Data Loss Prevention

 View Only

  • 1.  Cloud Storage and Response rule 14.x.x

    Posted Sep 30, 2016 10:49 AM

    Hello,

     

    It seems that Symantec forgot to create a response rule for Cloud Storage detection on 14'version. While creating a response rule, if you want to create a condition for 'protocol monitoring: cloud storage' there is no such option. 

    Its only possible to use AFA as condition, but if the App (i.e. google sync) is configured to be Cloud Storage it will not work.

    However if you use a response rule without protocol conditions (applied to all protocols without exceptions) the Cloud Storage will be also affected.

    Any thoughts on this?

     

    BR,



  • 2.  RE: Cloud Storage and Response rule 14.x.x

    Posted Oct 26, 2016 04:08 AM

    Any comments and suggestions will be much appreciated.

    Thanks.



  • 3.  RE: Cloud Storage and Response rule 14.x.x
    Best Answer

    Broadcom Employee
    Posted Nov 03, 2016 10:38 AM

    The reason there is no cloud storage protocol filteirng option is that the option is seen as ane extension of the existing Applicaiton File Access Control functionaility. In other words we dont differentiate on this use case. Most of the filtering options would be configured on the Application Monitoing config as each of the vectors you are looking at would request an identical responce. What use case are you trying to set up?



  • 4.  RE: Cloud Storage and Response rule 14.x.x

    Posted Nov 03, 2016 12:52 PM

    Thanks for the reply John. So you are saying that If we apply a specific response rule only to Application File Access (as condition..) we are not applying the same response do Cloud Storage (googlesync, onedrive..)?

    In my opinion this doesn’t make any sense.. in the end you can only apply a response rule to Cloud Storage if you use it for all protocols, without any distinction between them.

     

    We opened today a case.

     

    BR,

    Morgado



  • 5.  RE: Cloud Storage and Response rule 14.x.x
    Best Answer

    Posted Nov 07, 2016 03:57 AM

    Hi Morgado,

    DAR scans like Network Discover and Cloud Storage isn't a protocol for monitoring but a type of incident. You can add the condition in response rules by adding Incident Type > IS ANY OF > Discover.

    What John meant is that applying enforcement isn't logical on Cloud or Network Discovery scans as you'd typically apply the block/notify/etc control on the channel that facilitates the write event (the Endpoint Agent for example).

    Dean



  • 6.  RE: Cloud Storage and Response rule 14.x.x

    Posted Nov 12, 2016 09:11 AM
    Hi Dean, I get that. But what's happening is that when we apply a specific response rule to AFA channel is not affecting cloud storage incidents. These incidents are only getting a log. Symantec support is investigating ... no news so far.