Skip to main content

AD_4nXfhgQn87puFCq6vmbECHWHV6xcCYgrqITgHmAjCsPINY4y5Pc2ff1UaYAkFcOKHc27PE8OGWfZb6zIqwFDZ7URoP_dMOK3dnX5Aw0VJfo1L3_BnUfWUnNdAdYGnJfwl0khPyKt66A?key=hMgoEUuYjuoRK_Ly4SKK5eMj

Netskope Global Technical Success (GTS)

Shielding Sensitive Data: Blocking Watermarked Document Uploads on Grammarly Web App with DLP Controls

 

Netskope Cloud Version - 122

Objective

Implement DLP Controls on Grammarly to Prevent the Upload of organization watermarked Documents.

 

Prerequisite

Netskope CASB license is required

 

Context

This document provides detailed guidance on implementing DLP controls using a custom DLP profile to prevent the upload of sensitive, watermarked organizational documents to the Grammarly Web App.

 

Do You Know?

  • Netskope acknowledges Grammarly as a Cloud Application and provides a pre-defined cloud app connector.
  • As of Dec 17, 2024 with Netskope’s Predefined connector, Customers can exercise following activities on Grammarly Web Application.

AD_4nXf4YtPDvRe7teMdI2AITBeR4gbSxWOjP4lcgSCO3p-T1Jo19nnwMjFzIddKBuuiQr692oSn0gQuvA8mbWs6wiilbtk__eBi3wLLk5cOxIh5zPXzGeB8H8f7HjS1xn-jjSWkpKKDfg?key=hMgoEUuYjuoRK_Ly4SKK5eMj

 

Lab Recreate

  • In this scenario, we are using a data sample of documents containing the organization's watermark. For example, the company enforces a policy that designates all watermarked documents as sensitive, and such documents must not be uploaded to Grammarly.
  • Consider organization watermark expressions as oCompany Name(ABC)-Document first 4 letters-Document Code]. In this case, the regular expression will be like ABC-kA-Za-z]{4}-\d{4}
  • We will create a custom DLP Profile for this Use case.
  • To create Custom DLP Profile, The Order is as follows:
  1. Create Custom Data Identifier
  2. Add the Data Identifier to newly created custom DLP Rule
  3. Add the DLP Rule to DLP Profile

 

  • Step 1: Let us start creating a Custom Data Identifier for the regular expression: ABC-oA-Za-z]{4}-\d{4}

Path: Netskope Tenant UI >>> Policies >>> DLP >>> Edit Rules >>> Data Loss Prevention >>> Entities >>> New Entity

AD_4nXcdk0di-MA5lx_e7V8aeYbAKlU7HpcNMhG39CTGjodV6D40B7teK6d18BheVuYlqyVsLN9P73N-6eylaq3SJf9FjOn78SQRg9U1e_7W3fsb9oh-axIjOiVBQTE8CCsrxWKpI_rVpw?key=hMgoEUuYjuoRK_Ly4SKK5eMj

You can also validate the regex by clicking on ‘Validate Regex’ and reviewing the expression.

 

AD_4nXfoqgqq2k_197bWSwBBFkaz9V15uqrrT31-golhr4Wr6ei_SV7jBcQ6UajG7JZEuES8dShaxYf4g1Fwrns5JWhGJM5l9qR537spWTJOpo5uQmelxhPt_e3os0Fm7b_wscDxrTpFdg?key=hMgoEUuYjuoRK_Ly4SKK5eMj

 

  • Step 2: Now, add this identifier to a Custom DLP Rule like below:

Path: Netskope Tenant UI >>> Policies >>> DLP >>> Edit Rules >>> Data Loss Prevention >>> Rules >>> New Rule

Now add the above created Entity to DLP Rule like below:

AD_4nXcHirSNIiurTrUIyAtkRSFNgcFfV5vqKRqV14Bvorzmomod6Lvx0-oTH-XP0TFqvSAtFuq60jKDR99bY5rghpHM2mnm_pVMvNgexU73V5RYayJ90Oe-0NZ52jVFv_UweHR9zX41IQ?key=hMgoEUuYjuoRK_Ly4SKK5eMj


 

The DLP rule will appear as shown below after configuring the identifiers, selecting the appropriate scan section, and setting the threshold level based on business requirements.

