ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CloudSOC fails to send data to Data Loss Prevention

book

Article ID: 172466

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced Data Loss Prevention Cloud Package

Issue/Introduction

Confirmed in traffic analysis that CloudSOC is contacting Data Loss Prevention (DLP) when clicking Connect in the Tenant and found that CloudSOC displayed issues when DLP Services were turned off.

Tested Content IQ (CIQ) Policy, configured to target keywords and confirmed content is being scanned; however, traffic analysis displayed the data failed to send DLP.

Tenant Banner displayed: We are not able to connect to the specified host. Please try again after sometime.

Cause

Confirmed CloudSOC was unable to communicate with the DLP content servers, for DLP support for ICAP is limited to on-prem components such as network devices and file servers, so ICAP is not supported for the Cloud in this particular scenario for use with Cloud applications.

Resolution

Confirmed that Securlets use a dynamic range to IPs from Amazon to be able to provide an elastic infrastructure that scales with the customers; therefore, fixed IP ranges are not supported.

  • Symantec/CloudSOC is unable to support ICAP for cloud

Note: The Gateway IP document outlining IP whitelisting is not a correct source of reference for the Securlets for it was written for Gateway IP segment of the Tenant.

Symantec recommends and supports REST API based integration between DLP (Enforce) and CASB.