Data Loss Prevention Actions

Views:

When Data Loss Prevention detects the transmission of data identifiers, it checks the DLP policy for the detected data identifiers and performs the action configured for the policy.

The following table lists the Data Loss Prevention actions.

Data Loss Prevention Actions

Action

Description

Actions

Pass

Data Loss Prevention allows and logs the transmission.

Block

Data Loss Prevention blocks and logs the transmission.

Additional Actions

Notify the agent user

Data Loss Prevention displays a notification message to inform the user of the data transmission and whether it was passed or blocked.

Record data

Regardless of the primary action, Data Loss Prevention records the sensitive information to

<Security Agent
                                    installation folder>\DLPLite\Forensic

. Select this action to evaluate sensitive information that is being flagged by Data Loss Prevention.

Recorded sensitive information may consume too much hard disk space. Therefore, Trend Micro highly recommends that you choose this option only for highly sensitive information.

Encrypt supported channels using the specified key/password (only available if Endpoint Encryption is installed)

Note

This option is only available for Removable storage and Cloud storage service channels and when selecting the Pass action.

Important

The File Encryption feature in Endpoint Encryption is deprecated and may not be available for new installation instances.

If Trend Micro Endpoint Encryption is installed alongside theTrend Vision One Endpoint Security agents, Data Loss Prevention can automatically encrypt files before allowing a user to pass them to another location. If Endpoint Encryption is not installed, Data Loss Prevention performs the Block action on files.

Choose one of the following encryption keys or a fixed password:

User key: Also known as a Local Key, this key is unique to each user and limits access to the encrypted file to the user that created the file.
Shared key: This key refers to the Group Key or Enterprise Key and the Endpoint Encryption administrator configures the type using PolicyServer MMC.
Fixed password: Users manually provide a fixed password using an on-screen prompt. Endpoint Encryption creates a self-extracting package that users can access on any endpoint after providing the decryption password.

Important

The target endpoint must have Endpoint Encryption installed and the user must log in to Endpoint Encryption in order to encrypt data.
Encrypted files located on USB devices are subject to Data Loss Prevention scanning when users attempt to decrypt the files. Decrypting files containing sensitive data on a USB device triggers the USB encryption protocol resulting in the system requiring that the sensitive data be encrypted (again). To prevent Data Loss Prevention from attempting to "re-encrypt" the data, move the encrypted files to a local drive before attempting to access the data.
Data Loss Prevention blocks attempts to upload files to cloud storage when using a web client. Encrypt the files manually before uploading using a web client.

User justification

Note

This option is only available after selecting the Block action.

Data Loss Prevention prompts the user before performing the Block action. User can select to override the Block action by providing an explanation as to why the sensitive data is safe to pass. The available justification reasons are:

This is part of an established business process.
My manager approved the data transfer.
The data in this file is not confidential.
Other: Users provide an alternate explanation in the text field provided.

Keywords: Data Loss Prevention,actions