DLP without SSL inspection

,

So, this might sound obvious, but I still want to confirm if DLP works properly without SSL inspection.
There can be instances where banking customer might not enable complete SSL inspection. In that case will DLP work as expected?

Hi Arnab, Thanks for the questions.

Without SSL inspection enabled, DLP engines will not be able to open up the data being transfer, as it will be encrypted an unable to inspected.

To perform proper Data Protection SSL Inspection should be enabled for the applications in-scope.

More information around SSL can be found here.

So, if there is a banking client then they wont be able to use SSL inspection for full traffic. In that case, how will the client protect their data being shared like credit card data or SSN via email or upload to any 3rd party website like zippyshare?

Arnab,

SSL Inspection rules can be created for specific bypasses for finance, health, legal etc. Creating these rules allow you bypass traffic that cant be inspected. All other types of traffic that can be inspected should be inspected. In this case, Zippy-share would be inspected and DLP policies can act on it, as it is not a healthcare, financial , or legal toolset, but a file sharing application.

Does this help?

Thanks,
Mark

1 Like

Yes, It somewhat helps.
Also I am trying to understand if DLP would block PII data from being uploaded to Zippyshare if SSL inspection is disabled entirely?

Oh - so they are not doing ANY SSL inspection. I miss understood.

Can you help me understand the situation where a Bank can not do any SSL inspection at all? I work with a few banks and they are performing inspection on a very large portion of their traffic and only bypassing traffic that is required by legal and/or other factors.

Thanks

1 Like

So, as per my understanding, this bank has enabled inspection for only 36% of the traffic throughout. How is DLP policy gonna work in this case is something of my concern.