Skip to main content
McAfee Enterprise MVISION Cloud

Configure Enterprise DLP

Skyhigh CASB provides two solutions for On-Premises Enterprise DLP: Skyhigh Security Endpoint DLP with Trellix ePO, or Enterprise DLP (EDLP). 

  • When Skyhigh Security DLP Policy from ePO is enabled, emails are scanned using email policies defined in Trellix ePO, instead of the policies created in Skyhigh CASB. 
  • When you enable Enterprise DLP, you can select a Skyhigh CASB policy to pre-filter events that are sent down to Skyhigh CASB. This can be useful if there are performance and throughput considerations for the Enterprise DLP server that integrates with Skyhigh CASB.

Configure Endpoint DLP

  1. Choose Policy > Policy Settings.
  2. Select the tab Enterprise DLP
  3. Select the tab Endpoint DLP
    policy_settings_enterprise_dlp_mcafee_5.2.1.png
  4. The following options are available:
    • Use Classifications defined in McAfee Endpoint DLP. When this feature is enabled, DLP policies can use Classifications defined in ePO for McAfee Endpoint DLP, for the services selected below. Click Select Services, then click Done. 
      policy_settings_on_prem_dlp_mcafee_services_4.3.2.png
    • Use Policies defined in McAfee Endpoint DLP. When this feature is enabled, emails are scanned using Email policies defined in ePO for McAfee Endpoint DLP, instead of the policies created in Skyhigh CASB.
    • Send evidence files to ePO. An evidence file is a copy of the item that created the Policy Violation. To use this feature, evidence storage should be configured in ePO. If this option is disabled, evidence files will not be sent to ePO.
  5. Click Save.

Configure Enterprise DLP for Other Providers

Supported services include:

  • Box
  • Google Drive
  • Microsoft OneDrive
  • Microsoft SharePoint
  • Slack
  1. Choose Policy > Policy Settings.
  2. Select the tab Enterprise DLP
  3. Select the tab Other Providers
    policy_settings_enterprise_dlp_other_5.2.1.png
  4. Toggle Enterprise DLP to ON.
  5. Send. Select to send events:
    • All Events. Send all events. 
    • Events that Only Match. Send events that only match a policy. 
      • For Policy. Select your existing policy to match. 
  6. From. Click Select Services, select the services you want to send events from, then click Done. Click Edit to change the selected service. 
    policy_settings_on_prem_dlp_other_sevices_4.3.2.png
  7. Incident Remediation. Select to block actions sent from the Enterprise DLP, and select one of the following options. 

IMPORTANT: The Enterprise DLP policy must be configured to return a BLOCK back to Skyhigh CASB via ICAP for this option to work.

  • Enterprise DLP controls the remediation action for any block response. 
  • Skyhigh CASB controls the remediation action for the block response. 
  1. Click Save.
  • Was this article helpful?