Create an Endpoint DLP Peripheral Control Policy Rule

1. Log in to Strata Cloud Manager.
2. Select ManageConfigurationData Loss PreventionEndpoint DLP Policy and Add Policy.
3. Configure the Basic Information.

   1. For the Policy Type, select Peripheral Control.
   2. Enter a descriptive Name for the Endpoint DLP policy rule.
   3. (Optional) Enter a Description to describe the Endpoint DLP policy rule.
   4. Select the Severity of the Enterprise DLP incident when sensitive data is moved between an endpoint and a peripheral device.
   5. Enable Policy is enabled by default and enables the Endpoint DLP policy rule after you save.

      Disable this setting if you don't want to immediately enable the Endpoint DLP policy rule after creation.
   6. Click Next to continue.
4. Configure the Scope to define which users can use peripheral devices.

   For Enterprise DLP to take the configured Response action, both Users and Peripherals must be matched.

   1. Select the Users the policy rule applies to.

      • Any Users & Groups
        Create a peripheral control policy rule that applies to all users. Additionally, you can Exclude one or more users from the peripheral control policy rule.
      • Select Users & Groups
        Create a peripheral control policy rule that applies to specific users and groups. You can configure the policy rule to apply to either specific users or user groups, or to both.
        Include
        • Select Users—Select one or more specific users to which the rule applies.
        • Select Groups—Select one or more user groups to which the rule applies.
        Exclude—Select one or more users to exclude from the peripheral control policy group. You must select at least one user group in order to exclude one or more users.
   2. Select the Peripherals you want to allow or block access to.

      You can define user access to USB devices, printers, and network shares in a single peripheral control policy rule. The access configuration for each type of peripheral device are independent of each other and can be configured as needed. For example, you can create a policy rule to block access to all USB devices, allow access to all printers, and allow access to only specific network shares you selected.

      • Any (default)—Policy rule applies all USB, printer, or network share peripherals peripherals added to Enterprise DLP.
      • Select— Policy Rule applies only to the selected peripheral devices or peripheral groups.
      • None—Policy rule doesn't apply to any USB, printer, or network share peripherals added to Enterprise DLP.
   3. Click Next to continue.
5. Configure the Response to define the action Enterprise DLP takes when a user access a blocked peripheral.

   • Action—Action Enterprise DLP takes if a User accesses a Peripheral device defined in the policy rule Scope.
     • Alert—Enterprise DLP generates a DLP incident but allows the endpoint to access the peripheral.
     • Block—Enterprise DLP generates a DLP incident and blocks the endpoint from accessing the peripheral.
   • Incident Assignee—The administrator the Enterprise DLP incident is assigned to if one is generated against the policy rule.
   • Email Notifications—Add administrators to send email notifications when an incident is generated against the policy rule.

   Click Next to continue.
6. Define the Evaluation Priority for the peripheral control policy rule in your Endpoint DLP policy rulebase.

   You can use the Priority Selection to quickly insert the peripheral control policy rule in the appropriate location in your policy rulebase hierarchy.

   click Next to continue.
7. Review the policy rule Summary to verify its configured correctly and Save.
8. Push your Endpoint Policy rule.

   1. Select Push Policies and Push Policies.
   2. (Optional) Enter a Description for the Endpoint DLP policy push.
   3. Review the Push Policies scope to understand which Endpoint DLP policy rules and peripheral group configuration changes are included in the push.
   4. Push.
9. Review your Endpoint DLP Audit and Push Logs.
10. Review your Enterprise DLP Incidents.

    A DLP incident is generated when a user moves a file from the endpoint device to the peripheral but you have blocked all access to a peripheral device type.