Data Loss Prevention Endpoint Administration

McAfee Data Loss Prevention Endpoint Administration Training Course with Exercises

The McAfee McAfee Data Loss Prevention Endpoint Administration Training course from ENO provides in-depth training on the tools you need to design, implement, configure, and use McAfee Data Loss Prevention Endpoint to safeguard intellectual property and ensure compliance. The McAfee Data Loss Prevention Endpoint Administration Training course details how this solution uses McAfee ePolicy Orchestrator for centralized management. It also explains how to monitor and address day-to-day end-user risky actions such as emailing, web posting, printing, clipboards, screen captures, device control, uploading to the cloud, and more.

Course objectives

• After completing this McAfee Data Loss Prevention Endpoint Administration Training course, attendees will be able to:

• Plan the deployment.

• Install and configure McAfee Data Loss Prevention Endpoint software on the McAfee ePolicy Orchestrator server.

• Install the McAfee Data Loss Prevention Endpoint client endpoints.

• Use classification, tagging, and protection rules to safeguard sensitive information.

• Locate information with endpoint discovery rules.

• Monitor incidents and events and generate queries and reports.

Target Audience:

This McAfee Data Loss Prevention Endpoint Administration Training course is intended for system and network administrators, security personnel, auditors, and/ or consultants concerned with network and system security.

About the Course

• Acronyms and Terms in This Course

• Locating Helpful Resources

• Intel Security Expert Center

• Lab Environment

McAfee Data Loss Prevention Endpoint Solution Overview

• Sources of Data Loss

• Causes of Data Loss

• McAfee Data Loss Prevention (DLP)

• Portfolio

• Choosing a Data Loss Prevention

• Solution

• McAfee DLP Endpoint Overview

• New/Enhanced for DLP 9.4X

• How McAfee DLPe Works

• Classify

• Track

• Protect

• Monitor

Planning a McAfee ePolicy Data Loss Prevention Endpoint Deployment

• Planning Overview

• Strategy and Goals: Internal Assessment

• Strategy and Goals: Role Assessment

• Strategy and Goals: Technical Assessment

• Strategy and Goals: Risk Assessment

• Strategy and Goals: Privacy Laws

• Classification: Sensitivity

• Classification: Methods

• Classification Scenario: Organizational Level

Planning a McAfee ePolicy Data Loss Prevention Endpoint Deployment (Continued)

