Netskope Global Technical Success (GTS)
Implement DLP Controls for WhatsApp Web using Netskope RBI
Netskope Cloud Version - 119
Objective
Implement DLP Controls for WhatsApp Web using Netskope RBI
Prerequisite
- Netskope CASB Inline
- Netskope Extended RBI (Remote Browser Isolation)
- Backend Flag - ‘E2E Encrypted Apps: Inspection Through RBI’ needs to be enabled on your Netskope Tenant.
Context
This document aims to provide a comprehensive guide on implementing DLP controls for WhatsApp Web using Netskope RBI
Do You Know?
WhatsApp can be accessed via a web browser or through its native application.
WhatsApp Web
- Netskope acknowledges WhatsApp web as a Cloud Application and provides a pre-defined cloud app connector.
- As of Sep 21, 2024 with Netskope’s WhatsApp predefined connector, customers can exercise control over the following activities:
- WhatsApp Web employs end-to-end encryption by default for all activities.
- At the moment, 'Post' activity detection is not available, which means no DLP & Threat control can be applied when a customer posts a message over WhatsApp Web.
WhatsApp Native Application
- The WhatsApp Windows native app utilizes a non-HTTP protocol for all activities, which means we do not support activity detection for this application.
Details
- Step 1: Create a RBI Template
Path: Netskope Tenant UI >>> Policies >>> Templates >>> RBI >>> New Template
- Step 2: Create a Real-time Protection Policy (DLP Policy)
a. For this lab recreation, I will utilize a custom DLP profile along with a predefined rule to detect PAN card numbers
b. Test file - attached
Path: Netskope Tenant UI >>> Policies >>> New Policy
- Step 3: Add another Real-time Protection Policy (RBI Policy)
a. Browser supports ‘Action: Isolate’
Chrome, Firefox, Edge, Opera, Safari, Yandex
Path: Netskope Tenant UI >>> Policies >>> New Policy
- Policy Order
Verification
- Access WhatsApp Web - https://web.whatsapp.com
- The Netskope logo will be displayed while loading https://web.whatsapp.com, indicating that Netskope RBI is in action.
- Upload a file which violates DLP policy (Test file - attached)
Note - User Notification format used above Link
- Let’s review the transactions
Path: Netskope Tenant UI >>> Skope IT >>> Application Events
Author Notes
- With the current product design 'Post' activity detection is not available.
- DLP can only be applied to the WhatsApp Web version, covering Upload and Download activities.
- End-to-end traffic encryption can only be decrypted through Netskope RBI (Remote Browser Isolation). While other platforms also use end-to-end encryption, DLP (Upload and Download activities) is exclusively available for WhatsApp Web with the current product design.
- Please note that there is a separate SKU for Netskope RBI. For more information about the SKU, please contact your Netskope Accounts Team.
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- Netskope Engineering is continuously working on product enhancements. In the future, additional controls may become available to address some of the limitations mentioned earlier. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
What to Read Next? | |
|---|---|
| All about - ‘WhatsApp’ | Link |
| Limitations with Signal Application | Link |
| Limitations with Telegram (Web Access & Native App) | Link |