Enterprise DLP
Supported Features
Table of Contents
Supported Features
Supported
Enterprise Data Loss Prevention (E-DLP)
features.Review the list of supported
Enterprise Data Loss Prevention (E-DLP)
features.Some
Enterprise DLP
features supported on Panorama
and Prisma Access (Managed by Panorama)
require
access to the DLP app on the hub to
enable and configure.See the supported data profile actions for
Enterprise DLP
for more information on which data profile actions are supported. Feature | Description | Panorama | Strata Cloud Manager |
---|---|---|---|
Custom data profile that can include any combination of predefined, regex, or file
property data patterns, and advanced detection methods
such as Exact Data Matching (EDM) or custom document types. | √ Configured in the DLP app on the Hub | √ | |
Custom data profile that can include any combination of predefined, regular
expression (regex), or file property data patterns. | √ | √ | |
Upload custom documents containing intellectual property for which you want to
prevent exfiltration. Custom document types function as traffic match criteria in
advanced data profiles. | √ Configured in the DLP app on the Hub | √ | |
Data dictionaries are a collection of one or more keywords or phrases that you want to detect and prevent
exfilitration. A data dictionary is added as a match criteria alongside the other
supported match criteria in advanced and nested data profiles to increase the Enterprise Data Loss Prevention (E-DLP) detection
accuracy. | √ Configured in the DLP app on the Hub | √ | |
Provides quantifiable metrics to measure the overall data risk for your
organization and gives administrators the ability to analyze and take preventative
action to strengthen your data risk security posture using the Data Risk
Dashboard. | — | √ | |
Enterprise DLP performs inline inspection of outbound emails to prevent
exfiltration of emails containing sensitive information using AI/ML powered data
detections. | — | √ | |
Integrate Enterprise DLP with Cortex XSOAR to use Enterprise DLP
End User Alerting, granting your team members the ability to self-service temporary
exemptions for file uploads that match your data profiles. | √ Configured in the DLP app on the Hub | √ | |
Connect an AWS storage bucket, Azure storage bucket, or SFTP server to Enterprise DLP to automatically store files scanned by the DLP cloud service that
match your data profiles. After a file is successfully stored, you can download the
file for further investigation. | √ Configured in the DLP app on the Hub | √ | |
Upload data sets to detect sensitive and
personally identifiable information (PII) in
structured data sources. EDM data sets function as
traffic match criteria in advanced data
profiles. | √ Configured in the DLP app on the Hub | √ | |
Monitor sharing of sensitive passwords over chat-based applications. Enterprise DLP uses contextual messages to understand instances where a password
might have been shared. When Enterprise DLP detects that a password was shared,
a DLP Incident is generated that displays a snippet of the response containing the
password. | — | √ | |
Custom data profile that contains multiple nested data profiles that allows you to
consolidate the match criteria to prevent exfiltration of sensitive data to a single
data profile that can be used in a single Security policy rule. | √ Configured in the DLP app on the Hub | √ | |
Configure Enterprise DLP data profiles to inspect non-file based traffic to
prevent exfiltration of sensitive data through collaboration applications, web forms,
Cloud applications, and social media. | √ | √ | |
Allows Enterprise DLP to inspect images
containing sensitive data in file-based traffic
inspection. | √ Configured in the DLP app on the Hub | √ |