Added IP Addresses to the Trusted Library and still get incidents related to those addresses?
If the policy you're receiving incidents for is an Event Analysis policy with the Velocity Criteria enabled, then a velocity violation will override any Trusted IP Addresses that are Remote Office.
This is because Cloudlock recognizes that an internal user's credentials may be inappropriately used by another internal user to access sensitive information, and this would be considered a breach. What we see happening sometimes, though, is a user logs in from one location, and the activity they take within Google (for example) looks like it's happening somewhere else because of where the Google server might be located. In this case, we'd recommend Trusting that IP address as a Remote App, since it's the app's location and not the user's.
Comments
0 comments
Please sign in to leave a comment.