• Classification Scenario: Applications

• Classification Scenario: End Users and Clients

• Classification: Find, Apply, and Enforce

• Deployment Planning

• Solution Requirements: ePO Platform

• Solution Requirements: Database

• Solution Requirements: Clients

• Supported Third-party Software

• Pilot Plan

• Post Pilot Validation and Enterprise Rollout

• Other Planning Considerations

• Resource: Deployment Planning Questionnaire

• ePO Server and Infrastructure Credentials

• Product-specific Questions

• Network Requirements

• McAfee ePO and McAfee Agent

• Microsoft SQL Server Requirements

• Client Requirements

Preparing the Enterprise Environment

• Adding Active Directory Security Groups

• Adding Users to Active Directory Security Groups

• Verifying Active Directory Group Membership

• Preparing Resource Folders

• Configuring Sharing for Resource Folders

• Configuring Permissions for Resource Folders

• Verifying Sharing Settings

• Configuring Custom Permission Entries

• Changing Folder Permissions

• Removing Inheritable Permissions from Parent

• Check Point

• Adding Permission Entries

• Verifying New Permission Entries

McAfee ePolicy Orchestrator Review

• McAfee ePO Solution Overview

• McAfee ePO Platform Requirements

• Default Ports

• Communications: Tomcat Service

• Logging into the McAfee ePO Web Interface

• Quick Tour of the McAfee ePO Web

• Interface

• Reporting Options

• Systems Options

• Policy Options

• Software Options

• Automation Options

• User Management Option

Installing McAfee Data Loss Prevention Endpoint Software

• Obtaining McAfee DLPe Software

• McAfee DLPe Software Overview

• Checking in the McAfee DLPe Package

• Installing the McAfee DLPe Extension

• Installing the McAfee DLPe License

• Verifying the McAfee DLPe Installation

Permission Sets

• Viewing and Editing DLP Server Settings

• Permission Sets Overview

• Adding New DLP Permission Sets

• Default DLP Permissions: Policy Catalog

• Default DLP Permissions: DLP Policy Manager

• Default DLP Permissions: Classifications

• Default DLP Permissions: Definitions

• Default DLP Permissions: Operational Events

• Default DLP Permissions: Case Management

• Help Desk Permissions

• Case Study: DLPe Group Admin

• Case Study: Incident Reviewer

• Case Study: Redaction Reviewer

• Creating Help Desk Permission Sets

• Permissions Exclusive to Administrator

• User Management Review

• Guidelines for Authentication Types

• Creating DLPe Users

Deploying the McAfee Data Loss Prevention Endpoint Clients

• McAfee DLPe Client Overview

• Deploying Client Software from McAfee ePO Console

• Comparing Client Software Deployment Methods

• Creating Product Deployment Project

• Creating Client Deployment Task

• DLP Endpoint Console

McAfee DLP Policy Overview and Initial Configuration

• Review:

• DLP Policies

• Rules and Rule Sets

• Definitions

• Policy Architecture

• Classification and Tagging

• Policy Overview

• McAfee DLP Client Configuration Policy Operational Modes

• Device Control and full content protection versus Device Control only

• Data Protection Modules

• Protection Settings: Whitelist

• Content Tracking

• Corporate Connectivity

• Debugging and Logging

• Evidence Copy Service

• Quarantine

• Removable Storage Protection

• Screen Capture Protection

• Web Post Protection

• User Interface Components

• McAfee DLP Policy

• Assigning Active Rule Sets

• Configuring Endpoint Discovery Scan

• Defining Global Settings

McAfee DLP Policy Manager Overview

• McAfee DLP Policy Manager Review

• Rule Sets Tab

• Types of Rules

• Policy Assignment Tab

• Definitions Tab

• Supported Definitions

• Example Data Definitions

• Example Device Control Definition

• Example Definitions: Notification

• Example Definitions: Other

• Example Definitions: Source / Destination

• Other Features

Privileged Users and End-User Group Definitions

• Overview: Privileged Users, EndUser

• Group Definitions, and Active Directory

• Registering an LDAP Server

• Active Directory Considerations

• Creating Privileged Users

• Example Privileged User

• Defining End-User Group Definitions

• Example End-User Group Definitions

• Multiple User Sessions

Device Control

• Device Control Overview

• Device Management Overview

• Device Management Overview:

• Device Classes

• Device Management Overview:

• Device Definitions

• Device Management Overview: PnP Devices

• Device Management Overview: Removable Storage

• Device Management Overview: Fixed Hard Drive

• Working with Device Classes

• Built-in Device Classes (Read-only)

• Adding New Device Class

• Locating Device GUI

• Working with Device Definitions

• Built-in Device Definitions (Readonly)

• Adding New Device Definition

• Example Conventions: Device Definitions

• Example: File System Definition

• Example: Plug and Play Device Definition

• Example: Removable Storage Device Definition

• Example: Whitelisted Plug and Play Devices

• Overriding Device Class Settings in DLP Policy

• Viewing Incidents

McAfee Device Rule Sets and Rules

• Device Rule Sets and Rules Overview

• Built-in Device Rule Sets and Rules

• Working with Device Rules

• Device Control Rule Tab

• Adding a Device Rule

• Example Conventions: Device Definitions

• Naming Conventions: Device Rules

• Citrix Device Rule Overview

• Citrix Device Rule Configuration

• Fixed Hard Drive Device Rule Overview

• Fixed Hard Drive Device Rule Configuration

• Plug and Play Device Rule Overview

McAfee Device Rule Sets and Rules (Continued)

• Plug and Play Device Rule Configuration

• Example Removable Storage File Access Device Rule

• Removable Storage File Access Device Rule Configuration

• Removable Storage File Access Device Rule Configuration

• TrueCrypt Device Rule Overview

• TrueCrypt Device Rule Configuration

• Case Studies

Content Protection Overview

• Data Protection Overview

• Defining a Protection Strategy

• Business Requirements

• Rule Architecture

• Is Classification Criteria Sufficient?

• Is Tagging Criteria Needed?

• What are the Rule Parameters?

• What is the Desired Result or Outcome?

