Skip to main content
  • EN

AD_4nXc33e_P6qqwrNSmZLU2bdJr_8TYwvVdFqvUqvmbiwZlcF-Zv9Fb8Zul_b7WE6Sj3Nh_80NrBALVl8UAmCktaHAL9Ez1183JPKigR6BJIhGb5sRVRe1o2u71PCRIs_fmYWabhcoWXdx5uoz0SJ6Vtc0dbO4_?key=0uW5JttbwWMp3MEDi72QSQ

Netskope Global Technical Success (GTS)

Real-Time Detection of Sensitive Information Using DLP - OCR

 

 

Netskope Cloud Version - 120


 

Objective

Detect Sensitive Information Using OCR Capabilities with Netskope DLP in Real-Time Policies

 

Prerequisite

Netskope Advanced DLP must be licensed, and you should also request to activate the 'OCR for Inline Protection' feature. Please contact your CSM or open a ticket with the GTS team for assistance.

 

Context

The customer wishes to detect sensitive information such as PII, PCI, or others in images using Netskope's DLP engine with the OCR feature.

Configuration

Initially, it is important to understand that once OCR for Inline is enabled in the tenant, this is a passive configuration. This means that it is not necessary to create a specific configuration for OCR to detect sensitive information. 

 

From now on, all existing DLP policies, with their DLP profiles and rules, will also evaluate sensitive information in images using Netskope’s OCR technology. 

 

Below is a use case that reviews, step-by-step, how this works and how it can be tested for different use cases. 

 

  • Here is the configuration of the DLP rule. 

 

Note: some predefined identifiers were selected to capture various types of sensitive information such as birth dates, SSNs, cards, financial terms, etc

 

AD_4nXfgryh39wqfG9KUPxrvu_KdXVv9_5kItTNtYh7_BkxVAy4_qFxtLbzODmA9cY_wV1D8Z3__UOTV4Z-QTpzDohO4sEpMKWOFslQnTIQJSSq5rhoHR87L5O8uGqy5IlI1JypaDNjdG1FmJl_lL70t1Ee0f8bQ?key=0uW5JttbwWMp3MEDi72QSQ

AD_4nXd0MqzLUo1R65wk9DZhBpmJ0ZgcSCCK6GlraCkGSPUPG0As89A0gwCAhRDD3bHv4K1yZEUoz5pBeUx3XAKUX5pMs8lWjZnXlBGvpN5XCvsEG51t9wlkzjhoJxLD_zfuooJ1fYSzE0XUMDOqTyRq_Q6kudc7?key=0uW5JttbwWMp3MEDi72QSQ

AD_4nXc1eSJpbp2JG4FIuYf2uv_uYdMVLsngQxS-S5VbX1lT6m1QeoCKo6Il4rVTIT9ml5HyokVeC2EdPRoncTRsfo9_6SCN8KEm3Hz7hI0euoYdXAl-9mPpI3pv_qIT9zl0gISEP-gPb9iR_imhBixK_kgJf7JT?key=0uW5JttbwWMp3MEDi72QSQ

AD_4nXd6B0bPMTM8EkxShf3ojJdS6fEC0Hm0X5ZkHLxuLgZH9V4aTdZRHGDu6R4Bu2FMFUPdi-hMoaQEepdzdCDe22sscx2Fhi95_TwdUKD3IJJRXX8SiKOkpaxf6Xm2-5QYr3lDALhdfFEFVSXmcJX5cx9Wqgw?key=0uW5JttbwWMp3MEDi72QSQ

AD_4nXdTmClllPDvrf3dGf3gUUyhHGRMRgsm86vESQ6F-k6gNI6NJufsApxaBZtHvce3wjf_ugF521uvC3RSlmqmQIrsPjk22evB3mez-9q2pq6QOOleBDtob_5NEZA_-fOAGfmoAOXMWDbN44yNW5yM40aqb4Q?key=0uW5JttbwWMp3MEDi72QSQ

 

  • Here is the configuration of the DLP Profile. 

 

AD_4nXehh8Nf_UHQDF__5AvlFQFrVjZ2B6Ijd81ObWMjYoFvQ58bgL37KaHZ2s5EHM-QXgxhKjX_wu-Ck_mzBqPuhSCSgslefUM8f4Et8lrhyQ39uYjgTHVK32mRCNd7cY-OaI9H3ttxdlCyOrZ7DT6H_nN9NzQ8?key=0uW5JttbwWMp3MEDi72QSQ

AD_4nXfn5B8uOx-G_6TGKXdp_xfjRO5ChOTBNi4kcZaKUn9yKXxbM87RfUDN70BkHD5o_29nxYWcznFi4BVzOxu6xs-kZPMsflSQOpXhPZDdqTL9MuRqISrM9vB9vD_-pN3lsA7w6Km2gCT6u5lVkJJu7Z8DgPKO?key=0uW5JttbwWMp3MEDi72QSQ

 

  • This is how the real-time policy configuration would look. 

