As a Virtru administrator, you can leverage Virtru's DLP rules to dictate how Virtru will behave when certain content is found in your users' outgoing emails. You'll configure and manage these rules from the Virtru Control Center's Email Rules page.
The different types of rule and their associated actions are described below.
Note about Default Email Rules
The default ("Stock" or "Outbound") Email Rules (DLP) only scan the email body. This does not include attachment content. Custom rules can be created to scan attachment content. HIPAA Rules (some subscriptions only) can also be modified to scan attachment contents.
Text Pattern Rules
The rules listed under "When I type these text patterns..." use Regular Expressions (RegEx) to match consistently formatted number and text patterns. The default patterns included with Virtru are Social Security Number, Credit Card Number, IP Address, Federal Employee Identification Number (EIN), and Possibly Sensitive.
- Social Security Number: Triggers on any number string that could potentially be a Social Security Number.
- Credit Card Number: Triggers on any number string that could potentially be a Credit Card Number.
- IP Address: Triggers on any number string that could potentially be an IP Address.
- Federal Employee Identification Number (EIN): Triggers on any number string that could potentially be a Federal Employee Identification Number (EIN).
- Possibly Sensitive: A more generic rule than the others will flag a variety of different number patterns. This may result in a high volume of false-positive flags, so only use this rule if your needs can't be met with other rule options.
Rules in the "When I type these keywords..." section are triggered by a precise match with a listed keyword (with one exception - see below). You can add your own keywords to this list by clicking the + icon in the bottom row. A list of keywords can be added at once by comma-separating the entries.
In addition to the phrase "non disclosure agreement", the Non Disclosure Agreement rule will trigger on "nda", "n.d.a.", and "non-disclosure agreement".
The "When I send to..." section allows you to specify an action based on the recipient of the email. This can be configured either by exact email address or by domain name. Email addresses and domains cannot be added in bulk; entering a list will result in only the first item being added to your rules.
Rules in the Text Patterns, Keywords, and Recipients sections can be assigned to take one of three possible actions when the rule is triggered.
An Encrypt rule will encrypt the email automatically as soon as the user hits Send. They'll see the Virtru encryption animation without any option to have the email go out unencrypted.
A rule set to Warn will trigger an alert to the end user when they click "Send". The warning dialog will provide exactly what the offending text is. The end user has the option to either send the message encrypted ("Protect and Send"), or disregard the warning and send unencrypted ("Send Anyway").
A Log Only rule will take no noticeable action on an outgoing email. If the email is being sent unencrypted, the rule will have no effect at all. If the email is sent encrypted, however, any Log Only rules triggered by that email will be logged in that email's Validation Report in the Virtru Control Center.
Log Only rules cannot be used to override or create exceptions to other rules; they simply do not take an action. For example, a rule set to "Log Only" the Social Security number 123-45-6789 will not prevent that sequence from being flagged by another SSN rule.
To perform more complex DLP operations - including multiple scan parameters, multiple actions, and additional action types - you'll want to use a Custom Rule.
More information on creating Custom Rules can be found in this article: Virtru Control Center: Creating Custom DLP Rules
An important note about DLP Rules:
All DLP rules (stock or custom) run independently of one another. If multiple rules trigger, then the most secure rule will win. For example, if one rule is triggered and set to ‘log’ only, but another rule is triggered and set to ‘encrypt’, then the message will encrypt as that is more secure.