Data Loss Prevention

I want to be able to allow users to access their webmail accounts, read their emails even download attachments EG pictures etc.

What I don't want is for them to be able to upload any content to a new email.

Can DLP help with this?

Hello

 you can perform action only when people upload document to outbound web site.

But if you have deployed only monitor/prevent server you will face some issue with encrypted (HTTPS) web site and so you wont be able to use DLP. If you have deployed endpoint on all end user workstation you can set a policy which prohibit user to upload something to external webmail (and generally any website).

If I can give you a piece of advice dont allow all webmail but define a list of secured/well known webmail (like google,....) because if not you wont be able to control all of them. and so you can prohibit uploading of any document to website managed externally (be sure your business dont use some).

 regards

Thanks for that Stephane...unfortunately the company situation is that all web mail sites are currently available.

I did hear that DLP is not a 'blocking' tool...

So here is a slightly alternate question, can a policy be created to search just for outgoing emails that include an attachment and 'block' on those?...if say for example a very wildcard set of criteria is included in the search for the contents of that attachment EG a,e,i,o,u or 1,2,3,4,5 etc?....

as400,

 DLP is content aware solution so it is able to perform some action (log an incident, block message, ...) based on message content (in message body or attachment).

 There is different component in DLP solution that can solve your issue, blocking is possible with prevent server mode or agent. For example, with agent deployed on each enduser workstation you can block people from sending message to webmail and warn them that they have performed a wrong action based on your policy,.....

 If you want more information you can contact me via MP.

 Regards. 

Hi As400,

As per my knowledge,U can block any webmail communication from internal/external with some network config ,

DLP is to monitor/ block internal to external communication/transfer.

Ucant block to upload any attchment by just allowing limited previlages, this needs webapplication level config,

Isnt the agent level config only posisble for Firefox(not latest version) and IE for https? I have tested AFAC which doesnt handle chrome well and is quite buggy.

Hi As400,

Please chcek below

https://www-secure.symantec.com/connect/idea/blocking-uploadingdownloading-attachments-webmail

https://www-secure.symantec.com/connect/forums/avoiding-data-loss-prevention-draft-folder-web-mail#comment-6080261

https://www-secure.symantec.com/connect/forums/dlp-not-blocking-web-gmail-account

Little late to the party, and I'm guessing you've already decided what you're doing 5 months later, but I've had some success doing this.  It's kind of a pain and it isn't really ideal.  An icap server can be set up to send the "webmail" traffic to the web prevent server, and then you can block attachments(size>0 bytes works for the policy).  Obviously if whatever you're using to decide if it is a webmail site is wrong, you won't be blocking attachment at all.  To decrypt the https traffic you would need to create intermediate certificates and disperse them to all the browsers.  We also installed an SSL decrypter card on our proxy servers.  You're basically setting up a man in the middle situation so you can see all the traffic, and then it really only works if they're using a post process to upload the attachment.