Dear Team,
Question :
We need to investigate the incident referenced in the uploaded screenshot. Our "Bulk Data Transfer" policy has a 25 MB file size limit, and any uploads exceeding this limit trigger an incident.
In this case, if a user attempts to upload a 1.5 GB zipped file to the cloud, cancels the upload mid-transmission, will the DLP system still detect a policy violation and trigger an incident despite the initial upload being canceled?
Answer :
Yes, even if you cancel an upload mid-process, a Data Loss Prevention (DLP) system can still detect and potentially block the file during the initial scan, regardless of whether the upload is completed or not
key points:
DLP systems typically scan files as they are being uploaded, meaning they scan file size even before the upload is fully finished.
If the DLP policy is set to block files with above maximum file size limit, it can trigger an alert or block the upload even if the user cancels the process.
Question :
On application layer we knows that the DLP agent detect and trigger an alert, But on network layer how does it works with network packets?
Does DLP Agent can scan file checksum to identify file properties or detail, like size, match count, file name, file type, etc?
regards,
Junaid Ahmed