Destinations: What they are and how to work with them

Manage your data destinations. Decide which of them are safe and which are untrusted, so that they can be whitelisted or protected easily.

In this article, you will learn:

 

What are Destinations

Destinations allow you to manage selected destination types, mark them as Untrusted or Safe, and thus control them granularly in policies.

Supported destination types – web uploads, email recipient domains, and USB devices - are automatically detected based on usage in the last 30 days.

Destination management is based on a simple system with 3 columns:

 

Unassigned destinations

Your “inbox” with destinations that were auto-detected in the last 30 days. They are listed chronologically to highlight new domains and devices.

New destinations that can be considered safe with a high probability are highlighted with the Recommended label by our smart analysis.

Destinations can be moved into the Untrusted and Safe columns:

  • Automatically - by our smart analysis based on usage patterns. This way, we achieve adaptive risk detection, which is based on user behavior.
  • Manually - you can move destinations between columns by clicking the buttons at the top of the columns.

 

Untrusted destinations

Destinations that are not part of a secure company perimeter and you do not want users to upload information to them. You can control untrusted destinations in a specific way by policies, but they are not automatically controlled in any manner for you.

 

Safe destinations

Trusted destinations that are part of a secure company perimeter (e.g. company emails or emails of business partners, a file share within company intranet, company USB devices, etc.). 

 It is best practice to assign company devices and domains into Safe destinations.

Destinations that were added by Safetica smart analysis are highlighted with the Smart analysis label. If you disagree with the smart analysis, you can always move the destinations to a different column.

Example: A company has a “Block non-company USB devices” policy that allows file transfer to company USB devices (since they are considered safe), but blocks transfers to all other USB devices.  

When a new company USB device is used for the first time, it will appear in Unassigned destinations, and the blocking policy will apply to it, as it is not known. The admin can then move the USB device to Safe destinations, and the “Block non-company USB devices” policy will no longer block it, as it has been marked as Safe.

 

Destinations and risk assessment

 Transferring files to safe destinations will not increase the risk of those events.

You can have risky events related to safe destinations, but they will be based on indicators other than web upload, email destination, or transfer to USB devices (e.g. a data transfer to a safe destination might be risky, if it involved sensitive data or was performed at an unusual time).

 

How to manage destinations from event detail

You can place a destination to safe/untrusted destinations directly via event detail while investigating the event.

  1. In Data security > Event overview table, open the detail of the relevant event.
  2. In the Summary tab, click next to the device or domain and select the appropriate option (either Add device to safe destinations or Set domain as untrusted).

The change will only influence the risk of future events. Past events will not be changed retroactively.