Protecting the data of an organization is a complex task. Data is the crown jewel of any organization which the adversaries continuously seek to get their hands on. Data is threatened both by external attackers and internal threats. Sometimes the threats are malicious, and in many cases, they are accidental. Both these cases have to be addressed by modern enterprise security departments.
In the demo linked below, we will show you the new data leakage prevention (DLP) integration between two security solutions, Netskope and Mimecast, which enables security administrators to apply tight security controls to the outbound emails easily and to stop multiple data exfiltration threats.
Data Leakage Prevention has been a topic of interest of many companies. Existing endpoint DLP has always been resource-intensive on the workstation and often disrupted the end user’s work. With the shift to the cloud, we have many other ways to detect insider threats and prevent the bad guys from exfiltrating sensitive data such as PII, CC, and PHI outside the organization’s perimeter.
Netskope redefines the inspections providing multiple security controls helping the user to define and implement hardened policies that are managed from one central location. Netskope DLP is already doing a fantastic job with SaaS applications, inline Secure Web Gateway (SWG) inspection, and HTTP-based protocols. However, many customers have to face the challenge of gaining control when it comes to email protocols, such as SMTP and getting the same level of DLP.
By enabling Netskope and Mimecast integration, users can now define one DLP policy for HTTP-based protocols and email, configuring it from a central place. Users also have one source of truth for email, web, and SaaS apps DLP-related alerts.
Netskope and Mimecast integration allow administrators to choose one of two routes. With the first route, email first goes through DLP inspection by Netskope using the existing Netskope policy, marked with the corresponding threat score, and then forwarded to Mimecast for additional email security inspections before being sent to the recipient or returned to the sender in case of violation.
With the second route, email is sent to Mimecast first, inspected for email security there, and is then forwarded to Netskope for DLP policy inspection and marking. This flexibility allows administrators to choose the path most appropriate to their organization.
Netskope provides 99.999% SLA service to their customers, which with appropriate timeouts, retries and fallback mechanisms configured on both Netskope and Mimecast systems enables administrators to assure email delivery securely without interruptions.
In the demo, we observe that an email that violated DLP policy has been rejected with the detailed explanatory message for the rejection reasoning. The configuration of the integration is straightforward, and you will see that there is no significant delay introduced in sending the email out to the recipient; the entire inspection flow takes around 20 to 30 seconds which is not significant for the vast majority of the organization’s emails.
During the demo you will also see how Netskope email DLP really shines in regard to their OCR capabilities. Netskope is capable of detecting DLP violation events based on image attachments of screenshot with PII data that was included in the sent email. In the demo, Netskope DLP immediately identified the incident, and the email bounced back with the warning and corresponding alert that appeared on the Netskope dashboard.
In order to enable the functionality, Netskope customers will need to add additional licenses. However, we have also seen the new CTI capabilities for IOC sharing between Netskope, Mimecast, and Crowdstrike, and these are included for any Netskope tenant as complementary features.
Netskope is working on extending the partnership with many other technology partners for the IOC exchange and email DLP capabilities.
If you’d like to see the full demo, you can view it here.
Originally published by Security Architecture
