I know every dlp solution is trash but help me out
Posted by FearlessAwareness469@reddit | sysadmin | View on Reddit | 8 comments
My org is going for PCI compliance and we can't have it in exchange, full PAN is a no no.
I'm editing a copy of the Microsoft default. And adding modifiers for not if these words or string. It seems to be doing better but I have to audit to see what is getting caught to put on the keyword bypass.
THE THING THAT PISSES ME OFF THE MOST IS THE EDISCOVERY.
I can send an email to myself with my own credit card number and it will pop as it fucking should on the policy. But ediscovery finds 1 object IN MY ENTIRE TENANT when I have 35 just from testing. Our Microsoft red said put in a ticket.
No mother fucker I was someone in your whole fucking org who worked on that shit to tell me why it's wrong. Wtf
kvorythix@reddit
dlp still sucks, but if you need the least painful route i'd start with blocking obvious exfil paths and tuning alerts hard
Beneficial-Gift5330@reddit
Have you tried engaging a vendor to find a usable DLP solution? A basic Google search OR a call to your largest vendor will likely yield some great options. Maybe talk to procurement? They can be useful in some scenarios
Sacrificial_Identity@reddit
Digital Guardian. It worked, it cost 350k a year or something dumb.
But it worked. It didn't need a babysitter.
Max-P@reddit
It's pretty well known a lot of DLP is generally not very effective other than very basic egregious cases. Proper deep inspection is really expensive and still just heuristics. In all cases someone can just pull out their phone, take a photo of the screen and text it out.
Just like the rest of the scareware industry, it's software you slap so legally you've shown you made an attempt at preventing it, all while investing the absolute minimum possible to be compliant. How many companies just run ClamAV to check the box?
Ideally, you shouldn't have the ability to obtain the credit card numbers to begin with. Same as with malware, my first thought is to sandbox the hell out of the applications with containers and SELinux over some invasive AV solution. Good luck persisting malware when the VM doesn't have writable storage at all and gets rebuilt weekly.
FearlessAwareness469@reddit (OP)
Thanks bot
FarmboyJustice@reddit
Microsoft's shifting their entire business model to focus primarily on compliance rather than usability.
They create layers of products which provide basic tier functionality, then they introduce new higher tiers with more capability. Then they release new things, with another new tier, and then they merge some older tiers together and redistribute functionality among the leftovers, then they rebrand it.
Every so often they throw in a broader rebranding.
This is a continuous cycle that's been going on for years. Just look back at the history of changes in 365, it's incredibly obvious.
Absolutely every aspect of everything they are doing is focused entirely on one goal: To increase shareholder value. The easiest way to do this is to create the impression in the minds of investors that they are innovating and leading.
This is done by creating a vague aura of improvement by demonstrating a continuous stream of "innovation" most of which is shuffling things around and renaming things in order to emphasize compliance over actual usability.
Sprinkle some schizophrenic AI in the mix for the marketing buzz and you've got Microsoft Copilot, powered by Copilot, featuring Copilot.
harrywwc@reddit
I'm sorry, you've mistaken them for someone who cares.
they don't.
GremlinNZ@reddit
And to round out the reply...
Have you thought about some Security Copilot?