Netskope Global Technical Success (GTS)

Detect transfer of sensitive files classified using classification tool in Netskope

Netskope Cloud Version - 122

Objective

This document outlines the steps to configure a policy in Netskope for detecting the transfer of files labeled as "Sensitive" by a classification tool.

Prerequisite

Netskope Inline SWG and DLP license is required

Context

A data classification tool is used to categorize and organize data into predefined categories based on sensitivity, value, or other characteristics. Having said that, organizations might want to create policies to safeguard their already classified sensitive documents using DLP policies created in Netskope.

This document will guide through the steps that can be followed to achieve this use case.

Lab recreate

In this lab exercise, we will configure a DLP policy to detect a file classified as “Highly Sensitive”

Classification tools embed classification tags into a document’s metadata properties. Therefore, Netskope policies must be defined specifically to identify the keyword “Highly Sensitive” within the metadata only, excluding any occurrences in other parts of the document.

Step 1 : Create a new entity with the keyword “Highly sensitive”

Path: Netskope Tenant UI >>> Policies >>> Profile >>> DLP — DLP Rule — Entities

Step 2 : Create a DLP rule including the above entity

Path: Netskope Tenant UI >>> Policies >>> Profile >>> DLP — DLP Rule — Rule New rule

Choose the data identifier created in Step 1 and click on Next until the “content” section

In the content section, choose “Metadata” only as we only want to detect the classification tag within the Metadata properties of the document. Choose severity , give name to the rule and hit save. Click on Apply changes

Step 3 : Add the DLP rule to a new profile

Path: Netskope Tenant UI >>> Policies >>> Profile >>> DLP — New profile. 

Choose the DLP rule created in Step 2, hit save and Apply changes

Step 4 : Create a Real time protection policies for destinations of your interest to detect transfer of the files tagged as Highly sensitive

Path: Netskope Tenant UI >>> Policies >>> Realtime Protection — New policy

When you try to upload  a file that has classification within the Metadata properties, it gives you a block prompt as configured in the policy

Document content and properties

Verification

Viewing the generated DLP Incidents:

Path: Netskope Tenant UI >>> Incidents - DLP

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, If any such platform changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.