 

AD_4nXcfHNnQ1gCF36o4uAoeecoStD2apHSmPPed6GGdKpLg8GAiS-JFF50HLHr9dufLMTC3TMvLOpIOrlP77xSAujKEnYNzAU3SY4ST3qw8Jhm44TMZMk4sxSdS0gSnGFQnT_oYHdTmsfhHZR4ik0L55rhRcoav?key=0uW5JttbwWMp3MEDi72QSQ

 

AD_4nXdHwqzFvsZVKf4vZg_sWulI0pqm1SmiWebSRxjuBAtIxv1IHmW2HyxW05AQjLNoQx25IMw8VGgwvf9wpEvfr6elU8TYTVJafsPreEG2NgX6MuOeV8lhPVyOK-7GS3HdZzfJ1lLOTjHhe2-klgo6CIoNzNim?key=0uW5JttbwWMp3MEDi72QSQ

 

After testing the upload of sensitive information, in this case to Google Drive, this is the alert in Skope IT and in DLP Incidents. For this use case, a screenshot of sample information obtained from dlptest.com was taken. The screenshot (OCR Image Sample.png) used for this exercise is provided below:

 

AD_4nXeC4iSBwTPp4bXvBBD-WGWuAP-GiaPN6qt3H-UzA2AoNX1NaTYkEFeR_6Qk4v0W0PRsnjrwl9m2bNR5nY6KUsjCD8X-sejIDn2arfAG2_r5vzhmfH-KeMVpW2LMq6SmNAoKJANX18HhsFQ621kgWlKtszhT?key=0uW5JttbwWMp3MEDi72QSQ

 

  • Skope IT Alert:

 

AD_4nXdjcqOHCwEri3pxo0KDhicnSkXEA1WOrTwzkDMMw_okYvsRyyNtBuU89hMMcnaDDWvIWOERmr_XnW2kRuj4rQzFEcg1lStavr1jWsmycdutfzlVtUFhgmHvHZHyVlc7d80GbAR_v6zyKtFeqFDkW7ZxTSw?key=0uW5JttbwWMp3MEDi72QSQ


 

AD_4nXd-YASsTBtr5sATcY7Hmoeibxk7ff-NLZiln6tk2wX9n6S6a4eTbDPYxPXXABo2LiYgDOVzShIP6CrZVRiVTH4LdYO0Uoq4suXMgWsl4IyDcve3n0764XtxeYdmKtwCiBnja7zUrubWRGmd7to2UECJnsyF?key=0uW5JttbwWMp3MEDi72QSQ

AD_4nXdu6sfT_pBcKcoupFYTo9NUAxTSmEoTnkzkY7qjynLUYE0aNCNpP5SRaT-8yvwQxc8O7l0JBUl_1wJf1ISyj84_qNEt6DSQOSNuknfHN9BpiVYH1_bzer8_30WL-D9Niuwcq0OzhSsZMPkp1ixOj__kDz_a?key=0uW5JttbwWMp3MEDi72QSQ
  • DLP Incident:

 

AD_4nXcd1ZM7ruYFZoSmkow46eB8QgBTRDghAHH9D0ON7SPwiNOIoahY0uQ9CUr4d5xkqk0oEVe_oXqrZMq2Oywn6nbD3luqdFS0zvnOTluiASMZ1QnhVOff8OBhBFCaksiZxv7D6O2LZCRjd0bYVhxzCnwaCkA6?key=0uW5JttbwWMp3MEDi72QSQ

AD_4nXcBToh1Zp5CdBzI0hSpMI6NdXeDpI9VQeMfGLua7LhlzM35ArefE7B8YultV9HFjE9wVuUS2AmsSJK0svvNgUcHTDOt9_kDCLyVta-dpjpArUDPWFyMmyOugWZ3IhV4A-vGR-JEUHGhLGG743bCBlmBYuU?key=0uW5JttbwWMp3MEDi72QSQ

 

Lastly, as a recommendation and best practice, it is advised to customize DLP rules. Use existing predefined configurations as a base to build your own rules and identifiers. 

 

We are also sharing several valuable resources to enhance knowledge and expertise in DLP.

 


 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.

 

Be the first to reply!

Badges Winner

Show all badges

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Ask your question here!
Terms & ConditionsCookie settings