CSA - file copy log

Answered Question
Jul 6th, 2009

Hi all!

I have a question.

We want to protect the data in out company and I set the CSA-MC to log when someone try to copy the private datas to a removable device, pendrive...

and the CSA send me a mail about this event.

But it isn't enough protection. If the user change the filename (.mp3) I don't know what is the file actually, it is really an "mp3" or a private data.

What can you suggest me?

Can I save the file somewhere to check it later?

or create a better rule, to catch if someone try to steal the data.

(I don't want deny saving, just log the stealing)

I hope you understand what I want.

Thank you, br Gabor

I have this problem too.
0 votes
Correct Answer by johuston about 4 years 9 months ago

Hi Gabor,

You can use these data classes, and I would recommend it as a good starting point. The idea is that you would define the Proprietary Data (i.e. saved from your sensitive app) and the pre-defined policies will monitor and control that data. Plus, you will have the ability to report on those data tags and see how the data is being used across your environment.

Hope that helps!

Josh

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.5 (2 ratings)
tsteger1 Wed, 07/08/2009 - 16:16

What version of CSA?

5.2 has a Data Theft Prevention Module already configured.

Tom

hegegabor Wed, 07/08/2009 - 23:44

The CSA version is 6.0.1.

The Data Loss Prevention module requires license for the desktop hosts, we have no DLP license.

Is there any way to protect data without DLP?

I have created rules that only check file extensions, I think it is not enough..

Any idea?

Gabor

johuston Thu, 07/09/2009 - 03:27

Gabor,

The first key step is to identify where this sensitive data lives, or what program is generating it (even easier.) Let's say that you want to secure everything from your financial application. You would setup CSA to static tag any data file written by that program as "sensitive." Then you would write some CSA rules to monitor whenever that sensitive data was modified (i.e. change extension) and/or block when used improperly (i.e. copied to USB.)

All those options are available without the optional DLP license.

Thanks,

Josh

hegegabor Fri, 07/10/2009 - 00:27

Josh,

thank you, it is a good news.

Can you tell me a user guide, how can I setup it? or block in how have to do.

I have found nothing yet.

really thanks! Gabor

hegegabor Fri, 07/10/2009 - 03:03

I think I found the solution.

I have a new question:

There are lot of rules configured by default for Regulatory and Proprietary Data classes. Can I use these classes or have to create my own static data class?

Correct Answer
johuston Fri, 07/10/2009 - 04:24

Hi Gabor,

You can use these data classes, and I would recommend it as a good starting point. The idea is that you would define the Proprietary Data (i.e. saved from your sensitive app) and the pre-defined policies will monitor and control that data. Plus, you will have the ability to report on those data tags and see how the data is being used across your environment.

Hope that helps!

Josh

hegegabor Fri, 07/10/2009 - 06:58

Thanks, yes it is helpful for me.

I'm going to test it all these things.

Gabor

Actions

Login or Register to take actions

This Discussion

Posted July 6, 2009 at 6:16 AM
Stats:
Replies:7 Avg. Rating:4.5
Views:169 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard