This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How much a DLP will support on Central Intercept X Advanced

We had a CIXA Demo session with a customer, They have raised the below queries, 

1. All public email services (Yahoo, Gmail etc) have to block login-in and allow only the business email/Outlook. Instead of blocking individual, they need a category option where they can select and block all the unnecessary email services.

2. Any Behavioural or brute force attempt or any changes they have tried has to be monitored and administrator has to receive an alert: eg: multiple login attempt on a SQL server.

3. Whenever they are browsing over internet, their IP has to masked by the Sophos. Eg: when accessing to gogle.com, their public IP should be changed by the Sophos before reaching to google.

4. Sharing files through all public emails has to be blocked, only allow their business email/Outlook.

5. Uploading any files into FTP sites has to block.
Please advise if there are any options available.


This thread was automatically locked due to age.
Parents
  • DLP in Intercept X is not designed for these types of use cases. It's designed to prevent accidental leakage of business data by, for example, sending credit card or social security data as an email attachment.

    #1 is tricky, as Google uses the same URLs for both work and personal email. There may be methods of doing it, but they're not handled by CIXA.

    Your specific example in #2 would require security logging/auditing in SQL Server. However, other endpoint/server activity can be monitored and detected using Sophos XDR.

    #3 would be a use case for Sophos ZTNA. You'd have to confirm with your SE whether this exact behavior is possible, but I think it may be.

    #4 and #5 are beyond the scope of the DLP in CIXA. They're also beyond the current capabilities in Sophos ZTNA, but they may be possible in the future or with a third-party ZTNA solution with integrated DLP.

  • Thank you, 

    for #1, in the web policy we have options to block gmail.com, yahoo.com etc, by adding tags in web management, is there any option to allow only Office 365 emails and block all other email services. 

    #2 any application that they are using on their system where the CIXA is installed, will we get any logs if the user has done something on the application or any service? Where we can have this reports in if they have XDR license.

    #4 and #5, Even if we have added the file types in DLP , there is no option for choosing which email service to allow or block, also for FTP we don't have any control in CIXA .Please correct me if I am wrong.

  • for #1, in the web policy we have options to block gmail.com, yahoo.com etc, by adding tags in web management, is there any option to allow only Office 365 emails and block all other email services. 

    I don't know the web categories off the top of my head. Most likely, you could block the category and then allow outlook.office.com as an exception.

    #2 any application that they are using on their system where the CIXA is installed, will we get any logs if the user has done something on the application or any service? Where we can have this reports in if they have XDR license.

    A lot of information will be stored either on the device itself or in the Central data lake. However, this will typically be file, process, registry, and other system-level information. You will not typically be able to query or detect activity in SQL or other application logs.

    #4 and #5, Even if we have added the file types in DLP , there is no option for choosing which email service to allow or block, also for FTP we don't have any control in CIXA .Please correct me if I am wrong.

    Right, DLP in CIXA is not that granular. You can stop attaching files to web-based email in general, but not to specific email providers. For something like FTP, you might have better luck using Windows/macOS firewall to restrict access to FTP ports.

Reply
  • for #1, in the web policy we have options to block gmail.com, yahoo.com etc, by adding tags in web management, is there any option to allow only Office 365 emails and block all other email services. 

    I don't know the web categories off the top of my head. Most likely, you could block the category and then allow outlook.office.com as an exception.

    #2 any application that they are using on their system where the CIXA is installed, will we get any logs if the user has done something on the application or any service? Where we can have this reports in if they have XDR license.

    A lot of information will be stored either on the device itself or in the Central data lake. However, this will typically be file, process, registry, and other system-level information. You will not typically be able to query or detect activity in SQL or other application logs.

    #4 and #5, Even if we have added the file types in DLP , there is no option for choosing which email service to allow or block, also for FTP we don't have any control in CIXA .Please correct me if I am wrong.

    Right, DLP in CIXA is not that granular. You can stop attaching files to web-based email in general, but not to specific email providers. For something like FTP, you might have better luck using Windows/macOS firewall to restrict access to FTP ports.

Children
No Data