• Review: Definitions

• Example Conventions

• Data - File Extension Definition

• Notification – Justification Definition

• Notification – User Notification Definition

• Configuring Notification Placeholders

• Application Template Definition

• Email Address Definition

• Local Folder Definition

• Network Address (IP address) Definition

• Network Port Definition

• Network Printer Definition

• Network Share Definition

• Process Name Definition

• URL List Definition

• Window Title Definition

• Bringing it All Together

• Creating a Protection Rule

• Naming Conventions: Data Protection Rules

Content Classification and Tagging

• Classification Review

• Tag Propagation

• Tagging Rules

• More on Tagging

• Creating Classification Criteria

• Example Classifications and Criteria

• Creating Tagging Criteria

• Manual Classification

• Register Documents

• Whitelisted Text

Removable Storage Protection

• Removable Storage Protection Overview

• Removable Storage Protection Advanced Options

• Protect TrueCrypt Local Disks Mounts

• Portable Devices Handler (Media Transfer Protocol)

• Advanced File Copy Protection Deletion Mode

• Removable Storage Protection Use Case

• Example Configuration

• User Notification

Email Protection

• Email Protection Overview

• Client Configuration Guidelines

• Third-party Email Classification

• Use Case

• Example Configuration

Web Protection

• Web Protection Overview

• Browsers

• Client Configuration Guidelines

• Use Case

• Example Configuration

Printer Protection

• Printer Protection Overview

• Client Configuration Guidelines

• Use Case

• Example Configuration

Screen Capture Protection

• Screen Capture Protection Overview

• Applications Protected

• Use Case

• Example Configuration

Clipboard Protection

• Clipboard Protection Overview

• Use Case

• Example Configuration

Cloud Protection

• Cloud Protection Overview

• Use Case

• Example Configuration

Application File Access Protection

• Application File Access Protection Overview

• Use Case

• Example Configuration

Endpoint Discovery

• Endpoint Discovery Overview

• Running the Discovery Crawler

• Verifying Discovery Settings

• Discovery Rule Sets and Rules

• Demonstration

• Creating a Discovery Rule

• Scheduler Definition

• Creating Scheduler Definition

• Example Scheduler Definition

• Scheduler Definition Fields

• Naming Conventions: Endpoint Discovery Rules

• Setting up a Discovery Scan

• Example Endpoint Scan Configuration

• Quarantined Files or Email Items

Monitoring and Reporting

• DLP Incident Manager

• DLP Incident Manager: Incident List

• DLP Incident Manager: Incident Tasks

• DLP Incident Manager: Incident History

• DLP Operational Events

• Creating Set Reviewer Rule

• Creating Automatic Mail Notification Rule

• DLP Case Management

• Creating Cases

• Create a Set Reviewer Task

• DLP Server Tasks

• Working with Server Tasks

• Queries Overview

• Data Loss Prevention Queries

• Creating Queries

• Data Loss Prevention Reports

Monitoring and Reporting (Continued)

• Creating Reports

• Working with Reports

• DLP Dashboards

• DLP Dashboards

• Working with Dashboards and Monitors

Basic Troubleshooting

• Diagnostic Tool Overview

• Generating Client Bypass Key

• Diagnostic Tool Layout and Design

• General Information Tab

• DLPE Modules Tab

• Data Flow Tab

• Tools Tab

• Process List

• Devices Tab

• Active Policy Tab

• Policy Tuning: High CPU Use

• Policy Tuning: Tagging

• Debug Logging

About the Course

• Acronyms and Terms in This Course

• Locating Helpful Resources

• Intel Security Expert Center

• Lab Environment

McAfee Data Loss Prevention Endpoint Solution Overview

• Sources of Data Loss

• Causes of Data Loss

• McAfee Data Loss Prevention (DLP)

• Portfolio

• Choosing a Data Loss Prevention

• Solution

• McAfee DLP Endpoint Overview

• New/Enhanced for DLP 9.4X

• How McAfee DLPe Works

• Classify

• Track

• Protect

• Monitor

Planning a McAfee ePolicy Data Loss Prevention Endpoint Deployment

• Planning Overview

• Strategy and Goals: Internal Assessment

• Strategy and Goals: Role Assessment

• Strategy and Goals: Technical Assessment

• Strategy and Goals: Risk Assessment

• Strategy and Goals: Privacy Laws

• Classification: Sensitivity

• Classification: Methods

• Classification Scenario: Organizational Level

Planning a McAfee ePolicy Data Loss Prevention Endpoint Deployment (Continued)