AD_4nXdRpo7LeOKuIG9RT4iq9Y_Md6fZb6cN7rwOLdDu_weGSqnGvpC07hJZfkyoldlOMESSqo8U2-wDsv0TOPeB-VM_JLyfZcJSYxUG7LNfrWiBPg1KN01qNZwiZI11x_gsy_YxOj9R3g?key=hMgoEUuYjuoRK_Ly4SKK5eMj

 

  • Step 3: Add the above created DLP Rule to DLP Profile and set the Profile Name:

Path: Netskope Tenant UI >>> Policies >>> DLP >>> New profile

AD_4nXd1rW7vQAX3UUd18QITYRPUKYCwXYGQ6gxANxp-xxX4WXy4R0HJggCkJ3kUlTHLH6D16Ivt21VFLk2jCzNOsYrnwaVGgg2NcPKtzcVh3cOvn4gTXzYOJ4kzymdGnZ3bWV3HgIhfTQ?key=hMgoEUuYjuoRK_Ly4SKK5eMj

 

  • Step 4: Create a Real-Time Protection Policy and associate the previously created custom DLP profile with the policy as shown:

AD_4nXcFuBfGS_NJCxTKm_-cx0josgTXGdoLM7nrjUGWGui4Hzk35-JCNFwC8rRAhmUbdwlouAgCs1CzkhPjHJ5g_ZBxhh0BPpQV1obLmXmh23ML3nMFTkrm0FLMHyNWEJOEV7WTtIMQ?key=hMgoEUuYjuoRK_Ly4SKK5eMj

Verification

  • The end-user attempted to upload a document containing the organization's watermark to the Grammarly Web App and received the following message.

AD_4nXc9dO7Moz2h8ZqUvNrSh6kzNPshLkCy-W5Pd8WKxhvnYgbwXqedw7OehRox8kk1sobqHcam9eO1LrgSR06F43F3V1rDyaeGshAwxQpWWC-XjF9aO8F6uA_NRY9rYZeUjWgLBnDD?key=hMgoEUuYjuoRK_Ly4SKK5eMj

 

You may verify the Policy Hit as below:

AD_4nXc39_lJmfc2NfmJak9HEJvau88fns8wSwnMIFcIxlaioh9TKLoLkHf7L9Y1dKj17GtEwKz5TQSubjmyfJzhWNZqGTh-9JhNHE48nZqxHtki_gelrQ7pSkRUtkh0df4AYh8-Yi_8?key=hMgoEUuYjuoRK_Ly4SKK5eMj

 

You may also verify the DLP Incidents from

Path: Netskope Tenant UI >>> Incidents >>> DLP 

AD_4nXeNtS3bDI-2-aTVgobBipB_I5ZJAgH-yfYuM7r0Czt0eKmj3P9v1dbXZNwW4FfE1aUww8glJoBCdpIhNxhnsF1CKZ7PqaCmQqY5nh-i9LzgMvQiMbuJlh-yGeCZrpvBFV9nNUNo?key=hMgoEUuYjuoRK_Ly4SKK5eMj

 

You may find the DLP Incident details as below containing the Object Name, Object Type, Violated data properties like below:

AD_4nXeCAUmk_dcJ9RLvAqTnVHuXNUsQLc2FWD0TMfo4YWPet3uuM7Zpg9Eq2GteoxMD1sYPPIasPzO8jCJmgCclpWl08UcHdPPhf954eGjjxrXvLB-ayOC3xv3xvfISg2m_V_A55US2Eg?key=hMgoEUuYjuoRK_Ly4SKK5eMj

 

Terms and Condition

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.