Data Loss Prevention (DLP)

The DLP (Data Loss Prevention) Profile provides Valtix customers with the ability to specify policy rules to detect and take action upon finding exfiltration patterns in the data when the Valtix solution is deployed in the Forward Proxy (Egress) mode.

Valtix allows customers to specify common pre-packaged data patterns such as Social Security Numbers (SSN), AWS secrets, Credit Card numbers etc., in addition to custom PCRE based regular expression patterns. This makes it easy to enforce protections for PCI, PII, and PHI data to meet compliance requirements. This feature is integrated with the existing Valtix feature set requiring no separate data loss prevention (DLP) services.

The following steps will guide you through creating a DLP profile and associate it with a Policy Rule.

Create the Profile

1. Navigate to Manage -> Profiles -> Network Threats
2. Click Create Intrusion Profile
3. Select Data Loss Prevention
4. Provide a Name and Description for the profile
5. Enter the DLP FIlter List in the table. Click Add to insert more rows as needed
   • Provide a description for the filter
   • Choose a predefined static pattern (e.g CVE Number) from the dropdown list or provide a custom Regular expression
   • Provide a count to define the number of times the pattern must be seen in the traffic
   • Select an Action to take if the pattern matches the count number of times

Tech Notes

There are cases where the pre-defined pattern for AWS Access Key and AWS Secret Key doesn’t match in DLP inspection due to pattern being more restrictive. Use the following relaxed custom pattern in DLP profile to detect AWS Access Key and AWS Secret Key, but this could generate false positives log events.

AWS Access Key: (?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9]) 
AWS Secret Key: (?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=])

Associate the Profile

Check this document to create/edit rules