• Classification Scenario: Applications

• Classification Scenario: End Users and Clients

• Classification: Find, Apply, and Enforce

• Deployment Planning

• Solution Requirements: ePO Platform

• Solution Requirements: Database

• Solution Requirements: Clients

• Supported Third-party Software

• Pilot Plan

• Post Pilot Validation and Enterprise Rollout

• Other Planning Considerations

• Resource: Deployment Planning Questionnaire

• ePO Server and Infrastructure Credentials

• Product-specific Questions

• Network Requirements

• McAfee ePO and McAfee Agent

• Microsoft SQL Server Requirements

• Client Requirements

Preparing the Enterprise Environment

• Adding Active Directory Security Groups

• Adding Users to Active Directory Security Groups

• Verifying Active Directory Group Membership

• Preparing Resource Folders

• Configuring Sharing for Resource Folders

• Configuring Permissions for Resource Folders

• Verifying Sharing Settings

• Configuring Custom Permission Entries

• Changing Folder Permissions

• Removing Inheritable Permissions from Parent

• Check Point

• Adding Permission Entries

• Verifying New Permission Entries

McAfee ePolicy Orchestrator Review

• McAfee ePO Solution Overview

• McAfee ePO Platform Requirements

• Default Ports

• Communications: Tomcat Service

• Logging into the McAfee ePO Web Interface

• Quick Tour of the McAfee ePO Web

• Interface

• Reporting Options

• Systems Options

• Policy Options

• Software Options

• Automation Options

• User Management Option

Installing McAfee Data Loss Prevention Endpoint Software

• Obtaining McAfee DLPe Software

• McAfee DLPe Software Overview

• Checking in the McAfee DLPe Package

• Installing the McAfee DLPe Extension

• Installing the McAfee DLPe License

• Verifying the McAfee DLPe Installation

Permission Sets

• Viewing and Editing DLP Server Settings

• Permission Sets Overview

• Adding New DLP Permission Sets

• Default DLP Permissions: Policy Catalog

• Default DLP Permissions: DLP Policy Manager

• Default DLP Permissions: Classifications

• Default DLP Permissions: Definitions

• Default DLP Permissions: Operational Events

• Default DLP Permissions: Case Management

• Help Desk Permissions

• Case Study: DLPe Group Admin

• Case Study: Incident Reviewer

• Case Study: Redaction Reviewer

• Creating Help Desk Permission Sets

• Permissions Exclusive to Administrator

• User Management Review

• Guidelines for Authentication Types

• Creating DLPe Users

Deploying the McAfee Data Loss Prevention Endpoint Clients

• McAfee DLPe Client Overview

• Deploying Client Software from McAfee ePO Console

• Comparing Client Software Deployment Methods

• Creating Product Deployment Project

• Creating Client Deployment Task

• DLP Endpoint Console

McAfee DLP Policy Overview and Initial Configuration

• Review:

• DLP Policies

• Rules and Rule Sets

• Definitions

• Policy Architecture

• Classification and Tagging

• Policy Overview

• McAfee DLP Client Configuration Policy Operational Modes

• Device Control and full content protection versus Device Control only

• Data Protection Modules

• Protection Settings: Whitelist

• Content Tracking

• Corporate Connectivity

• Debugging and Logging

• Evidence Copy Service

• Quarantine

• Removable Storage Protection

• Screen Capture Protection

• Web Post Protection

• User Interface Components

• McAfee DLP Policy

• Assigning Active Rule Sets

• Configuring Endpoint Discovery Scan

• Defining Global Settings

McAfee DLP Policy Manager Overview

• McAfee DLP Policy Manager Review

• Rule Sets Tab

• Types of Rules

• Policy Assignment Tab

• Definitions Tab

• Supported Definitions

• Example Data Definitions

• Example Device Control Definition

• Example Definitions: Notification

• Example Definitions: Other

• Example Definitions: Source / Destination

• Other Features

Privileged Users and End-User Group Definitions

• Overview: Privileged Users, EndUser

• Group Definitions, and Active Directory

• Registering an LDAP Server

• Active Directory Considerations

• Creating Privileged Users

• Example Privileged User

• Defining End-User Group Definitions

• Example End-User Group Definitions

• Multiple User Sessions

Device Control

• Device Control Overview

• Device Management Overview

• Device Management Overview:

• Device Classes

• Device Management Overview:

• Device Definitions

• Device Management Overview: PnP Devices

• Device Management Overview: Removable Storage

• Device Management Overview: Fixed Hard Drive

• Working with Device Classes

• Built-in Device Classes (Read-only)

• Adding New Device Class

• Locating Device GUI

• Working with Device Definitions

• Built-in Device Definitions (Readonly)

