Host DLP Implementation Plan

Irrespective of the vendor product you select for your host DLP, following steps can be used to successfully implement DLP in your organization.  Define focus area First and the most important step is to define your focus area. Depending on the size of the organization, DLP implementations could take up to six months to one year easily. You can't start deploying DLP in the whole organization at once. The approach should be to start with limited scope and then gradually expand to the...

Read More

How to integrate Firemon with Active Directory to authenticate users

How to integrate Firemon with Active Directory to authenticate users Steps that need to be followed on the Microsoft Certificate Authority                                                                      Converting the .CER certificate to .DER certificate Log on to https://www.sslshopper.com/ssl-converter.html...

Read More

MCAFEE HOST DLP WORKFLOW

MCAFEE HOST DLP WORKFLOW ...

Read More

McAfee host DLP step by step installation and configuration in ePO

This post assumes that you have already installed and setup McAfee ePolicy Orchestrator on a standalone or cluster mode. Step 1:  Disable internet explorer enhanced security configurations as shown in below screen shot. Step 2: Normal 0 false false false EN-US X-NONE X-NONE ...

Read More

Mcafee Nitro SIEM "Out of hours activity" rule customization in ADM

Monitoring out of office hours activity is important to identify malicious activities in your network. However it is important to not leave this ADM rule on its default settings but optimize it according to your environment. With default settings, the rule might trigger hundreds of thousands of events that shouldn't actually be triggering under this category. Moreover there are many correlation rules that will trigger based on out of hours activity rule events. Not optimizing this rule properly...

Read More

Mcafee Host DLP client end troubleshooting

Mcafee Host DLP client end troubleshooting In order to check if the policies applied in the ePO DLP are applied at the client end or not, there is a utility provided by the Mcafee. Click here to download Mcafee Nitro DLP Diagnostic utility There are 32bit and 64 bit versions of this diagnostic tool. Use the one that best suits your requirements. When you double click to run the Diagnostic utility, you will be asked to enter a VALIDATION CODE. You will have to generate the Validation...

Read More

How to test if Mcafee Host DLP policies are applied to the end machines

How to test if Mcafee Host DLP policies are applied to the end machines In order to check the status of the policies that have been applied to the end machine , you can navigate to the active policy tab this way you will be able to verify which policies have been applied to the end machine or not. We can see which Tagging rules, Classification rules, Protection and Discovery rules have been applied. We can also check the Relevant Policy Definitions that have been applied to the...

Read More

How to test Classification and Tagging and Test Evidence

How to test Classification and Tagging and Test Evidence We can also try to verify if our Classification and Tagging policy has been applied properly or not. For this we make use of the DLP Diagnostic tool , we can download and set it up by following this post already shared. Go to the TOOLS tab in the Mcafee DLP Diagnostic tool. SCENARIO TO TEST Suppose we have the following scenario. We want to tag our documents with the following keywords "finance", "tender", "contract"....

Read More