SMTP DLP

rfletcher · ‎05-24-2021

Anyone using the new SMTP DLP functionality? If you are, how are you doing your alerting to users about blocking/intercepting emails?

-Ryan

sshiflett · ‎05-24-2021

The Netskope SMTP DLP functionality leverages an SMTP proxy and integrates with Office365, Gmail, or your MTA to perform alerting and user education. When Netskope DLP detects a violation, we take the administrator specified action which is usually inserting a header. You then configure Office365 or your MTA to take action based on this header. The alerting can either come from a Netskope email alert that's triggered when the policy hits(screenshot below) or the MTA can alert the user when they take action. The latter will be dependent on the MTA provider but if you have a specific one in mind I can check if we have a sample configuration.

Sam Shiflett
Netskope Solution Architect - North America

View solution in original post

sshiflett · ‎05-24-2021

The Netskope SMTP DLP functionality leverages an SMTP proxy and integrates with Office365, Gmail, or your MTA to perform alerting and user education. When Netskope DLP detects a violation, we take the administrator specified action which is usually inserting a header. You then configure Office365 or your MTA to take action based on this header. The alerting can either come from a Netskope email alert that's triggered when the policy hits(screenshot below) or the MTA can alert the user when they take action. The latter will be dependent on the MTA provider but if you have a specific one in mind I can check if we have a sample configuration.

Sam Shiflett
Netskope Solution Architect - North America

hhamza · ‎10-29-2023

Hi @sshiflett I am in the process of configuring SMTP Proxy for one my client with Proofpoint as their MTA and am looking to see a sample configuration that you may have handy, Thanks!

rfletcher · ‎10-30-2023

are you looking for a policy sample or a smtp configuration sample?

-Ryan

hhamza · ‎10-30-2023

@rfletcher smtp config sample please 😊

rfletcher · ‎10-31-2023

when you go into smtp it should give you a forwarding endpoint like nsegw-hhamza.goskope.com and that's where you tell proofpoint or O365 or whereever your email is originally coming from. Then in the goskope portal you'd do something in the screenshot attached. It's important to know that someone on the backend will have to enable having custom MSA option selected as default is only M365 and Google.

-Ryan

bob · ‎05-24-2021

Here is a demo I recorded of the Email DLP workflow for O365 Exchange https://resources.netskope.com/products-capabilities-data-protection/demo-email-dlp

As @sshiflett shared, the native support without an MTA relies on an email notification.

We have had requests for real-time user notifications and coaching pages. The SMTP proxy mechanism makes real-time pop-up notifications and coaching more difficult given that often times email is not consumed via a browser or even via a device that is steering Netskope traffic. The beauty of this approach is that it covers all ways email is accessed. It is just that the out-of-band nature of the approach makes real-time notifications difficult.

We will continue to look at ways to better incorporate additional notification mechanisms including leveraging the fact that you have a Netskope client.

rfletcher · ‎05-25-2021

Thanks Bob. My issue with utilizing the netskope related alerts is they really lack in information to an end user. There's very little customizability in the notification with respect to email variables (subject, sender, recipient, action) and I'm currently exploring other options for notification to end users via our mailflow products since Microsoft isn't exactly helpful either in this case.

-Ryan