• Adding New Device Definition

• Example Conventions: Device Definitions

• Example: File System Definition

• Example: Plug and Play Device Definition

• Example: Removable Storage Device Definition

• Example: Whitelisted Plug and Play Devices

• Overriding Device Class Settings in DLP Policy

• Viewing Incidents

McAfee Device Rule Sets and Rules

• Device Rule Sets and Rules Overview

• Built-in Device Rule Sets and Rules

• Working with Device Rules

• Device Control Rule Tab

• Adding a Device Rule

• Example Conventions: Device Definitions

• Naming Conventions: Device Rules

• Citrix Device Rule Overview

• Citrix Device Rule Configuration

• Fixed Hard Drive Device Rule Overview

• Fixed Hard Drive Device Rule Configuration

• Plug and Play Device Rule Overview

McAfee Device Rule Sets and Rules (Continued)

• Plug and Play Device Rule Configuration

• Example Removable Storage File Access Device Rule

• Removable Storage File Access Device Rule Configuration

• Removable Storage File Access Device Rule Configuration

• TrueCrypt Device Rule Overview

• TrueCrypt Device Rule Configuration

• Case Studies

Content Protection Overview

• Data Protection Overview

• Defining a Protection Strategy

• Business Requirements

• Rule Architecture

• Is Classification Criteria Sufficient?

• Is Tagging Criteria Needed?

• What are the Rule Parameters?

• What is the Desired Result or Outcome?

• Review: Definitions

• Example Conventions

• Data - File Extension Definition

• Notification – Justification Definition

• Notification – User Notification Definition

• Configuring Notification Placeholders

• Application Template Definition

• Email Address Definition

• Local Folder Definition

• Network Address (IP address) Definition

• Network Port Definition

• Network Printer Definition

• Network Share Definition

• Process Name Definition

• URL List Definition

• Window Title Definition

• Bringing it All Together

• Creating a Protection Rule

• Naming Conventions: Data Protection Rules

Content Classification and Tagging

• Classification Review

• Tag Propagation

• Tagging Rules

• More on Tagging

• Creating Classification Criteria

• Example Classifications and Criteria

• Creating Tagging Criteria

• Manual Classification

• Register Documents

• Whitelisted Text

Removable Storage Protection

• Removable Storage Protection Overview

• Removable Storage Protection Advanced Options

• Protect TrueCrypt Local Disks Mounts

• Portable Devices Handler (Media Transfer Protocol)

• Advanced File Copy Protection Deletion Mode

• Removable Storage Protection Use Case

• Example Configuration

• User Notification

Email Protection

• Email Protection Overview

• Client Configuration Guidelines

• Third-party Email Classification

• Use Case

• Example Configuration

Web Protection

• Web Protection Overview

• Browsers

• Client Configuration Guidelines

• Use Case

• Example Configuration

Printer Protection

• Printer Protection Overview

• Client Configuration Guidelines

• Use Case

• Example Configuration

Screen Capture Protection

• Screen Capture Protection Overview

• Applications Protected

• Use Case

• Example Configuration

Clipboard Protection

• Clipboard Protection Overview

• Use Case

• Example Configuration

Cloud Protection

• Cloud Protection Overview

• Use Case

• Example Configuration

Application File Access Protection

• Application File Access Protection Overview

• Use Case

• Example Configuration

Endpoint Discovery

• Endpoint Discovery Overview

• Running the Discovery Crawler

• Verifying Discovery Settings

• Discovery Rule Sets and Rules

• Demonstration

• Creating a Discovery Rule

• Scheduler Definition

• Creating Scheduler Definition

• Example Scheduler Definition

• Scheduler Definition Fields

• Naming Conventions: Endpoint Discovery Rules

• Setting up a Discovery Scan

• Example Endpoint Scan Configuration

• Quarantined Files or Email Items

Monitoring and Reporting

• DLP Incident Manager

• DLP Incident Manager: Incident List

• DLP Incident Manager: Incident Tasks

• DLP Incident Manager: Incident History

• DLP Operational Events

• Creating Set Reviewer Rule

• Creating Automatic Mail Notification Rule

• DLP Case Management

• Creating Cases

• Create a Set Reviewer Task

• DLP Server Tasks

• Working with Server Tasks

• Queries Overview

• Data Loss Prevention Queries

• Creating Queries

• Data Loss Prevention Reports

Monitoring and Reporting (Continued)

• Creating Reports

• Working with Reports

• DLP Dashboards

• DLP Dashboards

• Working with Dashboards and Monitors

Basic Troubleshooting

• Diagnostic Tool Overview

• Generating Client Bypass Key

• Diagnostic Tool Layout and Design

• General Information Tab

• DLPE Modules Tab

• Data Flow Tab

• Tools Tab

• Process List

• Devices Tab

• Active Policy Tab

• Policy Tuning: High CPU Use

• Policy Tuning: Tagging

• Debug Logging