Data Loss Prevention

 View Only
  • 1.  DLP - Network Prevent for Web - Scan only outbound uploads

    Posted Aug 10, 2015 09:03 PM

    Hello,

    I am implementing a DLP 12.5 server infrastructure. I am configuring Network Prevent for Web.

    The customer does not want to detect files being downloaded by users and only want to prevent the uploading of sensitive files to the Web.

    Is there any way from within DLP to only scan outbound communications/files?

    Cheers

    Cameron



  • 2.  RE: DLP - Network Prevent for Web - Scan only outbound uploads
    Best Answer

    Trusted Advisor
    Posted Aug 11, 2015 06:41 AM

    Hello,

     

     there is different possibilities :

    - 1/ Ask your network team to send you only outbound network packets. This will avoid your web preven to capture and analyze unexpected flows.

    - 2/ Use a L7 filter to capture only flows coming or going to next network hop (in the right way). Many times you will receive some network packets which are routed to an other equipment after DLP. So you can avoid capturing packet going to this one.

    -3/ In your DLP policy (but if you could do it there, you could do it at L7 level), add an exception for messages coming from this network equipment IP address.

    -4/ If this equipment does not exist, you should have some IP address as source for outbound request and some URL domains for inbound request. So keep only the ones with IP addresses.

     

     We could imagine other way to do it depending on your client architecture. But from my point of view the best way is the first one if network team is efficient, second one is the best if you want to keep control at DLP level, third one is only useful if you want to have some policies on outbound and some on inbound traffic.

     

     Regards



  • 3.  RE: DLP - Network Prevent for Web - Scan only outbound uploads

    Posted Aug 18, 2015 08:56 AM

    On the ICAP forwading rule on Proxy, you could choose only PUT and POST Traffic to be sent. If GET is removed specifically, you would not get the Ingress/Incoming feed.



  • 4.  RE: DLP - Network Prevent for Web - Scan only outbound uploads

    Trusted Advisor
    Posted Aug 19, 2015 04:37 PM

    You are able to configure the Proxy to either process Post or Gets. In addition you can configure ONLY the remod setting if needed on the proxy.

     

    Good Luck.

    Ronak

     

    Please Marked solved when possible!



  • 5.  RE: DLP - Network Prevent for Web - Scan only outbound uploads

    Posted Aug 20, 2015 01:16 AM

    Thanks guys. I will confirm when I am next on site.