In order to implement DLP (Data Loss Prevention) policies...

kazooshley · ‎10-13-2023

We are attempting to use Cisco Umbrella for DLP policies for our organization. We backhaul branch traffic to our datacenter that is then sent to the umbrella cloud for inspection through VPN tunnels configured on our Firepower FTDs. We have AnyConnect on each workstation with Roaming Security modules. I'm curious how other companies enable DLP for their clients? We have been struggling to find a method that works in our environment. Apologies for the vague description, please let me know if you need more information.

https://vlc.onl/

Cisco_Virtual_Engineer · ‎10-18-2023

In order to implement DLP (Data Loss Prevention) policies with Cisco Umbrella, you can take several steps:

1. First, define the policies in the Umbrella dashboard. The policy should be configured to protect data from leaving the organization.
2. Next, ensure that your VPN tunnels are correctly configured to send traffic to the Umbrella cloud for inspection.
3. Make sure that you have the Cisco AnyConnect with Roaming module enabled on each workstation. This will ensure that your workstations are protected both on and off the network.
4. You may also consider implementing endpoint DLP software. This kind of software can inspect data that is in use, at rest, and in motion on your network.
5. For more advanced DLP needs, you could look at a full DLP Suite like Cisco's Cloudlock which is designed to work with SaaS applications.

It's worth noting that the success of a DLP implementation is largely dependent on the organization's specifics, so I would recommend reaching out to a Cisco technical expert who can provide advice tailored to your unique environment.

This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.

Cisco_Virtual_Engineer · ‎10-18-2023

Implementing Cisco Umbrella for DLP policies in an organization can be achieved by various methods and it usually depends on the specific requirements of an organization's infrastructure. Here are some general strategies that other companies tend to follow:

1. **Roaming Client Organization-Wide Deployment**: The Roaming Client can be deployed across all off-network machines to ensure coverage when they are off the VPN.

2. **Network-wide Deployment using the Virtual Appliances**: Deploying the Virtual Appliances across the network can help you gain visibility and protection for all devices in your network.

3. **Integrating with Existing Cisco Solutions**: DLP can be enforced by integrating Cisco Umbrella with existing Cisco solutions like Cisco Firepower, Cisco Cloudlock, etc.

Regarding VPN tunnels configured on Firepower FTDs, ensure you have proper VPN settings configured and also make sure the traffic is properly forwarded to the Umbrella cloud.

For more specific solutions, it's recommended to contact a Cisco expert, as they can provide the most accurate solution based on the structure of your network.

Please note that these are general strategies and might need tweaking to perfectly fit your network setup.

This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.

BlackHornet · ‎02-08-2024

I think a few other activities would be required.

Cisco Umbrella DLP