Security Engines - SmartDLP

 Avanan's SmartDLP is a Data Loss Prevention, or Data Leak Prevention (DLP) engine. SmartDLP helps Avanan's customers to protect their organization's data from potential data breaches or data ex-filtration transmissions.

SmartDLP can scan emails and text messages posted on collaboration platforms, and detect data patterns that should not be shared with unauthorized persons or targets. The engine can also extract text from images. More than 3000 file types are supported.

Benefits

  • Fast, modern DLP solution for scanning files and images

  • Many built-it DLP detection rules for many verticals and countries

  • Seamless setup

  • Simple, cross platform security policies

  • Simple yet powerful actions

  • Integration with other Avanan security tools

Configuring SmartDLP

To configure SmartDLP follow these steps:

  1. Navitage to Configuration side-menu > Security Engines and locate SmartDLP.

  2. Click Configure.

  3. A configuration dialog launches.

  4. You can configure the following:

    • Detected Text Storage Mode: control what scanned data will be saved and how. The following actions are available:

      • Store detected text strings: detected data is saved and can be displayed on the security events for the forensic process.

      • Obfuscate detected text prior to storage: detected data is saved and displayed on the security events obfuscated. The original data is discarded and cannot be accessed.

      • Do not store detected text: no detected data stored or displayed on the security events.

    • Minimal likelihood: set the minimal level of detection. See Match Likelihood section.

    • Detection Types: for each DLP detection category you can select which predefined DLP Rules are included. You can select rules from the dropdown.

  5. To save the change click OK.

 

Match Likelihood

DLP detection results are categorized based on how likely they are to represent a match. The likelihood is determined by the number of matching elements a result contains. The likelihood representation is intended to indicate how likely it is that a piece of data matches a given type of information (info type).

Likelihood scale:

  • Very Unlikely: it is very unlikely that the data matches the given Info type.

  • Unlikely: it is unlikely that the data matches the given Info type.

  • Possible: it is possible that the data matches the given Info type.

  • Likely: it is likely that the data matches the given Info type. Depends also on context.

  • Very Likely: it is very likely that the data matches the given Info type. Depends also on context.

Context: SmartDLP checks for additional attributes and presence of relevant data within the scanned document, depends on the configured level of likelihood. For example, when a Social Security Number (SSN) is discovered the engine can also check for presence of relevant strings close to the discovered pattern, i.e. "SSN" or "Social Security".


Configure Security Policies

For information on setting up DLP on your portal, including setting up security policies, Office 365 Encryption and more, refer to the DLP guide.

Built-in Rules

See this article.