Proactive DLP - Advanced Detection Policy is Now Available

At OPSWAT, we are continuously enhancing Proactive DLP (Data Loss Prevention) features and policy configurations to better meet our customers’ diverse needs for data protection. We offer flexibility to craft sensible policies that strike the right balance between protection and productivity. We understand that our customers’ various use cases require identifying not only basic sensitive data like Credit Card Number, Passport Number, or regular expression matching, but also more complicated criterion. OPSWAT Proactive DLP helps users implement data loss prevention by defining and applying policies tailored for their specific business and security posture.

We’re excited to provide a new detection policy that enables users to set advanced rules to effectively classify blocked and allowed sensitive information types. For instance, it’s now possible for users to define a rule to block files that have more than 5 social security numbers, or even a more complex rule that prevents files containing both AWS Key ID and AWS Secret Key. The following demos highlight two examples of the detection policy configuration to illustrate how you can configure rules to define exactly what you're looking for.

Demo 1 - Detection threshold

You can specify the minimum number of occurrences of the detection rule that must be reached to evaluate a file as sensitive. If a document comprises fewer occurrences of sensitive information than the specified threshold, it will not be blocked. Pre-defined sensitive data, including CCN (Credit Card Number), SSN (Social Security Number), IPV4 (Internet Protocol version 4), CIDR (Classless Inter-Domain Routing), are supported.

For example, your organization might consider documents with over 10 IP addresses a high risk. To enable Proactive DLP to detect documents fitting this criterion, you can use this query for policy: {ipv4.count} > 10

Demo 2 - AND/OR conditions

When you specify various conditions within a detection rule, Proactive DLP will detect a file as sensitive if all of these are matched. The relationship between multiple conditions within a detection rule is "AND".

For example, if you want to block files containing both AWS Key ID and AWS Secret Key, create regular expressions to find these data and a detection rule with AND: {regex.AWSAccessKey.count} > 0 and {regex.AWSSecretKey.count} > 0

Likewise, use OR clause if you want to block files that contain either AWS Key ID or AWS Secret Key.

Supported attributes: {ccn.count}, {ssn.count}, {ipv4.count}, {cidr.count}, {regex.regex_name.count}, {metadata.metadata_name.count}

For detailed configuration information, please see our user guide.

Learn more about how OPSWAT Proactive DLP can help you prevent sensitive and regulated data from leaving or entering your organization’s systems.

Contact one of our critical infrastructure cybersecurity experts for more information and assistance.

Sign up for Blog updates!
Get information and insight from the leader in advanced threat prevention.