Configure DLP Data Exfiltration

Last updated
Save as PDF

For supported software information, click here.

Endpoint data loss prevention (DLP) on the SASE client protects sensitive data on endpoints by blocking unauthorized data exfiltration attempts. This ensures that information remains secure even when accessed from remote environments, which is essential for organizations handling confidential information.

This article describes how to configure DLP activities in Concerto to prevent data exfiltration activities such as copying and pasting, taking screenshots, and using USB devices. It also covers how to check DLP exfiltration activities on the SASE client.

You can enable these options from the secure client-based access rule associated with the client Concerto. You can only view exfiltration activities that are supported on the client.

Configure DLP Exfiltration from Concerto

Go to Configure > Security Service Edge > Secure Access > Client-based Access > Policy Rules.
Select an existing rule to edit. To create a new rule, see Create a SASE Client Configuration for Secure Client-Based Access.
In the Edit Secure Client Access Rule screen, select step 7, Client Configuration.
In the Client Configuration tab, click Customize under Client Controls. The Configure Client Controls screen displays.
Click Advanced Settings, and then select End Point Data Loss Prevention (DLP). The following options display:

Enter the following information:
1. Click the Copy/Paste slider bar to detect copy from or paste to the clipboard (Windows only).
2. Click the Screenshot slider bar to detect a screenshot action (Windows only).
3. For USB, Allow is the default value. You can also select Block or Read-Only:
  - Allow—Permits full access to the USB drive, and you can copy files to and from the drive.
  - Block—Access to the USB drive is blocked. When the user plugs in a USB drive, a DLP violation message shows the USB is blocked.
  - Read-only—Permits copying from the USB drive to the device, but does not allow copying files from the device to the USB drive.
Click Save to save the secure client-based access rule.

View Exfiltration Activities from SASE Client

To view the allowed exfiltration activities configured for the SASE client:

In the SASE client home screen, click the Settings icon.
In the Enterprise section, click the account for which you want to view DLP data exfiltration settings. The following example shows that copy/paste, screenshot, and USB activities are allowed:

Examples: Violation of DLP Exfiltration Policies

If copy and paste activity is disabled in the rule, the client Data Loss Prevention screen displays the slider button grayed out. For example:

In this case, if you try to copy text or images using CTRL+C or right click using mouse and copy paste, the following DLP policy violation message displays:

If taking screenshots is disabled in the rule, the client Data Loss Prevention screen displays the slider button grayed out. For example:

In this case, if you try to use the PrtSc key or a snipping tool, the following DLP policy violation message displays:

If USB usage is blocked, the the client Data Loss Prevention screen displays Block for USB. For example:

In this case, if you try to open the USB drive, the following DLP policy violation message displays:

If USB is read-only, then the client Data Loss Prevention screen displays Read Only for USB. For example:

In this case, you can copy from the USB drive to your device, but you cannot copy from your device to the USB drive. If you try to copy a file from your device to USB, the following DLP policy violation message displays:

Supported Software Information

Releases 12.2.1 and later support all content described in this article.
Releases 7.9.1 of Versa SASE Client (Windows OS) and later support all content described in this article.

Additional Information

Concerto SASE End-to-End Configuration
Configure SASE Secure Client-Based Access Rules