Skip to main content
Skyhigh Security

Configure Enterprise DLP

Skyhigh Security Cloud provides two solutions for On-Premises Enterprise DLP: Skyhigh Endpoint DLP with Trellix ePO, or Enterprise DLP (EDLP). 

  • When Skyhigh DLP Policy from ePO is enabled, emails are scanned using email policies defined in Trellix ePO, instead of the policies created in Skyhigh Security Cloud. 
  • When you enable Enterprise DLP, you can select a Skyhigh policy to pre-filter events that are sent to Skyhigh Security Cloud. This can be useful if there are performance and throughput considerations for the Enterprise DLP server that integrates with Skyhigh Security Cloud.

Configure Endpoint DLP

  1. Choose Policy > Policy Settings.
  2. Select the tab Enterprise DLP
  3. Select the tab Endpoint DLP
    edlp_skyhigh_endpoint.png
  4. The following options are available:
    • Use Classifications defined in McAfee Endpoint DLP. When this feature is enabled, DLP policies can use Classifications defined in ePO for McAfee Endpoint DLP, for the services selected below. Click Select Services, then click Done. 
      policy_settings_on_prem_dlp_mcafee_services_4.3.2.png
    • Use Policies defined in McAfee Endpoint DLP. When this feature is enabled, emails are scanned using Email policies defined in ePO for McAfee Endpoint DLP, instead of the policies created in Skyhigh Security Cloud.
    • Send evidence files to ePO. An evidence file is a copy of the item that created the Policy Violation. To use this feature, evidence storage should be configured in ePO. If this option is disabled, evidence files will not be sent to ePO.
  5. Click Save.

Configure Enterprise DLP for Other Providers

Supported services include:

  • Box
  • Google Drive
  • Microsoft OneDrive
  • Microsoft SharePoint
  • Slack
  1. Choose Policy > Policy Settings.
  2. Select the tab Enterprise DLP
  3. Select the tab Other Providers
    edlp_other_providers.png
  4. Toggle Enterprise DLP to ON.
  5. Send. Select to send events:
    • All Events. Send all events. 
    • Events that Only Match. Send events that only match a policy. 
      • For Policy. Select your existing policy to match. 
  6. From. Click Select Services, select the services you want to send events from, then click Done. Click Edit to change the selected service. 
    policy_settings_on_prem_dlp_other_sevices_4.3.2.png
  7. Incident Remediation. Select to block actions sent from the Enterprise DLP, and select one of the following options. 

IMPORTANT: The Enterprise DLP policy must be configured to return a BLOCK back to Skyhigh Security Cloud via ICAP for this option to work.

  • Enterprise DLP controls the remediation action for any block response. 
  • Skyhigh Security Cloud controls the remediation action for the block response. 
  1. Click Save.
  • Was this article helpful?