Can Data Loss Prevention be integrated with CloudSOC?

book

Article ID: 170997

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced Data Loss Prevention Cloud Package

Issue/Introduction

Can CloudSOC can be configured to work with Data Loss Prevention (DLP) cloud.

Resolution

CloudSOC can be configured to refer files to the Symantec Data Loss Prevention (DLP) Cloud service for content inspection and remediation. When so configured, Symantec DLP blocks or remediates content-related policy breaches, often in real time.

Combining Symantec DLP Cloud and CloudSOC lets you leverage the Symantec DLP Enforce policies to cover the cloud as well. These policies protect your email, web, endpoint, and storage resources. Your incident response teams can use your existing Symantec DLP Enforce management console to address cloud-related incidents, with rich contextual data from CloudSOC CASB.

This solution does not require that data be transferred from cloud services to an on-premises DLP appliance. Instead, the files and documents are scanned while in the cloud, reducing latency and network traffic.

Once you enable Symantec DLP Cloud as your content inspection solution, the CloudSOC Protect app no longer supports ContentIQ profiles for policies of type Data Exposure by Securlets and File Transfer by Gatelets. Instead, you use Symantec DLP for all content-related policies.

When you create new Protect policies of type Data Exposure by Securlets or File Transfer by Gatelets, the Content Inspection area shows you a message that directs you to Symantec Cloud DLP to configure content inspection, as shown here. 

For policies without content inspection features, you continue to create and manage CloudSOC Protect policies as before. 

Attachments