Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1077 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Detect DataLeak with "Data Control"

milkyway11fr

Hi there,

What are the best practices to detect dataleak using Data Control.

I can create policies and raise exceptions concerning specific files, or audit USB devices...

Can I raise alert for instance when 500 MB is copied on local drive or on USB device ??

Thanks

Mike

:34977


This thread was automatically locked due to age.
  • 0

    Hi,

    Size isn't an option, file type, file name and content can be part of the rules.

    I suppose when considering rules, you have the standard ones Sophos provides. If you have specific file types, or content that you wish to keep track of, those would be when you would create your custom rules.  

    Metadata in files such as Office docs is also scanned for content, so maybe there are some markers there you can match on for example with a simple custom content rule.  Authors, Company, Template for example.

    Ideally it would be nice if all documents you wish to keep tabs on had a unique string for example.  This would make it very easy to create a content rule to ensure all files you care about are subject to tracking.

    You may also have a different set of rules for each department depending on what data they have access to.  This might only need to be considered thought if you end up with too many rules and it starts to cause performance problems for users.

    Regards,

    Jak

    :34979