Learn about the recommended initial general setup of Safetica 10. The setup depends on your requirements and the data you are working with.
In this article, you will find recommendations for what features to set up and how:
- Auditing features
- Web/App control
- Zones
- BitLocker
- Data categories
- DLP policies
- Alerts and reports
- Maintenance
Auditing features
Go to Safetica Maintenance Console > Discovery > Functions settings.
We recommend setting the features as follows:
■ Application audit - Enable
■ Device audit - Enable
■ Website audit - Enable
■ Print audit - Enable
■ Network traffic audit - Disable
■ Email audit - Enable (only emails with attachments are audited, the content of messages is not)
■ Audit of file movement over external and local paths (network, external devices). You can also choose to audit operations for specific file types (project documentation, business communications, economic data)
Web/App control
Go to WebSafetica > Policies.
■ Create a policy that will block access to the following website categories:
Malware, Pornography, Games, Illegal, Proxy web
■ Create a policy that will block the running of the following applications:
Keylogger, Miners, Alternative web browsers, File sharing, Games
Zones
Go to Safetica Maintenance Console > Protection > Zones.
At the very least, we recommend setting up safe zones for:
■ Trusted email domains
■ Trusted external devices (company USBs, ..)
We also recommend setting up safe zones for:
■ Trusted network paths
■ Trusted web addresses
■ Trusted printers
BitLocker
Go to Safetica Maintenance Console > Protection > BitLocker disks.
■ We recommend using Safetica BitLocker for laptops.
Data categories
Go to Safetica Maintenance Console > Protection > Data categories.
We recommend creating a data category for the following sensitive content:
■ Credit card numbers
■ ID card numbers
■ Birth numbers
■ IBANs
■ Keywords
DLP policies
Go to Safetica Maintenance Console > Protection > Data categories.
We recommend testing your policies in log mode and then switching to notification mode after validating the settings. The order in which policies are placed in the policy list is also important. The higher a policy is, the higher its priority.
DLP policy for sensitive content data category
Define a DLP policy for your sensitive content data category. We recommend setting the policy rules followingly:
■ Cloud drives: Notify
■ Upload: Allow safe zones
■ Email: Allow safe zones
■ Instant Messaging applications: Notify
■ External devices: Allow safe zones
■ Network shares: Allow safe zones
■ Remote transfer: Notify
General DLP policy
Define a general DLP policy for the following destination types:
■ Cloud drives: Custom (only notify when transferring files to non-company cloud drives)
■ Upload to file share: Notify
■ Upload to webmail: Notify
■ External devices: Allow safe zones
Alerts and reports
Go to Safetica Maintenance Console.
Reports:
Set up reports based on your own saved views from the Discovery section.
Suggestions:
■ Weekly/monthly report on user activity
■ Weekly/monthly report on visited websites
■ Weekly/monthly report on applications used
Alerts:
■ Long time spent on unsafe/unproductive websites
■ Connection of unknown device
Maintenance
Go to Safetica Maintenance Console > Maintenance > Database management.
■ Set up automatic database maintenance. We recommend having a repetitive "back-up and delete" task - repeated every 3 months for logs older than 3 months.
Go to Safetica Maintenance Console > Maintenance > Update and deploy.
■ We recommend updating Safetica Server and Safetica Clients at least every 6 months.