cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
810
Views
4
Helpful
7
Replies

CSA - file copy log

hegegabor
Level 1
Level 1

Hi all!

I have a question.

We want to protect the data in out company and I set the CSA-MC to log when someone try to copy the private datas to a removable device, pendrive...

and the CSA send me a mail about this event.

But it isn't enough protection. If the user change the filename (.mp3) I don't know what is the file actually, it is really an "mp3" or a private data.

What can you suggest me?

Can I save the file somewhere to check it later?

or create a better rule, to catch if someone try to steal the data.

(I don't want deny saving, just log the stealing)

I hope you understand what I want.

Thank you, br Gabor

1 Accepted Solution

Accepted Solutions

Hi Gabor,

You can use these data classes, and I would recommend it as a good starting point. The idea is that you would define the Proprietary Data (i.e. saved from your sensitive app) and the pre-defined policies will monitor and control that data. Plus, you will have the ability to report on those data tags and see how the data is being used across your environment.

Hope that helps!

Josh

View solution in original post

7 Replies 7

tsteger1
Level 8
Level 8

What version of CSA?

5.2 has a Data Theft Prevention Module already configured.

Tom

The CSA version is 6.0.1.

The Data Loss Prevention module requires license for the desktop hosts, we have no DLP license.

Is there any way to protect data without DLP?

I have created rules that only check file extensions, I think it is not enough..

Any idea?

Gabor

Gabor,

The first key step is to identify where this sensitive data lives, or what program is generating it (even easier.) Let's say that you want to secure everything from your financial application. You would setup CSA to static tag any data file written by that program as "sensitive." Then you would write some CSA rules to monitor whenever that sensitive data was modified (i.e. change extension) and/or block when used improperly (i.e. copied to USB.)

All those options are available without the optional DLP license.

Thanks,

Josh

Josh,

thank you, it is a good news.

Can you tell me a user guide, how can I setup it? or block in how have to do.

I have found nothing yet.

really thanks! Gabor

I think I found the solution.

I have a new question:

There are lot of rules configured by default for Regulatory and Proprietary Data classes. Can I use these classes or have to create my own static data class?

Hi Gabor,

You can use these data classes, and I would recommend it as a good starting point. The idea is that you would define the Proprietary Data (i.e. saved from your sensitive app) and the pre-defined policies will monitor and control that data. Plus, you will have the ability to report on those data tags and see how the data is being used across your environment.

Hope that helps!

Josh

Thanks, yes it is helpful for me.

I'm going to test it all these things.

Gabor

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: