Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

About Classifications

Limited Availability: ML Auto Classifiers is an advanced DLP capability that requires additional entitlement. Contact Skyhigh Support or your account manager for assistance.

To protect sensitive data, start by identifying the data to be protected and categorize the data using classifications. Data protection rules apply the classification criteria and other definitions to protect sensitive data from leaving your organization.

Skyhigh Security provides a range of built-in classifications for common requirements, and you can use them to comply with required regulations. You can also create custom classifications to suit your organization's needs. Both built-in and customized classifications are consistent and can be used across your data protection policies.

The Classifications editor displays the list of built-in and custom classifications. Classifications are categorized into logical groups. For example, the Healthcare category includes classifications for detecting possible HIPAA violations and more. Built-in classifications include, among others, classifications for detecting personally identifiable information (PII), with classifications specific to different countries. You can use built-in classifications as is in data protection policies, or you can customize new classifications.

Skyhigh offers a Classification Tester, which enables you to evaluate your DLP classifications to detect the required matches accurately. This easy-to-use tool simplifies the process of validating your classifications, allowing you to fine-tune classifications before using them in your DLP policies. For details on the Classification Tester, see Evaluate Classifications.

NOTES:

  

 

  • For users with Trellix DLP Endpoint, you can also enforce consistent classifications for DLP Endpoint and cloud policies. 
  • To enable data classifications for existing GovCloud (FedRAMP) tenants, contact Skyhigh Support.
  • You can view events for DLP classifications in the Audit Log. For details, see View DLP Classification Events in the Audit Log

Classify your data

You can identify sensitive data with text patterns using regular expressions, dictionaries, and keywords. They can also specify file conditions such as the true file type, file extension, file size, or location in the file.

Methods to define classification criteria include:

  • Dictionary Collections of related keywords and phrases, such as profanity or medical terminology. Sensitive data is compared to the dictionary entries and ranked according to a score, meaning the number of times the sensitive keywords need to appear in the content for the rule to be triggered. The Classifications editor includes several built-in Skyhigh dictionaries with terms commonly used in health, banking, finance, and other industries. You can also create your own dictionaries or export built-in dictionaries to edit them to suit your organization's needs.
  • Document Properties. Document Property Sets are used to classify documents based on file metadata, such as Author, Keywords (Tags), or Last Saved By. You can also create custom Document Properties. 
  • Advanced Pattern. Regular expressions, or phrases, used to match patterns such as social security numbers or credit card numbers. Advanced patterns are ranked according to a score, meaning, the number of times the sensitive expressions need to appear in the content for the rule to be triggered. The Classifications editor includes several built-in advanced patterns for ensuring compliance with government regulations and simplifying the detection of personal information. You can also create your own advanced patterns.
  • True File Type. True file types determine which files to identify the sensitive data. True file types detect attachment violations when file extensions are renamed and sent as attachments. For example, if a .cpp file is saved as a .txt file, true file type classification can detect it.
  • File Extension. The file types, such as MP3 and PDF.
  • File SizeThe size of the file to detect sensitive data. You can also define a file size range.
  • Location in file. The section of the file to look for sensitive content; Header, Footer, Body or within the first characters. This option becomes available in the Classifications Editor when you select to use a Dictionary, Advanced Pattern, or Keyword as a definition type.
    • Microsoft Word documents - You can identify the header, body, and footer.
    • PowerPoint documents - WordArt is considered the Header. Everything else is identified as the Body.
    • Other documents - Only Body is applicable.
  • Keyword. A string value that defines sensitive data. You can add multiple keywords for content classifications. Keywords are not consistent across classifications. If you need to use consistent keywords across classifications, use a dictionary.
  • Proximity. Proximity allows you to define how many characters can separate items in a Dictionary, an Advanced Pattern, or Keywords and still trigger a match. If two items are found within the selected number of characters, it's a match. 
  • File Encryption. Allows you to create a Classification and select File Encryption types to detect them in your files.
  • Exact Data MatchingExact Data Match (EDM) fingerprints allow you to define classification criteria for the user records exported from a database (in rows and columns) to a .csv or .tsv file. You can select the required rows and columns to define classification.
  • File Name. Allows you to define the list of file names, which can be used to match, process, and protect sensitive data during the DLP policy evaluation. You can define custom file names using the is, contains, or regex operators.
  • ML Auto Classifier. ML Auto Classifiers are used to automatically classify various types of sensitive files based on Skyhigh pre-trained Artificial Intelligence (AI) and Machine Learning (ML) models. 

Classifications page

Create and manage classifications on the Policy > DLP Policy > Classifications page.
clipboard_e73fcac1c0dda36741a2aade9d8a814dd.png

The Classifications page provides the following information and actions:

  1. Search. Search via the Omnibar
  2. Filters. Select options on the Filters tab to scope down your search. 
  3. Actions. Click Actions to:
  4. The Classification table provides the following information:
    • Classification Name. The display name of the Classification. 
    • Category. The Category of the Classification. 
    • Source. The category's source, either provided by Skyhigh Security or Custom. 
    • Last Updated By. Displays the user name of the user who last updated the Classification. 
    • Last Updated. Displays the date and time the Classification was last updated. 
  • Was this article helpful?