As a Virtru administrator, you can leverage Virtru's DLP rules to dictate how Virtru will behave when certain content is found in your users' outgoing emails. You'll configure and manage these rules from the Virtru Control Center's Email Rules page. DLP rules are supported by all of our email products, except our mobile apps (iOS, Android).
The different types of rule and their associated actions are described below.
Important Notes about Email Rules
- The default ("Stock" or "Outbound") Email Rules (DLP) only scan the email body. This does not include attachment content. Custom rules can be created to scan attachment content. HIPAA Rules (some subscriptions only) can also be modified to scan attachment contents.
- All DLP rules (stock or custom) run independently of one another. If multiple rules trigger, then the most secure rule will win. This behavior cannot be changed by admins or users. For example, if one rule is triggered and set to ‘log only’, but another rule is triggered and set to ‘encrypt’, then the message will encrypt as that is more secure.
- Rule changes may not be automatically pulled in immediately but can be manually refreshed. For more details: How Long Does it Take DLP Rule Updates to Take Effect?
Text Pattern Rules
The rules listed under "When I type these text patterns..." use Regular Expressions (RegEx) to match consistently formatted number and text patterns. The default patterns included with Virtru are Social Security Number, Credit Card Number, IP Address, Federal Employee Identification Number (EIN), and Possibly Sensitive.
- Social Security Number: Triggers on any number string that could potentially be a Social Security Number.
- Credit Card Number: Triggers on any number string that could potentially be a Credit Card Number.
- IP Address: Triggers on any number string that could potentially be an IP Address.
- Federal Employee Identification Number (EIN): Triggers on any number string that could potentially be a Federal Employee Identification Number (EIN).
- Possibly Sensitive: A more generic rule than the others will flag a variety of different number patterns. This may result in a high volume of false-positive flags, so only use this rule if your needs can't be met with other rule options.
To view the associated regex pattern in use by the rule, you can click the expand arrow on the left.
Rules in the "When I type these keywords..." section are triggered by a precise match with a listed keyword (with one exception - see below).
In addition to the phrase "non disclosure agreement", the Non Disclosure Agreement rule will trigger on "nda", "n.d.a.", and "non-disclosure agreement".
Rules in the stock text patterns and keyword sections can be assigned to take one of four possible actions when the rule is triggered.
A Block rule will stop an email from going out altogether. Note: this function is only compatible with the Virtru for Gmail plugin and Customer-Hosted Gateway users. Gmail users will receive an alert providing details on the block and instructions to remove the sensitive content. Customer-Hosted Gateway users will receive a bounce message.
An Encrypt rule will encrypt the email automatically as soon as the user hits Send. They'll see the Virtru encryption animation without any option to have the email go out unencrypted.
A rule set to Warn will trigger an alert to the end user when they click "Send". The warning dialog will provide exactly what the offending text is. The end user has the option to either send the message encrypted ("Protect and Send"), or disregard the warning and send unencrypted ("Send Anyway").
A Log Only rule will take no noticeable action on an outgoing email. If the email is being sent unencrypted, the rule will have no effect at all. If the email is sent encrypted, however, any Log Only rules triggered by that email will be logged in that email's Validation Report in the Virtru Control Center.
Log Only rules cannot be used to override or create exceptions to other rules; they simply do not take an action. For example, a rule set to "Log Only" the Social Security number 123-45-6789 will not prevent that sequence from being flagged by another SSN rule.
You can also fully disable a rule by toggling it off in "Enabled" column (grey = off).
To perform more complex DLP operations - including multiple scan parameters, multiple actions, and additional action types - you'll want to use a Custom Rule, which can be created using the Custom Rule Builder button at the top of the page.
More information on creating Custom Rules can be found in this article: Virtru Control Center: Creating Custom DLP Rules
To quickly view the conditions for a custom rule, you can click the expand arrow on the left.
To view all rule actions and/or modify the rule, you can click the pencil icon to edit
To delete a custom rule, select the trash can icon and click OK to confirm
At the top of the page, there is a search option that allows you to filter your rules by title keywords.