The application applies data leakage protection categories in email messages. Data categories contain criteria that the application uses to recognize data that are covered by the organization's security policy.
Before using categories, read the basic terms:
Data category. A set of data united with a common feature or subject and corresponding to specific criteria (e.g., a combination of words used in text in a certain order). The application uses data categories for recognizing information in outgoing and internal email messages. The application allows using preset Kaspersky Lab data categories and creating custom data categories.
Kaspersky Lab categories. Predefined data categories developed by Kaspersky Lab specialists. Categories can be updated during application database updates. A security officer cannot modify or delete those predefined categories.
Quotations from documents. Text fragments from documents that must be protected against leakage.
Document templates. Files with text data used as patterns for creation of new documents. The application protects against leakage all documents that have been created on the basis of those templates.
Keywords. Word, phrase, or set of characters that the application finds to recognize data in outgoing and internal email messages that must be protected against leakage. Keywords can be added to data categories.
Table data. Information organized in a table format that must be protected against leakage. Table data is processed in Kaspersky Security using CSV (Comma Separated Values) files.
Special recipients. A data category designed for monitoring the sending of any data to the addresses of recipients specified in this category. The application monitors all email messages sent to the specified email addresses.
Handling data categories
To start using the program for data leakage control, you need to analyze the data that must be protected against leakage and then distribute those data by categories using the following procedure:
Select data that are covered by the organization's security policy and distribute them by groups using common criteria (for example, accounting records, personal records, or innovations). Find the criteria with which those data differ among others (for example, the data are stored in tables, or they contain the names of new technologies and products).
Using the selected criteria and common features, select category types for data recognition:
To recognize information by the most popular data categories (for example, medical data, personal data, or banking data), use preset Kaspersky Lab categories.
To recognize text fragments precisely, use categories with quotations from documents. You manually add to a category documents from which quotations need to be tracked. The application recognizes quotations from documents by comparing data in the category against data transferred in email messages.
To recognize documents that have been created using templates, use categories with document templates. You manually add to a category files with text data that need to be tracked.
To recognize text information (such as details of the organization's technologies and workflows), use keyword categories. You add keywords to the category manually. The application recognizes the data by keywords or expressions, selecting them from multiple keywords that have been specified in the category settings.
To recognize information stored in tables (such as personal records of employees or information about their wages), use table data categories. You add table data to the category manually. The application recognizes the data by the number of matches with table cells that has been specified in the category settings.
If you want the application to use the newly created data categories for data leakage protection, you need to create policies based on those categories.
New categories and changes made to the categories are applied within 30 minutes to all Security Servers with the DLP Module installed.