Item Check

Copy Paste on Verify that the DLP solution can detect and
web.whatsapp.com block the pasting of sensitive data

Confirm the DLP solution can inspect and

Compressed Document analyze the contents of ZIP files. Test if it can
(Zip,RAR) block or quarantine a ZIP file that contains
sensitive information

Uploading document template (consolidated

Document Template
Whitelist and Blacklist holding details or Bank documents) to the DLP
to either whitelist or blacklist

Data Classifications
Creation of data classification for applying
polices

Data Destinations
Creation of data destinations (safe and unsafe
destination )

Test the DLP's ability to identify and protect

source code, potentially by using keyword
Source Code Protection matching (e.g., "private key," "API key"), file
type recognition (e.g., .py, .java), or code
structure analysis
 Evaluate the DLP's effectiveness in identifying a
wide range of PII, including names, addresses,
s social security numbers, credit card numbers,
and health records. Test it with both structured
and unstructured data.

Web/ Apps Filter

Evaluate the DLP's integration with web and
application filtering

Email DLP
Evaluate preventing PII data shared on Email
body and attachment

Integrate with ZTNA gateways to enforce data

ZTNA (Zero Trust Network policies for remote workers accessing corporate
Access) applications, ensuring that access is granted
based on the user, device, and context.

Data Localization
Confrim data stored within the county and not
transferred outside.

Data routing to our S3 Integrating our S3 bucket for shadow filing

Confirm that the DLP solution has a robust and

SIEM Integration reliable integration with your existing SIEM,
Innspark

API Integration For Alets and other integration (SEIM)

Alerts Creation Alerts through Webhooks,API and email.

Tenant Lock
Prevents personal email login on company
devices

Log Retention Period Check the default log retention period, logs det

Integration with GWS SAML integration with Google Workspace.

Licencing Check how device or user level licensing

 Use case Foresight Feedback

WhatsApp Web employs end-to-end encryption by

RMs tries to paste a list of customer PII data default for all activities. Using Netskope RBI DLP
Controls on WhatsApp Web can be Implemented.

Using Netskope we can block data within compressed

files like ZIP or RAR . Leveraging DLP policies, we can
An employee attempts to exfiltrate a folder of
create a DLP profile that identifies and blocks these
financial reports by zipping them up and uploading
file types in Real-time.
them to a personal cloud storage service. The DLP
No DLP technology can decrypt a
solution detects the sensitive data within the ZIP file
compressed document. Hence it is always
and blocks the upload.
recommended to qurantine/ allow compressed
document ONLY to Authorised destinations.

Yes it is possible. Netskope allows you to create

policies to block or allow access to specific document
The DLP policy recognizes the template and
templates through whitelisting and blacklisting. This is
allow/blocks.
achieved by configuring real-time protection policies
that utilize URL lists and content analysis.

Based on data classification, different policy Yes it is possible. DLP solution can integrate with Data
restrictions can be applied classification tools to apply policies.

Yes, it is possible to create policies to allow/ block

Unsafe destinations the policy action to be blocked.
Trusted / Untrusted (Competitive) destinations

Yes, it is possible. 1. To
block private keys, custom DLP policies can be created
A developer tries to email a snippet of proprietary to identify and flag private key data 2, Using Netskope
source code containing an API key to a personal predefined data identifiers, we can detect common
email address. The DLP solution detects the sensitive API keys, like those from AWS, GitHub, and Facebook.
code and blocks the email, preventing the key from 3. Using Netskope's advanced file type recognition,
being exposed. identify specific programming language files like .py
(Python) and .java (Java), and Netskope DLP can even
perform analysis of code structure.
The DLP solution's PII detection engine recognizes
Yes it is possible. Using Source code templates this
the data and blocks the download, preventing a
policy can be implemented.
sensitive data exposure.

Block websites and apps based on categories, ex; Netskope has Web, Email & Endpoint DLP. Web +
gambling, adult etc Web DLP will be a native integration.

Copy pasting PII on email body or attaching any

Email DLP checks for Header, Body & attachment.
sensitive file

Yes. Need to understand in detail on the Applications.

Need clarity.

Netskope routes data to Amazon S3 through its log

Routing a copy of the file to the corporate S3 bucket streaming capabilities. and by enabling data
for auditing. protection for S3 buckets.

A DLP policy violation is detected and the event is

immediately sent to the SIEM, where it is correlated
with other user activity logs and alerts. This allows Yes it is possible
the security team to see a complete picture of the
user's actions leading up to the policy violation.

Yes it is possible. Netskope integrates with SIEM

platforms to provide security alerts and other
telemetry data for enhanced threat detection and
response. This integration allows organizations to
centralize security information, improve visibility, and
automate incident response.
 Yes it is possible.
Netskope provides various methods for delivering
alerts to administrators and integrated systems,
including webhooks, APIs, and email notifications.

Blocking personal email logging on company device

Yes it is possible
and any browsers.

Netskope by default audit logs are retained for 90

days. Customer can also subscribe for extended Data
Retention period & can increase this to one year.
Push it to the S3 or SEIM
Transaction events, if not consumed, are retained for
seven days by default. Device logs are kept for 365
days.

Netskope integrates with Google Workspace (GWS) to

provide enhanced security and control over cloud
usage. This integration allows organizations to apply
SSO
granular policies to Google Workspace, its ecosystem,
and other cloud services, leveraging Netskope's deep
cloud context and flexible policy enforcement.

Number of users
Windows Mac Remarks

Yes, as mentioned we can achieve the copy and paste

activity by using the Remote browser isolation
Yes Yes module. But we cant attach a DLP Profile for that. Just
we can completely block copy paste activity

YES, It can be achievable. Not only ZIP Files we do

Yes Yes have 1000+ files types in Netskope on top of which we
can configure the policies.

Yes, Definitely we can achieve this , but we need

Yes Yes Advanced Web DLP to achieve the same

Also we do have several predefined file classifiers

Yes Yes inbulit in Netskope, Based on which we can configure
the policies

Yes, we can configure the policies based on Source IP

Yes Yes or Source Country Criteria

Yes, It is possible and we do have a souce code family

Yes Yes containing all major coding languages.
Yes Yes Yes, Its possible

Yes, we do have 240+ categories in house. And we can

Yes Yes customize the URLs as well

Yes, It is possible. But if the same activity the user is

performing we need separate Email DLP module to
Yes Yes achieve. (Will integrate with your email like Outlook
or Gmail)

Anyway we can provide access to critical applications

with Netskope ZTNA But if we want to have DLP
Yes Yes policies on top of that then we need to configure
Remote browser access and currently it will work only
on HTTP/HTTPS applications

Yes Yes

Yes, We can integrate netskope with AWS for

Yes Yes forencies

Yes Yes Yes, It is possible

Yes Yes Available with Netskope

 Yes, Anyway will get alerts on Tenant and apart from
Yes Yes that we can configure email notifications for every
policy to achieve the same.

Yes Yes Yes, we can restrict it through app instance

Yes Yes Yes, Possilbe

Yes Yes Yes, It is possible

Yes Yes No. of Users