak scenarios and show you how they are reported. Let's
say I am sending a series of customer contacts using a private Gmail account, and moreover I am
sending them over an encrypted SSL session. Here you see the screen shot creating the
email, and here you see the resulting incident that is recorded by our DLP appliance when
we go into View Status and click on it on the dashboard. When we open up the incident
and click on the ID, we can see the details of the matched data that was detected.
We can also setup the box to educate end users that they are doing something risky, such
as adding unauthorized data to a public Web site, in this case Wikipedia. We can customize
the block message displayed on the screen
What did I like about the product? There are
various reports available, the tab under View status/Incidents give you a good feel
for what is going on around your network, such as actions taken, top source IP addresses,
and offending user email IDs.
I also liked the way it works with leading email encryption vendors' appliances and the
Blue Coat Proxy SG to set up policies to ensure that sensitive data is encrypted automatically
when it leaves your network. You’ll want to spend some time understanding these options.
The important thing to remember is being able to understand the logic inherent in the
various policies that you create, and making sure that the policy is looking for the right
patterns of data that you want to protect. If you don’t set up your policies correctly,
you could get yourself into a lot of trouble or create a lot of false positives.
To sum up, BlueCoat has an innovative way to detect and prevent data leaks and is worth
a closer look.
Thanks for watching this screencast. You can view more of them at Web Informant dot tv,
get information about my speaking business and links to my other articles here.