Web DLP policy

The Web DLP “quick policy” includes the PCI policy, PHI policies, and PII policies listed in this document (including financial policies). In addition, the Web DLP policy includes several policies for the data theft attribute:

  • Common password information

    Searches for outbound passwords in plain text. The rules for this policy are:

    • Common password information
    • Common password information (Wide)
    • Common password information (Narrow)
  • Encrypted files - known format

    Searches for outbound transactions comprising common encrypted file formats. The rules for this policy are:

    • Encrypted files (known format)
  • Encrypted files - unknown format

    Searches for outbound files that were encrypted using unknown encryption formats. The rules for this policy are:

    • Encrypted files - unknown format
    • Encrypted files - unknown format (Wide)
  • IT asset information

    Searches for suspicious outbound transactions, such as those containing information about the network, credit card magnetic tracks, and database files. Rules in this policy include:

    • IT asset information (Default)
    • IT asset information (Narrow)
    • IT asset information (Wide)
  • Suspected Malware Communication
    • Identifies traffic that is thought to be malware “phoning home” or attempting to steal information. Detection is based on the analysis of traffic patterns from known infected machines. Applies only when Forcepoint Web Security is installed. Rules in this policy include:
    • Suspected Malware Communication
  • Password files

    Searches for outbound password files, such as a SAM database and UNIX / Linux passwords files. Rules in this policy include:

    • Password Files: Shadow Files
    • Password Files: Shadow Files (Wide)
    • Password Files: Password Files
    • Password Files: Password Files (Wide)
    • Password Files: SAM files
    • Password Files: General files
  • Suspicious Behavior Over Time

    Accumulates transaction data such as number of HTTP/S posts, post size, and encryption information over a period of time to search for suspicious behavior that could be indicative of malicious activity. Some rules apply only when Forcepoint Web Security is installed. Rules in this policy include:

    • Number of HTTP/S Posts per Time
    • Cumulative Post Size per Time
    • Cumulative Generic Encryption per Time