Getting Started
1 Provisioning
Schedule Implementation Planning Session
We encourage you engage our Professional Services team prior to starting your implementation. Our engineers have a decades of expertise supporting enterprise organizations and are here to help. They can help you create an implementation plan or simply provide feedback on your existing plan.
Please contact your account team to schedule your 1-hour Implementation Planning Session.
Activate Data Loss Prevention Trial License
To activate your Trial License, log into your management portal. Then select Enforce > Data Loss Prevention > Plans & Pricing. Click Activate Trial. Do not close your browser while the activation process is running. The activation should take less than one minute, after which you will see additional tabs across the top.
Please contact your account team with questions or for technical assistance. For convenience, your account team's contact information is listed at the bottom of the Plans & Pricing page.
If the activation process fails or If the additional tabs are not visible post activation, log out of your management portal and then log in again.
If you have already purchased a Data Loss Prevention license, no further action is required. You will see "Paid" under Plans & Pricing.
2 Pre-Deployment
SPF Records
Creating a new SPF Record
Access the admin panel that is provided to you by your domain registrar to update your DNS record.
Sender Policy Framework (“SPF”) records allow you to determine which servers can send email on behalf of your domain. An SPF record is not required to use with our cloud service, however, can help improve email delivery rates by reducing the chance that the emails you send will be seen as spam. Additional information on SPF is available on the Sender Policy Framework Project website.
You can check to see if your domain already has an SPF Record using Scott Kitterman's SPF Record Testing Tool.
If your domain does not have an SPF record, you should create an SPF record as displayed below.
Modifying an SPF Record
If your domain has an existing SPF record, you can simply add the value below to your existing record
Outbound Firewall Rules
- Add the following outbound rules to your firewall.
IP/Mask | Port/Protocol |
192.198.203.80/28 | 25 / SMTP |
162.220.57.160/28 | 25 / SMTP |
3 Email Forwarding
Add Email Domain
Login to the cloud portal
Click on Data Security>Data Loss Prevention
- Click on the Configuration tab.
Click the Add Domain button located on the right side of the page.
Choose the method for verifying the domain then click OK
An Agreement Pending window will be displayed reflecting the information you have entered. The domain will become active once it has been validated.
Add Outbound IP Addresses
Scroll down to the section labeled Networks on the Configuration page
Click the Add Network button as shown above.
A drop down box will appear. Provide your e-mail server public IP address and network mask or select one of the predefined options.
Click the Add button
The new network will be submitted to Support for activation. When the configuration page is refreshed the status will indicate the network activation is pending or it is active. Contact Support if the network status is not active within 15 minutes.
Click the Activate button below Outbound Email
Create Outbound Smarthost
Update the DNS names for the smarthost in your organization's mail configuration with the following. See mail server setup instructions in below.
4 Activate DLP
Enable DLP for specific domain. Select the configuration tab and click the Disabled button.
5 Manage DLP Policies
Create new DLP policy
Navigate to tab "DLP Rules" and click the "Create New Policy" button.
Field name | Short explanation | Required | Example |
|---|---|---|---|
Policy Name | Text field | Yes | Credit Card Number Social Security Number Patient PHI |
Priority order | It is possible that message can match multiple similar patterns. | No | 2 |
Protocol | SMTP | Yes | SMTP |
| Action | log_only - Only show message in Tactical Dashboard and Incidents Log encrypt & send - Force Email Encryption quarantine - Deliver message to DLP quarantine for the review reject - Immediately bounce message to the sender | Yes | encrypt & send |
| From | Envelope sender address | Yes | * sender@domain.com *@domain.com sender@* |
| To | Envelope recipient address | Yes | * recipient@domain2.com *@domain2.com recipient@* |
Pattern | Credit Card Number - internal pattern to catch credit card number US Social Security Number - internal pattern to catch social security number | Yes | Custom |
| Custom Pattern | Specify a custom pattern. /find this text/i /find this /i && /and this/i /find this /i || /or that/i | Only for "Custom" | /confidential data/i && /\d{1,2}\/\d{1,2}\/\d{2,4}/ |
| Severity | High, Medium, Low, Info | Yes | Low |
| Subject | Specify simple pattern for a subject or full subject value | Yes | * * Corporate Information Secure * |
Email Alert | Email for alert notification | No | user@domain.com |
Copy message | An additional bcc recipient for a message | No | user@domain.com |
A change to DLP policy applied within 5 minutes.