New in DLP 14 is the ability to scan Box.com for confidential data that may be stored in an enterprise’s BOX.COM environment. See this post for more information on how to configure this.
This post will cover how to configure the the response rule.
Configuring the Response Rule
The first step to configure the response rule is to enable the response rules for scanning within the Discover Target. If the check box is not enabled the response rule will not trigger.
The response rule needs to be created and then assigned to the policy in order for it to work. Within the system add a new response rule and select the type “Automatic.”
What this looks like
The incident report will show a new icon (the tag) next to the Box.com incident.
The incident snapshot shows further information in regards to the tagging response rule showing up
Finally we can see the “Visual Tag” applied within the Box.com interface.
New to Symantec DLP 14 we have the ability to do Network Discover Scans (Data at Rest) of content that is stored in Cloud Storage locations. The first service this is available for is Box.com.
This post will cover how to configure a Network Discover Scan for Cloud Storage once you have applied the Cloud Storage License.
Steps to create a Box.com Discover Scan
Once the license for Cloud Storage DLP is loaded into the system a new entry to create a Box.com Discover Target will be listed.
Once the license for Cloud Storage DLP is loaded in the system a new entry to create a Box.com Discover Target will be listed./
- Navigate to Manage -> Discover Scanning -> Discover Targets
- Under the drop down for “New Target” select Box
- Just like any Discover Target configure the target with Name, Scan Type and Schedule under the “General Settings.”
- We need to Authorize the Box.com scanning account which is new
- Click on the authorize button
- Provide the username and password for the Administrator of your Box.com environment and click Authorize
- The DLP system will be authorized for 60 days and after that time the system can be reauthorized
- Within the Box.com scan we can filter out which files within the Box environment can be scanned within the box.com environment and the filters tab allows us to control this
- Along with being able to scan a folder on box.com we have the ability to “tag” a file with a response rule and this needs to be enabled in the protect tab of things.
- A separate blog post will cover this
Once this is all done, a Cloud Storage Target for Box.com will be configured and setup. THis target can then be run just like any network discover target.
Do I need a different license for this?
Yes, a license for “Cloud Storage DLP” according to the DLP Licensing Guide. This is a subscription based license available in a 1-year subscription.