This section provides answers to frequently asked questions about Data Loss Prevention (DLP) feature of Cloud Web Security service.
- What is DLP?
Data Loss Prevention (also known as Data Leak Prevention) detects potential data breaches or data ex-filtration transmissions.
- Which requests are not supported by Cloud Web Security DLP?
Domains that are subject to an SSL Exception or included in your PAC (Proxy Auto-Configuration) file will not be analyzed by DLP.
- What file types can be scanned by Cloud Web Security DLP?
Cloud Web Security can inspect all file types. The file types to be inspected can be defined in each DLP rule. The file type is identified by Media/MIME type, magic number, and file extension. Certain file types such as images cannot be scanned by DLP.
- Are there any size limits with Cloud Web Security DLP?
In the DLP policy, there is a maximum file size that can be defined in the DLP rule for file uploads. The maximum supported file size defined is currently set at 5 GB.
Table 1. Minimum Supported Content Sizes User Input File Input 1024 Bytes 5120 Bytes - Does Cloud Web Security DLP work with zip files and encrypted zip files?
Yes, DLP will extract and scan the file contained within the zip. For encrypted zip files, users will be prompted to enter the password.
- I am uploading some test data, why is Cloud Web Security DLP not detecting the data leakage?
A common cause of reports is the use of artificially generated data when testing DLP functionality. We did a lot of research to ensure DLP does not detect items that merely look like what is being searched for. Therefore, artificial test data is often not real enough for us to detect.
For example, we are sometimes contacted for failing to detect test credit card numbers. This is typically due to the artificial card numbers having invalid check digits, the start digits being invalid or the spacing being incorrect for the brand of card.
- How do the DLP files get scanned? Is it all kept in RAM or is it written to disk at all?
The DLP scanning happens inside a short lived/single use container which is locked down to have minimal access to the main VM and no network etc., The file is briefly written to disk so that the file system inside the container can get to the file (and only that file). It is deleted as soon as the scan completes along with the entire container's file system, usually within a few seconds.