Hello
My objective is to block confidential documents sent via mail outside the network, as per business req I had to white list a particular destination e.g example.com. The problem I faced was on whitelisting the said URL, the Recipients having that particular whitlelisted URL as one of its several destinations gets totally ignored by DLP . No incident was generated. For example:
White listed: xyz@example.com
Sender: abc@mycompany.com
Recipient: xyz@example.com , pqr@gmail.com , cvb@yahoo.com
A simple PCI rule would trigger an event if Confidential Documents was being sent to above Recipient and should block it via response rule. Since xyz@example.com is under white list, no events were generated. DLP ignored the other destinations such gmail, yahoo etc in Recipient. As a result we have no visibility over data moving to other destinations .
Please suggest some ways to tackle this issue.
Regards,
Vishnu