Create an information protection policy Skip Navigation

Create an information protection policy

  1. In the management console, on the menu bar, click
    Policies > User Policy
    .
  2. Click the
    Information Protection
    tab.
  3. Click
    Add Policy
    .
  4. In the
    General Information
    section, fill in the following:
    • In the
      Policy name
      field, type in a name for your policy.
    • In the
      Description
      field, type in a description for your policy.
    • In the
      Policy type
      drop-down menu, select the type of policy you are creating. Possible values for policy type are regulatory or organizational.
      • A regulatory policy type refers to the finite set of sensitive data defined by a regulation that does not necessarily change over time (for example, PCI, HIPAA, etc.).
      • An organizational policy type refers to company proprietary data where the audience for who can access the data can be constantly changing. As a result, organizational data should be classified data elements (for example, the file type, keywords, the file creator, the file creator's role, etc.).
  5. In the
    Conditions
    section, configure the conditions that will trigger a policy violation by using one of the following:
    Condition
    Description
    Add conditions using a template
    1. Click
      Add From Template
      .
    2. Click the checkbox for the templates that you want to add to your policy.
      You can filter the list of templates using the search bar.
    Add conditions using the conditions builder
    The conditions builder is comprised of
    And
    and
    Or
    statement groups. You need to use a combination of these statement groups to determine when a policy will be triggered.
    1. In the
      And
      conditions section, select the conditions from the drop-down list, then specify the minimum number of occurrences required to trigger the condition from the numeric drop-down menu.
      • If you would like to add another item to your current statement group, click
        Add Item
        .
      • If you would like to add another statement group, click
        Add Group
        .
      • If you would like to delete a statement group, click
        Delete Group
        .
    2. In the
      Or
      conditions section, select the conditions from the drop-down list, then specify the minimum number of occurrences required to trigger the condition from the numeric drop-down menu.
  6. In the
    Allowed Domains
    section, click The plus icon then select the browser domain you want to allow for you policy from the list.
  7. In the
    Allowed Email Domains
    section, select which email recipients specified in the information protection settings should be allowed for your policy.
  8. In the
    Actions
    section, from the drop-down lists, select the action to take for Web browser, USB, and email exfiltration events. Select from the following actions:
    • Report: This option reports the data exfiltration or policy violation to the
      Cylance Endpoint Security
      console that can be viewed on the Avert Events (Avert > Events) page, creates an alert in the Alerts view, and sends the events to the SIEM solution or syslog server, if configured. In addition, an email is sent to the email recipients that are specified in the Notifications (Settings > Information protection) screen.
    • Report and notify: This option reports the data exfiltration or policy violation to the
      Cylance Endpoint Security
      console and displays the data exfiltration or policy violation badge and notification in the taskbar of the endpoint for the user. 
    • Report, notify and warn: This option reports the data exfiltration or policy violation to the
      Cylance Endpoint Security
      console, displays a badge and notification in the taskbar, and adds a
      Windows
      notification in the endpoint and a popup warning to the user before the data exfiltration or policy violation occurs. For example, if a user uses
      Microsoft Outlook
      , the
      CylanceAVERT
      agent will intercept the email and display an alert in the email editor as well as a warning to the user before the sensitive data is sent. 
  9. Click
    Add
    .
    If a user has policies assigned to them, and then has all of those policies removed, the user will be deleted from
    CylanceAVERT
    .
Do any of the following:
  • You can assign a policy to users and user groups. See View CylanceAVERT user details for more information.
  • To delete an information protection policy, select the checkbox beside the policy in the list, then click
    Delete
    .
  • To edit an information protection policy, click on the policy in the list, make a change to the policy, then click
    Save
    .