Anyone using the new SMTP DLP functionality? If you are, how are you doing your alerting to users about blocking/intercepting emails?
Answer
SMTP DLP
+12Best answer by sshiflett
The Netskope SMTP DLP functionality leverages an SMTP proxy and integrates with Office365, Gmail, or your MTA to perform alerting and user education. When Netskope DLP detects a violation, we take the administrator specified action which is usually inserting a header. You then configure Office365 or your MTA to take action based on this header. The alerting can either come from a Netskope email alert that's triggered when the policy hits(screenshot below) or the MTA can alert the user when they take action. The latter will be dependent on the MTA provider but if you have a specific one in mind I can check if we have a sample configuration.
-Ryan
This topic has been closed for replies.
The Netskope SMTP DLP functionality leverages an SMTP proxy and integrates with Office365, Gmail, or your MTA to perform alerting and user education. When Netskope DLP detects a violation, we take the administrator specified action which is usually inserting a header. You then configure Office365 or your MTA to take action based on this header. The alerting can either come from a Netskope email alert that's triggered when the policy hits(screenshot below) or the MTA can alert the user when they take action. The latter will be dependent on the MTA provider but if you have a specific one in mind I can check if we have a sample configuration.
Sam Shiflett | Netskope Solution Architect - North America
+12Here is a demo I recorded of the Email DLP workflow for O365 Exchange https://resources.netskope.com/products-capabilities-data-protection/demo-email-dlp
As @sshiflett shared, the native support without an MTA relies on an email notification.
We have had requests for real-time user notifications and coaching pages. The SMTP proxy mechanism makes real-time pop-up notifications and coaching more difficult given that often times email is not consumed via a browser or even via a device that is steering Netskope traffic. The beauty of this approach is that it covers all ways email is accessed. It is just that the out-of-band nature of the approach makes real-time notifications difficult.
We will continue to look at ways to better incorporate additional notification mechanisms including leveraging the fact that you have a Netskope client.
+12Thanks Bob. My issue with utilizing the netskope related alerts is they really lack in information to an end user. There's very little customizability in the notification with respect to email variables (subject, sender, recipient, action) and I'm currently exploring other options for notification to end users via our mailflow products since Microsoft isn't exactly helpful either in this case.
+7Hi @sshiflett I am in the process of configuring SMTP Proxy for one my client with Proofpoint as their MTA and am looking to see a sample configuration that you may have handy, Thanks!
+12when you go into smtp it should give you a forwarding endpoint like nsegw-hhamza.goskope.com and that's where you tell proofpoint or O365 or whereever your email is originally coming from. Then in the goskope portal you'd do something in the screenshot attached. It's important to know that someone on the backend will have to enable having custom MSA option selected as default is only M365 and Google.
-Ryan
Sign up
Already have an account? Login
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Login to the community
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.