This sections provides answers to frequently asked questions about Cloud Web Security's Data Loss Prevention (DLP) feature.

  1. What is DLP?

    Data Loss Prevention (also known as Data Leak Prevention) detects potential data breaches or data ex-filtration transmissions.

  2. Which requests are not supported by Cloud Web Security DLP?

    Domains that are subject to an SSL Exception or included in your PAC (Proxy Auto-Configuration) file will not be analyzed by DLP.

  3. What file types can be scanned by Cloud Web Security DLP?

    Cloud Web Security can inspect all file types. The file types to be inspected can be defined in each DLP rule. The file type is identified by Media/MIME type, magic number, and file extension. Certain file types such as images cannot be scanned by DLP.

  4. Are there any size limits with Cloud Web Security DLP?

    In the DLP policy, there is a maximum file size that can be defined in the DLP rule for file uploads. The maximum supported file size defined is currently set at 5 GB.

    Table 1. Mimimum Supported Content Sizes
    User Input File Input
    1024 Bytes 5120 Bytes
  5. Does Cloud Web Security DLP work with zip files and encrypted zip files?

    Yes, DLP will extract and scan the file contained within the zip. For encrypted zip files, the user will be prompted to enter the password.

  6. I am uploading some test data, why is Cloud Web Security DLP not detecting the data leakage?

    A common cause of reports is the use of artificially generated data when testing DLP functionality. We did a lot of research to ensure DLP does not detect items that merely look like what is being searched for. Therefore, artificial test data is often not real enough for us to detect.

    For example, we are sometimes contacted for failing to detect test credit card numbers. This is typically due to the artificial card numbers having invalid check digits, the start digits being invalid or the spacing being incorrect for the brand of card.