Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA - file copy log

Hi all!

I have a question.

We want to protect the data in out company and I set the CSA-MC to log when someone try to copy the private datas to a removable device, pendrive...

and the CSA send me a mail about this event.

But it isn't enough protection. If the user change the filename (.mp3) I don't know what is the file actually, it is really an "mp3" or a private data.

What can you suggest me?

Can I save the file somewhere to check it later?

or create a better rule, to catch if someone try to steal the data.

(I don't want deny saving, just log the stealing)

I hope you understand what I want.

Thank you, br Gabor

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: CSA - file copy log

Hi Gabor,

You can use these data classes, and I would recommend it as a good starting point. The idea is that you would define the Proprietary Data (i.e. saved from your sensitive app) and the pre-defined policies will monitor and control that data. Plus, you will have the ability to report on those data tags and see how the data is being used across your environment.

Hope that helps!

Josh

7 REPLIES
Blue

Re: CSA - file copy log

What version of CSA?

5.2 has a Data Theft Prevention Module already configured.

Tom

New Member

Re: CSA - file copy log

The CSA version is 6.0.1.

The Data Loss Prevention module requires license for the desktop hosts, we have no DLP license.

Is there any way to protect data without DLP?

I have created rules that only check file extensions, I think it is not enough..

Any idea?

Gabor

New Member

Re: CSA - file copy log

Gabor,

The first key step is to identify where this sensitive data lives, or what program is generating it (even easier.) Let's say that you want to secure everything from your financial application. You would setup CSA to static tag any data file written by that program as "sensitive." Then you would write some CSA rules to monitor whenever that sensitive data was modified (i.e. change extension) and/or block when used improperly (i.e. copied to USB.)

All those options are available without the optional DLP license.

Thanks,

Josh

New Member

Re: CSA - file copy log

Josh,

thank you, it is a good news.

Can you tell me a user guide, how can I setup it? or block in how have to do.

I have found nothing yet.

really thanks! Gabor

New Member

Re: CSA - file copy log

I think I found the solution.

I have a new question:

There are lot of rules configured by default for Regulatory and Proprietary Data classes. Can I use these classes or have to create my own static data class?

New Member

Re: CSA - file copy log

Hi Gabor,

You can use these data classes, and I would recommend it as a good starting point. The idea is that you would define the Proprietary Data (i.e. saved from your sensitive app) and the pre-defined policies will monitor and control that data. Plus, you will have the ability to report on those data tags and see how the data is being used across your environment.

Hope that helps!

Josh

New Member

Re: CSA - file copy log

Thanks, yes it is helpful for me.

I'm going to test it all these things.

Gabor

176
Views
4
Helpful
7
Replies