Configure Enterprise DLP

Skyhigh Security Cloud provides two solutions for On-Premises Enterprise DLP: Skyhigh Endpoint DLP with Trellix ePO, or Enterprise DLP (EDLP).

When Skyhigh DLP Policy from ePO is enabled, emails are scanned using email policies defined in Trellix ePO, instead of the policies created in Skyhigh Security Cloud.
When you enable Enterprise DLP, you can select a Skyhigh policy to pre-filter events that are sent to Skyhigh Security Cloud. This can be useful if there are performance and throughput considerations for the Enterprise DLP server that integrates with Skyhigh Security Cloud.

Configure Endpoint DLP

Choose Policy > Policy Settings.
Select the tab Enterprise DLP.
Select the tab Security Service Edge DLP.
The following options are available:
- Use Policies defined in Trellix Endpoint DLP. When this feature is enabled, emails are scanned using email policies defined in Trellix ePO for for Trellix Endpoint DLP, instead of the policies created in Skyhigh CASB.
- Send evidence files to Trellix ePO. An evidence file is a copy of the item that created the policy violation. To use this feature, first configure evidence storage in Trellix ePO. If this option is disabled, evidence files will not be sent to Trellix ePO.
Click Save.

Supported services include:

Choose Policy > Policy Settings.
Select Enterprise DLP.
Select the tab Other Providers.
Toggle Enterprise DLP to ON.
Send. Select to send events:
- All Events. Send all events.
- Events that Only Match. Send events that only match a policy.
  - For Policy. Select your existing policy to match.
From. Click Select Services, select the services you want to send events from, then click Done. Click Edit to change the selected service.
Incident Remediation. Select to block actions sent from Skyhigh Security Cloud, and select one of the following options.

IMPORTANT: The Enterprise DLP policy must be configured to return a BLOCK back to Skyhigh Security Cloud via ICAP for this option to work.