Data Loss Prevention

Hi All ,

We send a customer data to a Gmail address from our customer outlook or owa but we couldn't see an incident from under the network incidents.

I guess our customer exchange use TSL and I know gmail accept TSL message. Is it possible reason for this situation ?

may be worth looking into policy, do sending into anyother corporate account does the incident triggers?

What kind of detection server used, Network Monitor or Network Prevent for Email?

If you can confirm that the TSL is used between your customer and Gmail, then the Network Monitor cannot detect the incident because the message are encrypted.

But, if it is Network Prevent for Email, and you put the Network Prevent for Email between your customer's email server and the Internet, then the message should be detected.

Hi Yang ,

Customer uses Network Monitor not Network Prevent for Email. If I added hotmail,yahoo mail account etc this time Netmon create an incident but if send only gmail account it could't detect any incident.

Ps: Pete there is no mistake at the policy it works well if I use other email address. Only Gmail is our problem. 

I've noticed this at most customers using opportunistic TLS.  Gmail is going to establish TLS and you won't be able to monitor it at the network egress point.

You might consider an additional span for SMTP at the point in the network between Exchange and your MTA, before TLS is established.  I've had a few customers do that successfully.  It might have other implications that you'll need to deal with, however.  For instance, you might have to disable TLS between Exchange and the MTA if it's enabled (and you're willing to do that).

Otherwise, you'd need SMTP Prevent (configured for TLS), or Endpoint (inspecting mail at the Outlook client level before any TLS ever happens).

Thanks Kery..

I think so there is no way to monitor this traffic with Netmon