Rapidly evolving external threats Potential loss of sensitive data Keeping email safe without impacting users Gartner Report: IT Governance, Risk, and Compliance Management Solutions Author: Trent Henry Published: 28 December 2011 Protect communications Transport rules Rights management Data Loss Prevention Conditions Actions Conditions Actions Exceptions Exceptions New options Rules can be configured to run for a specific time period time Rules can be run in Test Mode New filters Total message size Attachment extension keyword matching Sender IP address New actions Criteria based routing Forced TLS routing Halt processing of remaining rules on a message. (“Stop processing rules”.) Data Protection in motion Data Protection in motion Information can be protected with RMS at rest or in motion Data protection at rest Data protection at rest Data protection at rest Data protection at rest Apply RMS to content RMS can be applied to Emails RMS can be applied to SharePoint libraries Files are protected if they are viewed using Webapps or downloaded to a local machine RMS can be applied to any Office documents identify monitor protect Content to monitor User action Mail flow actions contains Credit cards EU debit cards Transport rule conditions DLP specific condition DLP specific action – Policy Tip Transport rule actions Exceptions Confidence score Proximity specification Identifier contains Functions/ regular expressions Corroborative evidence Keywords/ functions Transport rule agent Integrated into Exchange Transport Rule (ETR) engine Text extraction Runs in categorizer during OnResolvedMessage Classification Integrated as a new ETR Predicate Performs text extraction for body & attachments followed by classification Can be combined with any existing Predicates & Actions Content analysis process Get Content Joseph F. Foster Visa: 4485 3647 3952 7352 Expires: 2/2012 RegEx Analysis 4485 3647 3952 7352  a 16 digit number is detected Function Analysis 1. 4485 3647 3952 7352  matches checksum 2. 1234 1234 1234 1234  does NOT match Additional Evidence 1. Keyword Visa is near the number 2. A regular expression for date (2/2012) is near the number Verdict 1. There is a regular expression that matches a check sum 2. Additional evidence increases confidence Examples Empower users to manage their compliance Contextual policy education Doesn’t disrupt user workflow Scans email subject, body and attachments Can work even when disconnected Admin customizable text and actions Mailbox Server policy evaluation Audit & incident data generation DLP policy configuration Administrator Contextual policy Outlook policy education indistribution Outlook Outlook < [email protected] > Audit data Katie, [email protected] Classification Rule details [email protected] Comprehensive view of DLP policy performance Downloadable excel workbook Drill into specific departures from policy to gain business insights Country US Germany UK Canada France Japan Australia PII Financial US State Security Breach Laws, US State Social Security Laws, COPPA GLBA & PCI-DSS (Credit, Debit Card, Checking and Savings, ABA, Swift Code) EU data protection, Drivers License, Passport National Id EU Credit, Debit Card, IBAN, VAT, BIC, Swift Code Data Protection Act, UK National Insurance, Tax Id, UK Driver License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code PIPED Act, Social Insurance, Drivers License Credit Card, Swift Code EU data protection, Data Protection Act, National Id (INSEE), Drivers License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code PIPA, Resident Registration, Social Insurance, Passport, Driving License Credit Card, Bank Account, Swift Code Drivers License, Passport, Social Insurance Credit Card, Bank Account, Swift Code Health Limited Investment: US HIPPA, UK Health Service, Canada Health Insurance card Rely on Partners and ISVs DLP extensibility points MessageStats Business Insights from Dell Education experience in Outlook 2013 Available in Exchange Server and Office 365 Out of the box DLP policy templates Predefined sensitive content types Support for 3rd party defined DLP policy templates DLP administration in Exchange Admin Center Rich reporting Protect communications Basic level of built-in anti-malware and enhanced spam filtering to help protect your email environment from threats Enforce policy Data loss prevention (DLP) controls that can detect sensitive data in email before it is sent and automatically block, hold or notify the sender Simplify management Unified administration of anti-spam, anti-malware and data loss prevention within Exchange Exchange 2013 DLP introduction http://blogs.technet.com/b/exchange/archive/2012/09/28/introducing-data-loss-prevention-in-the-new-exchange.aspx http://technet.microsoft.com/en-us/library/jj150527.aspx DLP policy templates http://technet.microsoft.com/en-us/library/jj657730 Managing DLP policies http://technet.microsoft.com/en-us/library/jj673559 OOB DLP policy templates http://technet.microsoft.com/en-us/library/jj150530 Policy tips in Exchange 2013 http://technet.microsoft.com/en-us/library/jj150512 Supported file types http://technet.microsoft.com/en-us/library/jj674307 All statements in this report attributable to Gartner represent Microsoft interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice.