trustwave dlp discover integration guide for google g...

Trustwave DLP Discover Integration Guide

For Google G Suite™

Trustwave DLP Discover Integration Guide for Google G Suite - March 7, 2017

Legal Notice

Copyright © 2017 Trustwave Holdings, Inc.

All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

While the authors have used their best efforts in preparing this book, they make no representation or warranties with respect to the accuracy or completeness of the contents of this manual and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author or Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.

The most current version of this document may be obtained by contacting:

Trustwave Technical Support:Phone: +1.800.363.1621Email: [email protected]

Trademarks

Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.

Revision History

Version Date Changes

6.4 March 2017 • Initial release of guide

Legal NoticeCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. ii


Chapter Descriptions

This book is the Trustwave DLP Discover Integration Guide for Google G Suite™. It contains all the information necessary for installation of DLP Discover to target a Google Drive and GMail repository. This manual is broken into the following chapters.

Chapter 1: IntroductionThis chapter introduces Trustwave DLP Discover and how it works with repositories.

Chapter 2: Google Drive and GMail Scan TargetsDLP Discover can scan Google Drive and GMail repositories when it is targeted by a scan policy. This chapter explains how to configure a scan policy.

Related Documentation

DLP Discover’s documentation is available to all DLP Discover users through links on the Application tab of the Setting tab. An internet connection is required to view these documents. The following documentation is available:

• Trustwave DLP Discover 6.4 Getting Started Guide

• Trustwave DLP Discover 6.4 User Guide for Organizations

• Trustwave DLP Discover 6.4 User Guide for Stand-Alone Installations

• Trustwave DLP Discover 6.4 Release Notes

• Trustwave DLP Discover 6.4 Integration Guide for Dropbox Business

• Trustwave DLP Discover Integration Guide for Google G Suite™

• Trustwave DLP Discover Integration Guide for Microsoft Exchange and Azure®

• Trustwave DLP Discover Integration Guide for Microsoft SharePoint®

Other important information can be obtained from Trustwave Support.

Chapter DescriptionsCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. iii


Formatting Conventions

This manual uses the following formatting conventions to denote specific information.

Table 1: Formatting Conventions

Format and Symbols

Meaning

Blue Underline A blue underline indicates a Web site or e-mail address.

Bold Bold text denotes UI control and names such as commands, menu items, tab and field names, button and check box names, window and dialog box names, and areas of windows or dialog boxes.

Code Text in this format indicates computer code or information at a command line.Italics Italics denotes the name of a published work, the current document, name of another docu-

ment, text emphasis, or to introduce a new term.

[Square brackets] Square brackets indicate a placeholder for values and expressions.

Note: This symbol indicates information that applies to the task at hand.

Tip: This symbol denotes a suggestion for a better or more productive way to use the prod-uct.

Caution: This symbol highlights a warning against using the software in an unintended man-ner.

Formatting ConventionsCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. iv


Table of ContentsCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. v

Table of Contents

Legal Notice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii

Revision History. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii

Chapter Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii

Formatting Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv

Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

1 Introduction 6

1.1 Repository Scan Targets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.2 Deployment Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2 Google Drive and GMail Scan Targets 8


1 Introduction

Trustwave DLP Discover™ is a Microsoft Windows®-based application that investigates data at rest to find and protect sensitive information using the Trustwave suite of detection and classification methods. In DLP Discover, user define policies - called scan policies - to scan files and databases for this information. When a scan is complete, users remediate the results before generating reports on the scan and its outcome.

Scan policies define what type of sensitive data DLP Discover will search for. They also define where to search for the data: laptops or servers, databases, removable drives, and data repositories to name a few. DLP Discover supports scanning of document repositories in several on-site deployments including Dropbox for Business, Google Gmail™, and Microsoft SharePoint® servers. This guide describes how to target Google’s Drive™ API and Gmail API in DLP Discover.

1.1 Repository Scan TargetsWhen a repository is targeted by a scan policy, that repository is called a scan target. When DLP Discover scans a repository, it makes a connection to a repository, looks for a specific portion of that repository, and scans specific files and folders within that portion based on the repository scan target’s configurations. Thus when repository scan target is created, it must specify where the scan will occur and what DLP Discover will scan.

DLP Discover connects to each repository using a reusable set of configurations called a connection. When scanning a repository target, DLP Discover elevates its permission so that it can scan sensitive files and folders. This access is only available during scans in order to protect the information. As such, some event details may not be available after the scan.

Also when scanning a repository target, DLP Discover does not count the number of items in the repository that it will scan or skip at the beginning of the scan. DLP Discover does not update the status bar on the Scan tab while scanning a repository. However, the Items Scanned and Items Skipped still increment; also the number of items is their sum. With repositories, items describe the total number of items that were scanned or skipped during a scan.

