Adobe App and Service Licensing bypass

  • 15 May 2023
  • 1 reply
  • 119 views

Badge +6

Hi All,

 

I would like to initate a discussion on better DLP for Adoble product lines, and I believe many Netskope users here in Technology or design industries may have similar concerns.

According to this article, to make sure licensed Adobe fuction correctly, we may need to allow many domains.
https://helpx.adobe.com/enterprise/kb/network-endpoints.html

However, a possible data breach may happen through these domain as well if we bypass all the listed domains from steering traffic, since a few are not restricted for enterprised-used.

Has anyone successfully configured DLP policies for Adoble solutions?
Ideally we would like to find a way to allow these domains for Adobe certification executable only, while still monitor possible file sharing or sensitive design files leakage scenarios.

-AW


1 reply

Userlevel 2
Badge +11

@AllenWu - Very good question, so far we also had issues performing SSL inspection on adobe traffic due to their stringent security controls. Not sure if importing Netskope root and intermediate CA certs into Adobe applications will establish trust which should help in performing SSL inspection so DLP policies can be applied. This is something you can check with Netskope support or Technical account manager to see if its possible or if there is any other solution.

 

You can create certificate pinned apps for adobe processes (.exe) and then bypass certain domains from Netskope inspection to make it work, this way other activities related to adobe domains are still monitored. Please review below links to see if they help.

 

https://docs.netskope.com/en/creating-a-custom-certificate-pinned-application.html

https://docs.netskope.com/en/adding-exceptions.html 

 

Thanks

Reply