In the below impacted versions, the WHERE clause with multiple values in a profiled DGM condition (where an EDM profile is used as a user group in a sender/recipient condition) can have missed detections.
Versions Impacted:
Versions that are not impacted:
Important: It does not impact DLP policies using the generic EDM profiles.
Impacted versions of DLP are incorrectly parsing WHERE clauses with multiple values.
DLP customers can create a policy using a profiled DGM condition to detect records that meet a specific criteria such as:
If a corporate employee is sending a sensitive email to partner Partner.com, but the employee is a member of an unauthorized Business Unit such as HR, Engineering, or Legal, then you want to block the email.
Employees in those groups have no business sending sensitive email to Partner.com.
Below is a screenshot of the policy configuration in the UI
Note: This only impacts the values in the WHERE clause of the rule and not the EDM itself.
For the affected versions, please download the corresponding hotfix from the Broadcom support portal.