The Cisco Umbrella data loss protection (DLP) engine now supports detecting data violations based on the values found in the file properties of inspected documents. This includes, but is not limited to, Microsoft sensitivity labels attached as custom properties to Microsoft Office and Adobe PDF documents.
The ability to create DLP rules to detect whether the inspected files are labeled enhances the efficacy and predictability of the DLP solution.
How does it work?
In the configuration of a DLP rule, you can include up to 10 file labels to search and match against the document properties of the outgoing files through the Umbrella SWG proxy.
- A DLP rule can be configured with either data classifications, file labels, or both. When a DLP rule is configured with both, a DLP event is raised when any of the selected data classifications and when any of the configured file labels are detected in the inspected file.
For more details on Umbrella DLP's enforcement based on the values found in the inspected document properties, see Umbrella’s Help.