Mimecast and Netskope DLP Configuration
Mimecast and Netskope DLP Configuration
This document explains how to configure Netskope DLP with Mimecast.
Netskope and Mimecast collaborate to provide a comprehensive data loss prevention (DLP) solution that effectively detects and safeguards sensitive information across the evolving cloud environment of joint customers. This approach is agnostic to sharing methods, user locations, applications, or device types. Netskope leverages its extensive knowledge of data sharing and extends it to email by employing a unified approach to DLP match rules. This allows customers to utilize their Mimecast environment to manage flagged email in accordance with established email policies.
Moreover, Mimecast and Netskope offer enhanced defense-in-depth capabilities to identify and prevent sophisticated, tailored, and targeted malware attacks from successfully infiltrating the joint customer architecture. This is achieved through active sharing of indicators of compromise that have already been discovered by either platform. As a result, customers’ overall security posture is strengthened, and the effectiveness of complex and costly malicious software is diminished. The likelihood of successful attacks is rapidly reduced.
Configuring Outbound Email Check
Starting with the enabling and configuring checks on the Netskope Tenant. We will be configuring it for Google Gmail.
- First make sure you have SMTP > Google Gmail enabled. In the Netskope UI, go to Settings > Security Cloud Platform > Mail Relay > SMTP.
- Configure the Email Server Setting. Copy the email server setting and paste the same in the Google Admin Workspace.
- After copying add the same thing in the Google Admin Center. Go to Apps > Google Workspace > Gmail > Hosts, and under Hosts, click Add Route.
- Test the TLS connection to verify that the connection to the host was successful. Click Save.
Configure Content Compliance to Send Traffic from Gmail to Netskope
- Go to Apps > Google Workspace > Gmail > Compliance > Content Compliance.
- Create the Outbound Rule from Gmail to Netskope. Click Add to add a new expression and select Advanced Content Match. Under Location, select Full header, and under Match type, select the Not contains text. Enter the following content:
x-netskope-inspected. Click Save.
- Select Change the route and select the Netskope host you created previously.
- Select Require secure transport (TLS), and from the hidden options, select all the Account types to affect. Click Save. You have done all the required configuration from the Google Workspace for the Outbound emails.
- Now go back to the SMTP page on your Tenant. Get Verified your domain and add the next hop which will be in our case Mimecast Outbound SMTP host.
- Go through this link to identify your smtp outbound Mimecast host: https://community.mimecast.com/s/article/email-security-cloud-gateway-smtp-connector-exchange.
Add a DLP Rule and Policy in Netskope
- Go to the Policies > Real-Time Protection.
- Click Create New Policy > Select Email Outbound.
- Select Source as Users or Group.
- For Email Outbound App, select Gmail.
- Select the DLP profile for which you want to check the policy for any violation.
- Add an SMTP header. For any violation, this header will be added and will be blocked after getting the same match in Mimecast.
- Enter a Policy Name and click Save.
Now all the required configuration has been done on the Netskope. Further configuration will be done in the Mimecast.
Create a Policy in Mimecast
- Go to Gateway > Policies > Definitions > Content Definitions.
- Create a New Definition and add the below Rule in the Scanning options. You added the same header from the Netskope Tenant if any email Violates the Policy.
- Now create the new policy. Go to Gateway > Policies > Content Examination.
- Click Create New Policy.
- Select the content definition you just created, and click Save.
- Now that you have configured all the required settings from the Netskope, test out all the configurations. Go to your domain for which you have created the DLP policy. In this case we will add the password protected file for which we have added the DLP profile while creating the policy to basically test out the Violations. Click on send after attaching the protected file.
- Try to check the same in the your tenant. Go to Incidents > DLP.
- Now check the same on the Mimecast Dashboard for any violation. Go to Message Center > Bounced Messages to see the Policy Violations.
- And regarding the violation, you will be receiving the email.
Configuring Inbound Email Check
Inbound email checks will help you make sure that all the malicious emails received should be checked by Mimecast and will take the required action as per the configured policies. Additionally, Cloud Exchange will be used to share the Threat IOCs between Mimecast and Netskope bilaterally.
To Deliver all the Inbound emails to Mimecast. First we need to whitelist all the Mimecast Datacenter IPs. You can refer: Mimecast Data Centers and URLs for more information on the IP address which need to be whitelisted.
After identifying the IPs we need to whitelist in the particular email exchanges. In this case we are using Google Workspace.
- Go to Google Admin Console > Apps > Google Workspace > Gmail > Spam, and then Phishing and Malware > Email Allowlist. Whitelist all the required IPs as selected from above.
- On the same page whitelist those same IPs in the Inbound Gateway. Ensure the Require TLS for Connections From the Email Gateways Listed Above option is selected.
- Now do the required changes in your MX records and update it with the Mimecast SMTP inbound host. Refer this link to select the correct host: Mimecast Gateway.
- In this case we’re using Godaddy for maintaining my MX records and will do the required change over there and in a similar way update the records.
- Now you need to create the delivery route definition in Mimecast so that after receiving the Inbound email by Mimecast, it can be delivered back to Gmail if not malicious. Go to Administration Console > Gateway > Policies > Definitions > Delivery Routes.
- Click New Route Definition and provide the required hostname. Refer to this link: https://support.google.com/a/answer/174125?hl=en for selecting the correct hostname.
- Click Save and Exit.
- Now you need to configure the Policy for the same Route Definition. Go to Policies and click Delivery Routing.
- Click New Policy and select the Delivery Route you created. Applies to: Email Domain. Specifically: <Provide your Domain>. After providing the Required details click Save and Exit.
Your Inbound Email Configuration has been completed successfully in the similar way you can set different policies for all the Inbound Emails.