In case you missed the latest webinar in our Inside Netskope series—where Netskope experts show you how we protect our users, applications, and data using our own cloud-based architecture—a recording and recap of our recent session on Effective Allowlisting with Netskope DLP can be found below. Feel free to comment and continue the discussion!
Watch on-demand 
Q: Is advanced DLP techniques a new licensing?
A: Exact Data Match and Fingerprinting are both included in the Advanced DLP license, so you only need ADLP to use these features.
Q: Can you share some of the most prevalent DLP use cases that you've encountered? This will help us close any gaps that we may have overlooked.
A: DLP policies are rarely a "set and forget". It's always a continuous learning and adjusting as our technology adjusts, as document formatting changes, etc. The only consistent is change, so we always go back and tune them as needed. Common use cases for Inline DLP include:
1.) Block encrypted zip files with data in motion via Webmail 2.) Prevent data leakage through Cloud Applications using Fingerprinted file 3.) Prevent data leakage through personal webmail 4.) Block data leakage when data movement to Cloud Storage category 5.) Block source code upload to high-risk app 6.) Block upload of names with hidden SSNs (PII) data to high-risk app 7.) Block upload of confidential document to high-risk app 8.) Allow PII upload to corporate OneDrive instance and block the same to other Cloud Storage category 9.) Block data exfiltration from Unmanaged Device Access 10.) Protecting unsanctioned AWS S3 bucket sync with DLP
Q: Does the process also apply for Endpoint Protection - DLP on USB devices?
A: The process can certainly be similar since you can have authorized devices to write so you can make all others read-only.
Q: On email DLP, can I whitelist an Email address of a reporting system?
A: Yes, you certainly can!
Q: Does Netskope have Policy free visibility?
A: Yes, we do have policy free visibility!
Q: Any design consideration inline with the MITTRE ATTCK frame work to automatically detect anomalies?
A: Yes! Check out this white paper on “How the Netskope Platform can assist with MITRE ATT&CK”.
Q: How impactful are large custom categories on user web browsing experience (backend processing times/latency)?
A: Great question! Most of our custom categories are not very large. We've set up a few large custom categories for testing and it did not have a significant impact on the user experience. If you have Professional DEM, you can look at specific users and what their endpoints are doing by viewing how long it takes to get through the Netskope platform before it got out to the application that you are trying to access. This is a great way to see if your policies are affecting your users' performance.
Q: How can Netskope help us achieving compliance with NIS2 and DORA?
A: Our privacy team has been working on mappings for a number of compliance frameworks. Check out our Compliance Guides for more information on NIS2 and DORA.
Q: What are some best practice methods of leveraging Allowlisting to curb the amount of false positives that are generated using predefine identifiers in Netskope for DLP?
A: The presentation covers a large amount of best practices! Understanding what is appropriate for your organization and then working backwards from there is a great way to build this out. You can also explore advanced techniques, like exact data matching, if you are searching for options outside of the predefined identifiers/ categories of Netskope. We offer a lot of detection techniques that can be customized or tailored to our customers' requirements.
Q: Can you share DLP Best Practices for smaller organizations?
A: The policy building that we shared during the presentation is a great building tool! The great thing about smaller organizations is the ability to better understand what's happening because there are not as many departments and workflows that DLP can sometimes interrupt if you don't understand what the business process is.
Q: How to configure /monitor Google Workspace from Netskope?
A: Great question! We utilize Google Workspace so we have a number of DLP rules in place, like the shares and constraints discussed during the webinar.
Q: Will Netskope implement custom URLs using regex and plain web syntax in the future (at the moment, it is necessary to use them separately)?
A: Not at this time.
Q: Can we block emails which have PII data with Netskope DLP?
A: Absolutely, we actually utilize this internally! Netskope has a SMTP DLP solution so we route all of our emails through inspection via the tenant which is a strength because we only configure DLP rules in one place and apply them to different areas.
Q: How to use global identifiers in DLP rule expressions?
A: In the Netskope platform, Global Identifiers are a feature that allows you to reference specific data elements within a field or file name. You can use them in DLP (Data Loss Prevention) rule expressions using the "$" symbol followed by the identifier. For example: If you have a global ID named "Social Security Number" you can reference it in a DLP rule expression like this: ${Social Security Number} This will allow Netskope to extract and mask Social Security Numbers from files or email content being scanned.
Q: DLP - ability to mark things as False Positive? Automatic regex?
A: There will be the ability to submit false positives in Predefined File Classifiers in an upcoming release.
Q:Are there any integrations between Vanta and Netskope to automate compliance check for some security controls?
A: Currently there are not any. If enough customers want/need it we can get a request for the Cloud Exchange team to scope it and get it in the pipeline.
Q: Is OCR on the roadmap?
A: OCR is already in the product for DLP.
Q: Is it possible to use quarantine action with DLP Rule
A: Yes
Q: Can you also use Negate on a dictionary? Everything except what is in the file?
A: For the use case of triggering for all the words except few, this will put in excessive load on the DLP Engine and is not recommended. The most effective way is to look for selective words on a huge dataset rather than the other way around.
Q: Can you do wildcard as well?
A: Yes, we have a particular policy for some edge use cases where we want to see everything happening so it's essentially a wildcard. It's a DLP policy without a profile applied to it.
Q: How to detect if company email is being used to signup/login to some random software/stuff by users?
A: Yes, this use case is possible, but this does not fall under the DLP use case since setting up such alerts will trigger excessive false positives. You can use Regular Expressions or Dictionaries to look out for text like 'Thank you for signing up' but will always have to keep in mind this may trigger a good number of False Positives.
Some responses above contain roadmap items. These are intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Netskope’s products remains at the sole discretion of Netskope