Thread Info
  • State Verified Answer
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 12 subscribers
  • Views 1435 views
  • Users 0 members are here
Options
Suggested

How much a DLP will support on Central Intercept X Advanced

Hemanth Kurungat

We had a CIXA Demo session with a customer, They have raised the below queries, 

1. All public email services (Yahoo, Gmail etc) have to block login-in and allow only the business email/Outlook. Instead of blocking individual, they need a category option where they can select and block all the unnecessary email services.

2. Any Behavioural or brute force attempt or any changes they have tried has to be monitored and administrator has to receive an alert: eg: multiple login attempt on a SQL server.

3. Whenever they are browsing over internet, their IP has to masked by the Sophos. Eg: when accessing to gogle.com, their public IP should be changed by the Sophos before reaching to google.

4. Sharing files through all public emails has to be blocked, only allow their business email/Outlook.

5. Uploading any files into FTP sites has to block.
Please advise if there are any options available.


Added Tags
[edited by: Gladys at 7:38 AM (GMT -7) on 3 Oct 2023]
Parents
  • 0

    DLP in Intercept X is not designed for these types of use cases. It's designed to prevent accidental leakage of business data by, for example, sending credit card or social security data as an email attachment.

    #1 is tricky, as Google uses the same URLs for both work and personal email. There may be methods of doing it, but they're not handled by CIXA.

    Your specific example in #2 would require security logging/auditing in SQL Server. However, other endpoint/server activity can be monitored and detected using Sophos XDR.

    #3 would be a use case for Sophos ZTNA. You'd have to confirm with your SE whether this exact behavior is possible, but I think it may be.

    #4 and #5 are beyond the scope of the DLP in CIXA. They're also beyond the current capabilities in Sophos ZTNA, but they may be possible in the future or with a third-party ZTNA solution with integrated DLP.

  • 0 in reply to Maxim-Sophos

    Thank you, 

    for #1, in the web policy we have options to block gmail.com, yahoo.com etc, by adding tags in web management, is there any option to allow only Office 365 emails and block all other email services. 

    #2 any application that they are using on their system where the CIXA is installed, will we get any logs if the user has done something on the application or any service? Where we can have this reports in if they have XDR license.

    #4 and #5, Even if we have added the file types in DLP , there is no option for choosing which email service to allow or block, also for FTP we don't have any control in CIXA .Please correct me if I am wrong.

  • +1 in reply to Hemanth Kurungat
    Hemanth Kurungat said:

    for #1, in the web policy we have options to block gmail.com, yahoo.com etc, by adding tags in web management, is there any option to allow only Office 365 emails and block all other email services. 

    I don't know the web categories off the top of my head. Most likely, you could block the category and then allow outlook.office.com as an exception.

    Hemanth Kurungat said:

    #2 any application that they are using on their system where the CIXA is installed, will we get any logs if the user has done something on the application or any service? Where we can have this reports in if they have XDR license.

    A lot of information will be stored either on the device itself or in the Central data lake. However, this will typically be file, process, registry, and other system-level information. You will not typically be able to query or detect activity in SQL or other application logs.

    Hemanth Kurungat said:
    #4 and #5, Even if we have added the file types in DLP , there is no option for choosing which email service to allow or block, also for FTP we don't have any control in CIXA .Please correct me if I am wrong.

    Right, DLP in CIXA is not that granular. You can stop attaching files to web-based email in general, but not to specific email providers. For something like FTP, you might have better luck using Windows/macOS firewall to restrict access to FTP ports.

Reply
  • +1 in reply to Hemanth Kurungat
    Hemanth Kurungat said:

    for #1, in the web policy we have options to block gmail.com, yahoo.com etc, by adding tags in web management, is there any option to allow only Office 365 emails and block all other email services. 

    I don't know the web categories off the top of my head. Most likely, you could block the category and then allow outlook.office.com as an exception.

    Hemanth Kurungat said:

    #2 any application that they are using on their system where the CIXA is installed, will we get any logs if the user has done something on the application or any service? Where we can have this reports in if they have XDR license.

    A lot of information will be stored either on the device itself or in the Central data lake. However, this will typically be file, process, registry, and other system-level information. You will not typically be able to query or detect activity in SQL or other application logs.

    Hemanth Kurungat said:
    #4 and #5, Even if we have added the file types in DLP , there is no option for choosing which email service to allow or block, also for FTP we don't have any control in CIXA .Please correct me if I am wrong.

    Right, DLP in CIXA is not that granular. You can stop attaching files to web-based email in general, but not to specific email providers. For something like FTP, you might have better luck using Windows/macOS firewall to restrict access to FTP ports.

Children
No Data
Unfiltered HTML