Netskope Global Technical Success (GTS)
How to block Password Protected files via Netskope DLP
Netskope Cloud Version - 119
Objective
How to block Password Protected files via Netskope DLP
Prerequisite
Netskope SWG and DLP license is required
Context
Password-protected files can threaten organizations through insider risks, data loss, ransomware, compliance issues, shadow IT, malware concealment, collaboration barriers, forensic challenges, and key management problems. They may create a false sense of security while potentially hiding malicious activities or impeding legitimate business processes.
Do You Know?
- Netskope DLP will not be able to analyze the contents of a password protected file.
- Instead we can detect if a file it's password-protected and apply an action to it such as Alert, Block, etc
Configuration
- Create a Real-time protection policy
Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy >>> DLP
- Netskope provides a pre-defined DLP profile to detect Password Protected files
Verification
When the end user tries to upload a password protected file in Gdrive, they get a Pop Up from Netskope client that the activity is blocked.
Recommendations
- Consider setting the policy to “Alert” before “block” to monitor the impact
- Exceptions can be made based on User/Project Justification.
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
