Create an information protection policy

  1. In the management console, on the menu bar, click Policies > User Policy.
  2. Click the Information Protection tab.
  3. Click Add Policy.
  4. In the General Information section, do these actions:
    • In the Policy name field, type in a name for your policy.
    • In the Description field, type in a description for your policy.
    • In the Policy type list, select the type of policy you are creating. Possible values for policy type are regulatory or organizational.
      • A regulatory policy type refers to the finite set of sensitive data defined by a regulation that does not necessarily change over time (for example, PCI, HIPAA, etc.).
      • An organizational policy type refers to company proprietary data where the audience for who can access the data can be constantly changing. As a result, organizational data should be classified data elements (for example, the file type, keywords, the file creator, the file creator's role, etc.).
  5. In the Conditions section, configure the conditions that will trigger a policy violation by using one of these:

    Condition

    Description

    Add conditions using a template
    1. Click Add From Template.
    2. Click the checkbox for the templates that you want to add to your policy.
      Note: You can filter the list of templates using the search bar.

    Add conditions using the conditions builder
    Note: The conditions builder is comprised of And and Or statement groups. You need to use a combination of these statement groups to determine when a policy will be triggered.
    1. In the And conditions section, select the conditions from the list, then specify the minimum number of occurrences required to trigger the condition from the numeric list.
      • If you would like to add another item to your current statement group, click Add Item.
      • If you would like to add another statement group, click Add Group.
      • If you would like to delete a statement group, click Delete Group.
    2. In the Or conditions section, select the conditions from the list, then specify the minimum number of occurrences required to trigger the condition from the numeric menu.
  6. In the Allowed Domains section, click The plus icon then select the browser domain you want to allow for you policy from the list.
  7. In the Allowed Email Domains section, select which email recipients specified in the information protection settings should be allowed for your policy.
  8. In the Actions section, from the lists, select the action to take for Web browser, USB, and email exfiltration events. Select from these actions:
    • Report: This option reports the data exfiltration or policy violation to the Aurora Endpoint Security console that can be viewed on the Avert Events (Avert > Events) page, creates an alert in the Alerts view, and sends the events to the SIEM solution or syslog server, if configured. In addition, an email is sent to the email recipients that are specified in the Notifications (Settings > Information protection) screen.
    • Report and notify: This option reports the data exfiltration or policy violation to the Aurora Endpoint Security console and displays the data exfiltration or policy violation badge and notification in the taskbar of the endpoint for the user. 
    • Report, notify and warn: This option reports the data exfiltration or policy violation to the Aurora Endpoint Security console, displays a badge and notification in the taskbar and adds a Windows notification in the endpoint and a pop-up warning to the user before the data exfiltration or policy violation occurs. For example, if a user uses Microsoft Outlook, the CylanceAVERT agent will intercept the email and display an alert in the email editor as well as a warning to the user before the sensitive data is sent. 
  9. Click Add.
    Note: If a user has policies assigned to them, and then has all of those policies removed, the user will be deleted from CylanceAVERT.
Do any of these actions:
  • You can assign a policy to users and user groups. See View CylanceAVERT user details for more information.
  • To delete an information protection policy, select the checkbox beside the policy in the list, then click Delete.
  • To edit an information protection policy, click on the policy in the list, make a change to the policy, then click Save.