0:03
Welcome to Versa data loss prevention tutorial.

0:09
What is data loss prevention?

0:10
Data loss prevention is a SASE security function.

0:13
DLP detects and prevents data breaches, exfiltration of sensitive data like personal information, credit card or Social Security numbers, network DLP policies provision in versa cloud gateway.

0:26
Versa can configure following DLP rule types, content analysis file, DLP optical character recognition, exact data match and document fingerprinting.

0:38
This tutorial covers content analysis rule preventing exfiltration of credit card information using predefined PACIDSS rule.

0:46
Let's have a look on the SASE portal where we configure the feature.

0:51
We'll enter the Real time protection profiles and the Data Loss Prevention tab for predefined PCIDS rule.

1:00
We'll enter DLP rules and add a new rule.

1:03
We'll select Content Analysis and look for the predefined profiles within the DLP.

1:13
In this tutorial, we will show you how to block PCIDS as information within documents.

1:18
Next, we'll look for certain documents that we'd like to match the rule against.

1:25
That should be documents, PDFs, text files, PHP files, HTML files, XML files, and the other ones.

1:33
Let's select documents and PDFs.

1:36
We can select whether the match rule should match against download, upload direction, or both directions.

1:44
We will select Http://protocol and out of the header body attachment we will select Attachment being inspected.

1:52
In this step we could exclude certain file names from being inspected.

1:59
Once the file is matched against the criterias we can allow block, encrypt, upload and quarantine the content.

2:08
Also we could lock the activity and also set the metadata for the particular file.

2:16
Once we have finalised the rule, we need to give it a name, we'll call it this DLP rule PCI DSS and we can also review the configured parameters for the rule.

2:33
The next step is to configure DLP profile.

2:37
The DLP profile can be consisting out of one or multiple DLP rules.

2:42
Currently, we have only defined one single rule.

2:45
Therefore only one can be selected and only one can be within the list.

2:50
If there are more, we could drag and drop and set the position of the rule against the other rules.

2:59
The default policy action could be alert.

3:03
In this case, we will allow all the traffic and exit on the first rule match in case we hit the rule.

3:11
Now let's name the TLP profile.

3:20
We will set up this profile for a test user called Alice.

3:25
Once the profile is set, the next thing is to create a policy for filtering the traffic on the Versa Cloud gateway.

3:33
We will go into real time protection, Internet protection, add a new rule where we hit all the application URLs and reputation within the users.

3:46
We would like to select our test user Alice.

3:49
We will skip endpoint information profile matching.

3:59
We will skip also geolocation of the source of end destination of the traffic.

4:04
We will also skip layer three, layer 4 attributes and also schedules.

4:11
Once we match traffic that is originated or destinated to Alice, we will select enforcement for the profiles.

4:19
Clicking on the Data Loss prevention, we can enable that feature and assign the DLP profile Alice.

4:28
Finally, we can review the DLP profile Alice that will be exiting on the first rule match and by default it will allow all the traffic except the one that is matched by the rule PCIDSS.

4:42
We all do a content analysis.

4:43
We will block the file if it's located in the attachment within the HTTP or Https://protocol and if it's in the document of type 2 document or PDF.

4:57
As the last step, we will create the name for particular rule within the security policy and we will put it on the top of the list to be applied in case we would like to inspect Https://traffic meaning encrypted.

5:19
We need to also decrypt the traffic on the cloud gateway.

5:22
We'll enter TLS decryption and we will create a new TLS decryption rule.

5:28
We'll select Decryption and inspection of traffic.

5:32
Select the test user, in this case Alice, Skip Endpoint Information profile setting and also skip all the layer three layer 4 attributes and schedules.

5:50
Now we will name the DLS decryption rule decryption for Alice.

6:04
Once all configured, we will publish all the configurations to Versa Cloud Gateways.

6:13
Once configurations have been published to Versa Cloud Gateways, we will proceed to verification.

6:18
As example, we will connect to the Google Drive service using the Sussex client connected to Versa Cloud.

6:24
We will verify that a TLS decryption profile is taking an action and the communication will be decrypted and matched against the DLP profile.

6:35
We will perform an attempt to attach into the e-mail 2 files, one file with the sensitive information like first name, last name, security number and credit card number and the second file that has no sensitive information.

6:52
As you can see the file with the credit card number and Social Security numbers is being blocked by the DLP.

6:58
The POP window shows ACTION upload application Gmail and you are mail.google.com was detected and blocked.

7:07
The service will try to re upload several times the file but it will always fail due to the DLP policy.

7:16
We will cancel the sensitive file upload and we can see the clear file successfully uploaded and could be sent over the e-mail.

7:23
In the second verification, we will attempt to download and upload sensitive information over the public cloud storage service.

7:33
As you can see, we tried to download both files.

7:42
The clear file is successfully downloaded, but the file with sensitive information was blocked by the DLP.

7:49
We can see that the error was a policy violation detected by the DLP.

7:53
Currently with the action download and application was recognized as the Google Docs.

7:59
In another verification, we tried to upload the files.

8:03
The clear file was uploaded successfully while the file with the credit card numbers and Social Security numbers being blocked and the action upload was detected.

8:15
Let's have a look on the SASE portal how the action of DLP have been evaluated.

8:21
You can see the top DLP applications were HTTP and the top action was blocked.

8:26
Alice was blocked with the two different profiles and one of these that we created recently, PCIDSS.

8:33
In the locks of Alice we can see that there was a action block for content on the gateway Ashburn.

8:42
If you look closer we can see that there was attempt to download a file CC and SSN and there was also attempt to upload the file With the sensitive content.

8:53
We can see the profile and the rule name that we created previously.

8:57
The tabular view also shows another information like source address, destination address, source port, and destination port.

9:06
To see even more details, we can open the lock file that is related to the particular lock entry and see the full recall from the Versa Cloud Gateway.

9:21
In this lock, we can see exactly the name of the lock and all the data that we've seen in the previous page.

9:30
Note there are multiple other features and possibilities within the content analysis or other DLP rule types.

9:38
Thank you for watching Versa DLP tutorial video.