This article provides an overview and background information about Cato's Data Loss Prevention (DLP) service to provide content inspection and protect sensitive data. Cato's DLP solution extends the abilities of Cloud Access Security Broker (CASB) that manage how cloud-based apps are used, and adds the capabilities for data and content inspection.
The Application Control policy is included in the CASB license. Enabling Data Control rules in the Application Control policy also requires the DLP license.
With the proliferation of SaaS and web-based apps, it is increasingly difficult for admins to easily monitor and control how sensitive information is accessed, used, and shared. Cato's DLP service provides a data-aware solution to enhance the CASB Application Control rules and provides:
The ability to prevent or detect data exfiltration, and minimize risks for data breaches or accidental data loss
Granular rules let you comply with industry regulation and standards for only the relevant traffic segments
Monitor sensitive content and file uploads and downloads across the organization
The DLP content scans are inline proxy-based using HTTP inspection. The DLP engine uses the advanced Cato Cloud architecture which implements content inspection and at the same time ensures privacy with minimal latency or impact for the end-user.
For more about Cato's DLP, please check out our DLP video tutorials.
The Cato Management Application lets you add Data Control rules to the Application Control Policy (Security > Application Control Policy) to define the content and apps that are inspected. The Data Control rules support these DLP features:
File attribute content inspection - specify the file types and size which are monitored and controlled. These are configured as the File Attributes for a rule.
Predefined Data Types - recognize a wide range of sensitive data (such as credit card numbers, and identity numbers). These are configured as the DLP Profiles for a rule.
The DLP Configuration screen (Security > DLP Configuration) lets you combine related Data Types into a single Content Profile which you can add to a Data Control rule.
Note: If you create a Data Control rule the uses both File Attributes and DLP Profiles, then there is an AND relationship between those settings. That means that the rule only matches content that meets all the file requirements and the Data Types. In general, we recommend that you configure either File Attributes or DLP Profiles within a single rule.
This is a high-level overview of the steps to implement the DLP policy.
Create (or review) the DLP Content Profile that defines the Data Types that you are including in the DLP policy (see Creating DLP Content Profiles).
Create the Data Control rules for the File Attributes and DLP Profiles (see Creating the Data Control Policy).
Challenge - Prevent users from uploading Autocad source files to an external destination
Cato solution - Create a Data Control rule for the Design file type in the upstream direction
Challenge - Enforce Personally Identifiable Information (PII) for a specific country
Cato solution - Create a DLP Content Profile that contains all the relevant PII Data Types
DLP Service File Requirements
- Supported file size is between 1KB and 20 MB
- Image, audio, video, and binary files are not supported
Please sign in to leave a comment.