Enabling DLP

DLP may be enabled for any virtual path (see Defining virtual paths). This gives you the power and flexibility to limit DLP at the directory, user or group level depending on your needs.

 

To enable DLP for a virtual path, select the virtual path and click Edit.  Next, click the Enable DLP option followed by the Settings button to define which DLP functionality should be applied to the virtual path.

 

clip0150

 

DLP functionality can be availed through either of these two options:

 

  • Via the built-in DLP processor, or

  • Via an external provider using an ICAP service

 

Using the built-in DLP processor

 

To use the built-in DLP processor, select Use Rules. To use the external provider, select Use ICAP.

 

clip0269

 

When you select the Use Rules option and click on the Rules button, you'll be presented with a list of DLP rules (if any exist). See Creating DLP Rules.

 

clip0151

 

Rules are processed in order.  The first rule to match determines access level.  Use the "Up" and "Down" buttons to change the order in which rules are processed.

 

To add a rule, click the Add button. You'll then be asked to specify the DLP entry parameters.

 

clip0152

 

DLP rule - The DLP rule to add.

 

Access - The level of access to grant when DLP rule regular expression is matched. The allow all option allows access and raises a DLP Rule Matched trigger event.  The deny all option denies access and raises a DLP Rule Matched trigger event.  The deny ad-hoc option denies access to email recipients via ad-hoc file transfer and raises a DLP Rule Matched event.

 

Enabled - Enables/disables DLP rule.

 

Using an ICAP service

 

When you choose Use ICAP, MFT Server will act as a DLP client. Meaning, it will send requests to an ICAP server to determine whether content violates any DLP rules. Unlike in the previous option (which uses the built-in DLP processor) where the rules reside in MFT Server, the rules reside on the DLP server.

 

The allow all option allows access and raises a DLP Rule Matched trigger event. The deny all option denies access and raises a DLP Rule Matched trigger event.  The deny ad-hoc option denies access to email recipients via ad-hoc file transfer and raises a DLP Rule Matched event.