Learn about universally applicable best practices, which can significantly improve your Safetica NXT experience.
In this article, we are going to focus on several universally applicable best practice settings, which can significantly improve your Safetica NXT experience.
Let's split them into different stages:
Maintain your environment
Maintain your environment by enrolling new devices in Safetica and troubleshooting those with issues. It is also important to keep all devices up-to-date with the newest version of Safetica. Click here to learn more about enrollment and different device statuses. Click here to learn more about troubleshooting.
👍 Best practice TIPs:
- Make sure all devices have Active status in the Devices section. In case of any issues, please contact our Safetica Support.
- Install Apple Configuration Profiles on your macOS devices to simplify the permission configuration necessary for Safetica NXT. Click here to learn more.
Detect risky events
Detect risky events based on your custom policies and our automated smart analysis. Safetica NXT assigns risk to individual events based either on predefined policies or your own-custom policies that address the specifics of your environment. Click here to learn more about policies.
To further increase risk accuracy, you can create a data classification that will automatically search for chosen sensitive content in outgoing files (predefined algorithms, regular expressions, or keywords). Click here to get more information about sensitive data and its discovery.
👍 Best practice TIPs:
- Create a policy for data transfers to personal clouds and RDP. Set the risk to high.
- Update our default "Company" data classification. Add a new rule representing usual company terms (e.g. company name, web/email domain, product names, employee names, etc.) to improve the detection of company-related data.
- Delete unnecessary data classifications or rules as per the customer's business scope to speed up content analysis on enrolled devices.
Analyze discovered risky events
Analyze and investigate discovered risky events in minute detail. To keep the assigned risk precise and reliable, it is important to review the discovered events and change their risk if necessary. You can learn more about the effective investigation of risky events here.
To avoid assigning high risk to data transfers performed within the safe company environment, you can define safe email domains, external devices, and websites in the Destinations section. Learn more about Destinations here.
👍 Best practice TIPs:
- Check the Destinations section regularly. Evaluate new destinations in the Unassigned and Safe columns to optimize the automated smart analyzis.
- Investigate risky events and assign them correct risk to eliminate false positives.
- Investigate events with detected sensitive content and optimize related data classification rules and their thresholds to eliminate false positives.
Prevent data loss
Prevent data loss by the fast response. Get notified about risky events immediately. We have covered maintenance, detection, and analysis recommendations. Now the environment is correctly set up, and we can effectively use real-time notifications. Learn more about notifications and reports here. Use policies to notify or restrict users from leaking sensitive data from your safe company environment. Learn more about policies here.
👍 Best practice TIPs:
- Create access to Safetica NXT for your customer, so that they get real-time notifications for high-risk events directly.
- Enable notifications for low-risk and medium-risk events to become aware of potential future security incidents.
- Create a custom investigation filter based on customer needs to optimize results in the weekly report.
- Create a policy:
- to notify users about transfers of sensitive data using predefined data classifications (Personal, Healthcare, and Finance).
- to notify users about transfers of data outside Safe destinations
- to protect desired teams
- We recommend to use the block policy action only after thorough testing and analysis of possible business impact. Always start with log only or notify actions.