There may be cases in which you want to leverage Zscaler’s DLP policy to monitor or block specific types of outbound content by data size, without scanning for specific data within the content. For example, you may want to block outbound image files (such as GIF or JPEG), but only those that exceed a certain data size. (In Zscaler’s File Type Control module, you can set policy to block image files, but you cannot specify data size.)
In such a scenario, you can leverage the External DLP Engine policy option. When configuring the policy, you can simply specify the criteria Zscaler uses for monitoring or blocking content, but refrain from specifying an ICAP server. Zscaler will monitor or block outbound content based on the criteria you specify, but will not send content to any external DLP engines.
To see an illustration of the process that takes place when you configure DLP policies for this option, click here.
See below for more on configuring this policy option.
Configuring rules for this scenario involve the following steps:
No content will be sent to external DLP engines in this configuration.