POLICIES
      Back to home
      1. Safetica
      2. PROTECTION: Set up your data protection
      3. POLICIES

      🆕Policies with dynamic action

      Tailor protection to the needs and behavior patterns of individual users.

      In this article, you will learn more about:

       

      Introduction: What are policies with dynamic action

      Policies with dynamic action tailor protection to the needs and behavior patterns of individual users. The key is reaction to anomaly-high behavior that is personalized to the company and to every employee there.  

      Unlike traditional policies, which are inflexible and only allow or block operations without nuance, policies with dynamic action smartly adapt to how individual users interact with sensitive data. They use Contextual defense and take into consideration standard or anomalous user behavior. Policies with dynamic action tie together data policies, data classification, and data destinations.

       

       

      Benefits of policies with dynamic action

      • Tailored protection: Smartly assess user’s behavior patterns to provide a tailored DLP approach.
      • Granular control: Easily remediate unwanted and risky user behavior without disrupting the work of others and impacting the business.
      • Individual focus: Address each user individually based on their unique behavior.
      • Intelligent remediation: Use Contextual defense modes to set up what amount of sensitive data a user can handle before the policy action becomes stricter. 

       

      How policies with dynamic action work

      Policies with dynamic action smartly react to user’s behavior. If a user works with a larger volume of sensitive data than their peers in the company, the policy and its action will gradually become stricter.

      When you turn on Dynamic action in a data policy, you can see that the texts change a little. You are no longer setting what will happen but the strictest remediation that will be used.

      For a blocking policy, this will be the Block action. The blocking policy will start as Not set (user activities are not even audited), and after a user works with a certain amount of sensitive data, the action changes to Log. If the amount of sensitive data the user works with increases even more, the policy action will change to Notify, and then to Block.

      ✍️This way, the user's activities will not be blocked right away but only after they handle a certain amount of sensitive data. The work of other users will remain unaffected.

      âť—When you select the Block action, the policy will go from Notify to Block. It will not go through Block (with override).

      When you select the Block (with override) action, the policy will go from Notify to Block (with override). It will never go to pure blocking.

      If you set the Dynamic action to Notify, the policy will only go from Not set to Log and then to Notify. It will never go further than that.

      Example: Employees in the HR department typically handle around 50 CVs with sensitive info per day. This is considered normal for the company, so they should be allowed to work with such a number of files and sensitive data on a daily basis. If there is a sudden deviation – for example, one employee tries to transfer 5000 CVs – that is an anomalous activity that should be addressed. This is where policies with dynamic action come in.

      The company can use a policy with dynamic blocking action to protect sensitive data in CVs because it detects such deviations and addresses them specifically for individual users without affecting the normal work of others.

       

      ✍️The amount of sensitive data that makes the policy action stricter is counted for every user by Safetica based on predefined thresholds, the activities of other users in the company, and the Contextual defense mode.

      With a single action (e.g., a huge bulk operation or handling a super sensitive file with thousands of sensitive information pieces), a user can overreach several thresholds so that the policy may go from Not set to Blocking immediately.

      Example: A salesperson is communicating with customers. Suddenly, they download the whole customer database with thousands of customers and their info, and then they try to copy it to USB. A policy with dynamic blocking action would then skip all actions (Log, Notify) and go straight to blocking.

      ✍️When a dynamic action is made stricter for a user, an insight appears in Insights.

      Policies with dynamic action go back to Not set at midnight.

       

       

       

      How to set up policies with dynamic action

      There are 2 steps you need to take to set up policies with dynamic action:

      1. Configure the Contextual defense mode for individual users
      2. Create a policy with dynamic action

      1. Configure the Contextual defense mode for individual users

      First of all, select the Contextual defense mode for individual users. This has an impact on the amount of sensitive data they can handle before the policy with dynamic action becomes stricter:

      1. Go to Safetica console > Users and click the relevant user.
      2. In the Contextual defense mode section, choose from:
        1. Standard – The default mode that covers usual user behavior.
        2. Soft – A more benevolent mode that allows the user to handle larger amounts of sensitive data (e.g., an accountant who's sending a lot of financial info as part of their job needs to be allowed more flexibility).
      3. To see which Contextual defense mode is selected for which user, see the Contextual defense mode column in the Users table.
      4. In the Users table, you can also select multiple users and change their Contextual defense mode in one go by clicking Set Contextual defense mode to

      ✍️You can also set up Privileged access in every user’s detail.

       

      Example: HR employees work with a lot of sensitive data as part of their jobs, so the admin decides to allow them more flexibility than employees in other departments. The admin changes the Contextual defense mode of all HR team members to Soft.

       

      2. Create a policy with dynamic action

      ✍️Learn more about creating data policies here.

      âť—Limitations

      • Policies with dynamic action are only available for data policies.
      • Policies with dynamic action do not support the following data destinations: Git, M365 file sharing, print, and virtual print.
      • The options Block copy to clipboard and Block screen capture are not supported.

       

       When creating a policy with dynamic action:

      • Select one or more data classifications. The dynamic action toggle will be disabled if no classification is selected.
      •  In Policy action, toggle the Dynamic action switch.
      • Select the strictest action (Log, Notify, Block (with override), or Block) to which the policy will gradually get based on how the user handles sensitive data.
      • You can see whether a policy has dynamic action or not in the Policy action column in the list of data policies.