RSA Data Loss Prevention Administration

Contact PI


  • classroom

  • virtual

  • Onsite

← Continue Searching

Duration: 4 Days

In this course, you will gain comprehensive instruction on the administration and configuration of the RSA Data Loss Prevention (DLP) Suite. You will cover theory and product basics such as the RSA DLP Suite architecture, integration of RSA DLP components, and the importance of various configuration parameters.

You will participate in hands-on labs that build on the basic concepts and providing you with practical experience in building an RSA DLP system.

What You Will Learn

  • Features and benefits of the RSA Data Loss Prevention Suite of products including DLP Network, DLP Datacenter, and DLP Endpoint
  • Administer the RSA Data Loss Prevention Enterprise Manager
  • Create and manage RSA Data Loss Prevention policies
  • Create and manage RSA Data Loss Prevention content blades
  • Deploy RSA Data Loss Prevention agents and grid scan groups
  • Remediation actions available and the benefit of each
  • Generate RSA Data Loss Prevention incident and event reports
  • Perform basic operational tasks including upgrading software, importing and exporting configuration files, reviewing high availability and load balancing, applying patches, and viewing alerts

Audience

System, security, or help desk personnel who need to install, deploy, and/or maintain an RSA Data Loss Prevention system

Prerequistes

  • Familiarity with user and system administration, networking fundamentals, and general information security concepts
  • Familiarity with web, application, and directory server (LDAP) and/or Relational Database (RDBMS) technologies
  • Knowledge of basic programming and scripting concepts is beneficial

Course Outline

1. Data Loss Prevention

  • Features of the RSA DLP Suite
  • Components of the RSA DLP Suite
  • Role of RSA DLP Enterprise Manager
  • Differences between RSA DLP Network, Datacenter, and Endpoint
  • Handling Policy Violations with RSA DLP Endpoint Enforce

2. Enterprise Manager Administration

  • Logging in to the Enterprise Manager for the First Time
  • Features of Enterprise Manager
  • Access and License the Enterprise Manager
  • New Dashboard Features
  • Enterprise Manager Tabs
  • Entering LDAP Configuration Settings
  • Performing User and Group Administration
  • Configuring an E-Mail Server and Notifications
  • Deleting Incidents and Events
  • Displaying Device Status

3. Network Appliance Configuration

  • Main Components of RSA DLP Network
  • Re-Installing an RSA DLP Network Appliance
  • Logging in to an RSA DLP Network Appliance
  • Performing an Initial Configuration of an Appliance
  • Performing Basic Configuration for a RSA DLP Network Interceptor
  • E-Mail Self Release Feature
  • Evaluating Sensor Capacity Needs
  • Diagramming the ICAP Server Event Flow
  • Performing a Basic Configuration of an ICAP Server

4. Policies

  • Function of the RSA DLP Content Classification and Analysis System
  • Use and Purpose of Policies in the DLP Suite
  • Content Blades Used in Policies to Detect Sensitive Information
  • Creating Policies Using a Supplied Template
  • Configuring DLP Network Policies in a Virtual Network Environment

5. DLP Datacenter

  • Features and Components of DLP Datacenter
  • Installing the Enterprise Coordinator
  • Configuring the Enterprise Coordinator
  • Scan Types Available in DLP Datacenter
  • Installing and Configuring a Site Coordinator
  • Creating a Grid Scan Group
  • Viewing Scan Status and History

6. Creating Content Blades

  • Compare Fingerprinting and Describing Content
  • Detection Accuracy Methods Available
  • Importance of Weight, Score, and Count
  • Importance of Accuracy and Precision
  • Determining Severity with Risk Socre
  • Managing and Creating Content Blades

7. Working with Fingerprinted Content

  • Fingerprinting and Hashes
  • Fingerprinting Terminology
  • Configuring a File Crawler
  • Configuring a Database Crawler

8. Agent and Repository Scans

  • Analyzing Agent Scan Status
  • Configuring an Agent Scan Group
  • Scheduling an Agent Scan
  • Analyzing Agent Scan History
  • Configuring a Repository Database Scan

9. DLP Endpoint

  • DLP Endpoint Enforce
  • Components that Comprise DLP Endpoint
  • Configuring Policy Settings Relevant to DLP Endpoint
  • Installing DLP Endpoint Enforce Agents
  • Creating a DLP Endpoint Enforce Group
  • Manually Deploy a DLP Endpoint Enforce Agent

10. Workflow and Remediation

  • Incident and Event Workflow within RSA DLP
  • Comparing DLP Remediation Actions
  • Manual Remediation Functions
  • Viewing Policy, Incident, and Transmission Details
  • Viewing Incident History and Notifications

11. Reports

  • Main DLP Reporting Features
  • Navigating the Enterprise Manager Dashboard
  • Viewing and Editing Reports
  • Customizing a Report
  • Exporting Report Data
  • Creating DLP Asset Heat Map Reports

12. Basic Operations

  • Exporting and Importing DLP Configuration Files
  • Backup Options for DLP
  • High Availability Options for DLP Components
  • Configuring Enterprise Manager Failover
  • Patching and Upgrade Operations for DLP
  • Benefits of Integrating DLP and RMSSelecting and Associating an RMS Template for Use with DLP

Course Labs

In addition to lecture and demonstrations, this course includes hands-on exercises which are designed to give you practical experience.