Scanners (the DLP Discover installations that run scans) create files in temporary directories while scanning attachments. These files are deleted after the scan. DLP Discover offers a secure way to delete the files which is time intensive. If a scanner that contains the repository is secure, disable this feature to improve performance.

This guide assumes you are familiar with DLP Discover. Review the Trustwave DLP Discover User Guide for Stand-Alone Installations for how to create and run a scan policy and for what to do with its scan results.

This version of DLP Discover was tested on the latest available versions of Google Drive API (v3) and Gmail API (v1). DLP Discover should be forward compatible with the Drive and Gmail APIs. If any issues arise, please check the API versions of the Google services before calling Trustwave Support. Google API versions may be checked at https://developers.google.com/apis-explorer/?hl=en_US#p/.

IntroductionCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. 6


Events found in repositories cannot be remediated manually or automatically during the scan. Files in repository targets cannot record their properties or permissions. Because these file attributes are unavailable, the Scan Since information for a file in a repository targets is also unavailable.

1.2 Deployment OptionsTrustwave DLP Discover offers two types of deployments: stand-alone or organizational. Stand-alone deployments features very few (often one) instances of DLP Discover, while organizational deployments have installations of DLP Discover throughout an enterprise. In a stand-alone configuration, DLP Discover can target repositories in any of its scan policies. Organizational deployment only allow repository targets in local scan policies. See Trustwave DLP Discover User Guide for Organizations for more information about local scan policies.

IntroductionCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. 7


2 Google Drive and GMail Scan Targets

DLP Discover can scan Google Drive and GMail accounts. It initiates each scan by logging in with account credentials provided in the scan target's connection. It then scans the target indicated provided it has permission to access the data that is there. DLP Discover assumes that the account it has will have permissions to the containers that DLP Discover should scan. If DLP Discover cannot access a file or container, DLP Discover assumes it should not scan that area and skips ahead without error.

To target the Google Drive and GMail accounts associated with a Google G Suite account:

1. On the Policy Management tab, open the Organization tab.

Google Drive and GMail Scan TargetsCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. 8


2. In the Organization editor, open [DLP Discover machine].Copies of any existing audit polices appear under this node.

3. Create or edit an audit policy.

4. On the Scan Targets tab, click Add Repository.

The Select Repository Type dialog box opens.

In an organizational deployment, select a scan policy under the Agents and Scanners node. Repository scan targets are not available to scan policies anywhere else in the hierarchy.



5. Select Google Drive and GMail and click OK.The Google Target dialog box opens.



6. If necessary, add a connection or select a connection from the Connection drop down list. Click the image below to watch a video on how to create a connection.

7. Select a connection in the Connection drop down list.

Each connection targets a specific Google G suite account. Connections allow you to build targets inorder to scan different items within the same app. For instance, you can have two scan policies: onethat scans all GMail accounts within a Google G suite account and another that only scans specificusers attached to that G Suite account. Both policies can use the same connection. When you createa repository scan target, you select a connection to use. The list of available connections that you maychoose from is based on the connections you have already created. If you edit a connection, DLP Dis-cover applies that change to all scan targets that use that connection.

8. Enter a name for the target in the Name field. This name will appear on the scan policy's Scan Targets tab.

9. Specify which users to scan:

a. To scan all users associated with the connection, leave the Includes and Excludes fields empty.

b. To scan only specific users, enter the email addresses of the users whom you want to scan in the Includes field.



c. If you want to scan all but specific users:

i. Leave the Includes field empty.

ii. Enter the email addresses of the users whom you do not want to scan in the Excludes field.

10. Specify what to scan and how often:

a. In the Scan area, mark which items to scan.

b. To scan users’ Google Drives, mark the Scan Google Drive user folders and files.

c. If a file can be accessed through multiple paths or shortcuts, you can prevent it from being scanned multiple times by enabling Prevent scanning of files more than once.

11. To delete temporary files created while scanning in a way that the files cannot be recovered, select Secure delete temporary files. This is selected by default.

12. To suppress errors if scan targets are not present or accessible, mark Skip without error.

13. Click OK.

If there are any addresses in the Includes field, DLP Discover will ignore the Excludes field.


About Trustwave®Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than 2.7 million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information, visit https://www.trustwave.com.

https://www.trustwave.comhttps://www.trustwave.com

Trustwave DLP Discover Integration Guide For Google G Suite™Legal NoticeRevision HistoryChapter DescriptionsFormatting ConventionsTable 1: Formatting Conventions

Table of Contents

1 Introduction1.1 Repository Scan Targets1.2 Deployment Options

2 Google Drive and GMail Scan Targets

trustwave dlp discover integration guide for google g...

Documents