browse
DLP Data Matching Exclusions enable you to exclude specific matched data, this feature allows for more precise tuning of DLP data classifications, significantly reducing the occurrence of false positives.
How does Data Matching Exclusions help minimize false positives?
Often, keywords and patterns defined within both built-in and custom identifiers may inadvertently generate false positives. For instance, identifiers based on numbers, such as the US Social Security Number (SSN), may match similar 9-digit sequences used for different purposes within an organization, like Account IDs. While the matching logic for SSN is accurate, excluding known internal Account IDs is essential to reduce false positives.
Similarly, consider a customer in the healthcare industry using our HIPAA-compliant data classification to detect disease names such as "Cancer." This classification could result in false positives if the term "cancer" is mentioned in non-patient-related contexts, such as discussions about cancer fundraising events or when referring to organizations like the "Cancer Donation Organization". With Data Matching Exclusions, you can specify terms like "cancer donation organization" ensuring that matches on these terms do not trigger false alerts.
How to use Data Matching Exclusions?
You can exclude specific terms and regular expression (regex) patterns by selecting a custom identifier or a built-in identifier to exclude within the Data Classification configuration.
Please note that exclusions are applied only to the specific instances of content that match the criteria, rather than excluding entire documents that contain the specified terms. For example, if you exclude the term “Cancer Donation Organization,” documents containing this term will still be scanned, but matches for this specific term won't trigger a data violation event.
You can find options for Data Matching Exclusion on the Data Classification page, specifically in the Exclude Data Identifiers section.
Please keep in mind that if a data identifier is selected for both inclusion and exclusion within the same data classification, the exclusion settings will override the inclusion. This ensures that exclusions are always prioritized.
Where can I find more information?
Refer to Umbrella documentation for guidance on using Data Matching Exclusions at Create a Data Classification.