Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

About Shadow/Web DLP

Shadow cloud services, like Facebook, are accessed by employees but aren't specifically sanctioned for use by their employer. Skyhigh Security allows you to apply Data Loss Prevention (DLP) policies to Shadow cloud services or Web/URL categories to make sure that sensitive data is not exfiltrated by regular user access.

Shadow/Web DLP policies are enforced via the inline forward proxy, whereas Sanctioned DLP policies are enforced through the API. 

The key benefits of using Skyhigh SSE Shadow/Web DLP are:

  1. Real-time enforcement. Shadow/Web DLP Policies are enforced in real-time before data leaves the corporate perimeter
  2. Unified Classifications. Use the provided Skyhigh Security Classifications or create Custom Classification, and leverage them across the cloud and on-premises Trellix ePO. 
  3. Unified Incidents. Shadow/Web DLP policies evaluate outgoing data, and upon finding violations, they produce incidents that you can view in Skyhigh CASB on the Skyhigh CASB Policy Incidents page, along with other incidents related to DLP, Configuration Audit, and Connected Apps.

Create Shadow/Web DLP policies using the Skyhigh CASB Policy Wizard.


  • Was this article helpful?