DLP Scanning

Updated 4 years ago by admin

The Cloud Application Security product supports enhanced Data Loss Prevention (DLP) when operating in API Mode. DLP can be used to detect potential data leakage and data exfiltration, by scanning the content of files uploaded and modified within connected third-party cloud storage services. The DLP Scanning feature has a number of predefined dictionaries for ease of use, and also supports custom keyword patterns.

To utilise DLP Scanning, you will first need to connect at least one of the supported cloud storage apps by configuring an API integration.
DLP Scanning requires access to file content. If DLP Scanning is enabled, the CASB product will download any newly uploaded or modified files, scan them, and highlight any DLP violations in the Cloud Activity (API) report. Once scanning is complete, the file is deleted. The file is downloaded using the credentials the administrator user that you used as part of the API integration process. This will appear as an event within the third-party cloud storage service.

To enable DLP Scanning visit your USS Dashboard, and click ProductsCloud Application SecurityDLP Scanning.

Ensure that the DLP Scanning: toggle is set to to reveal the available DLP Scanning options.

General

Personal Identifiable Information

Scan for various numbers that can be used to personally identify someone. The following table shows the numbers that are supported and the country formats recognised for each.

Passport numbers

Social Security numbers

ID Card numbers

Driving License numbers

Tax ID numbers

Health Insurance numbers

China (mainland)

Austria

United Arab Emirates

Germany

Australia

Australia

Germany

Canada

Albania

United Kingdom

Bulgaria

United Kingdom

Finland

Cyprus

Belgium

Italy

Brazil

European Union

France

Germany

Bulgaria

Korea

Spain

Korea

United Kingdom

Spain

Brazil

International

Hong Kong

France

Chile

Italy

Ireland

Switzerland

China (mainland)

Peru

Japan

United Kingdom

Czech Republic

Poland

Korea

Greece

Germany

United States

Macao

Hungary

Denmark

Norway

Ireland

Estonia

Japan

Finland

Korea

France

Luxembourg

Hong Kong

Netherlands

Croatia

Poland

Indonesia

Romania

Isreal

Russia

India

Taiwan

Iceland

United States

Italy

Kazakhstan

Lithuania

Latvia

Macao

Norway

Peru

Poland

Portugal

Sweden

Singapore

Thailand

Turkey

Taiwan

Yugoslavia

South Africa

Include e-mail addresses

Scan content for valid email addresses (e.g. user@domain.com)

Include IPv4 IP addresses

Scan content for IPv4 IP addresses (e.g. 192.168.0.1)

Include IPv6 IP addresses

Scan content for IPv6 IP address formats (e.g. f06:0:0:0:0:0:0:c3 or ff06::c3)

Include MAC addresses

Scan content for MAC addresses (e.g. 01:23:45:67:89:AB or 12-34-56-78-9A-BC)

Intellectual Property

Scan content against a dictionary of terms relating to intellectual property (e.g. "patent")

Confidential Information

Scan content against a dictionary of terms relating to confidential material (e.g. "secret", "confidential")

Indicators of Insider Risk

Scan content against a dictionary of terms relating to insider risk (e.g. terms employees may use to indicate discontent or frustration)

PCI

Payment Card Industry (PCI)

Scan content for patterns used for PCI Compliance (e.g. credit card numbers, IBAN numbers, SWIFT codes). The following credit cards are supported:

Card name

Description

Mastercard

Internationally recognised credit card

Visa

Internationally recognised credit card

American Express

The American Express Company, also known as AMEX

JCB

Credit card company based in Tokyo, Japan

Diners

Diners Club Card International (DCI), founded as Diners Club

Discover

The Discover Card is a credit card, issued primarily in the United States

MIR

Payment system established by the Central Bank of Russia

Maestro

Multi-national debit card service, owned by Mastercard

China UnionPay

China UnionPay, also known by its abbreviation CUP, is a Chinese financial services corporation

Carte Blance

Carte Blance is a Diners Club cardraven

Include credit card numbers with expiry

Scan content for credit card numbers with an associated expiry date (e.g. 01/19)

IBAN patterns

Scan content for IBAN number formats (e.g. WBK60161331926819)

Include postal addresses

Scan content for addresses and postal codes (US format only)

HIPAA

Health Insurance Portability & Accountability Act (HIPAA)

Scan content for patterns used for HIPAA Compliance (e.g. FDA-recognised prescription drugs).

Include ICD-9 dataset

The International Statistical Classification of Diseases and Related Health Problems (commonly known as the ICD) provides alpha-numeric codes to classify diseases and a wide variety of signs, symptoms, abnormal findings, complaints, social circumstances and external causes of injury or disease

Include ICD-10 dataset

The ICD-10-CM diagnosis classification system developed by the Centers for Disease Control and Prevention for use in all U.S. health care treatment settings. Diagnosis coding under this system uses a different number of digits and some other changes, but the format is very similar to ICD-9-CM.

Include FDA pharmaceutical companies

Scan content against a list of FDA-approved pharmaceutical company names

Keyword Lists

Select from any user-defined Keyword Lists to use.

The Keyword List must be configured to match content against "Any" or "DLP Content (API)" for use by the DLP Scanner.

The DLP Scanner will attempt to match any of the patterns in the Keyword List with the scanned content.

In the example below, the "Allergies" keyword list contains the pattern "peanut".

Selecting this Keyword List for the DLP Scanner to use will ensure the keyword "peanut" is detected in any uploaded or changed files.

Settings

Maximum Image Size

The maximum size a file can be, in megabytes, for it to be scanned. Events containing files over this size will be logged but not scanned. The maximum possible size for this setting is 100 Mb.

How did we do?