New Features by Month - Enterprise DLP - September 2025

When your data security administrators review DLP incidents to review sensitive data snippets, Enterprise Data Loss Prevention (E-DLP) now generates an audit log to provide complete visibility into who accessed this information and when. This enables compliance monitoring and to adhere to data governance requirements when performing an audit.

Audit Logging for Snippet Access captures essential details including user identity, access timestamps, and the specific incident ID accessed. The audit logs exclude the actual snippet accessed to maintain data security while providing the accountability trail you need for compliance reporting.

Audit Logging for Snippet Access satisfies regulatory requirements that mandate tracking access to sensitive information. It demonstrates to auditors that your organization maintains proper data governance controls, and can detect unusual access patterns that might indicate insider threats or compromised accounts. The audit log generation occurs transparently without impacting your incident response workflow or requiring additional steps from your security analysts.

Organizations operating under strict compliance frameworks particularly benefit from this feature as it transforms incident response activities from potential compliance liabilities into documented evidence of responsible data handling. Your data security administrators gain the ability to produce detailed access reports for compliance audits, investigate potential data breaches involving snippet access, and establish clear accountability for sensitive data exposure during incident investigations. The automated nature of the logging ensures consistent record-keeping without relying on manual processes that are prone to gaps or errors in high-pressure incident response scenarios.

Enterprise Data Loss Prevention (E-DLP) now automatically provisions and enables Exact Data Matching (EDM) on your Enterprise DLP tenant when your data security administrator enables the service on Strata Cloud Manager . Automating EDM enablement for your Enterprise DLP tenant streamles the deployment process significantly and eliminates the workflow bottlenecks where you had to wait for manual enablement by Palo Alto Networks to help significantly reduce Enterprise DLP deployment times. The automated enablement process allows your data security administrators to rapidly deploy Enterprise DLP to protect specific sensitive data records such as customer databases, employee information, or proprietary datasets with pinpoint accuracy. Automating EDM enablement ensures that your data security administrators can quickly safeguard your organization from data exfiltration and that they can quickly respond to emerging data protection requirements while maintaining precise control over sensitive information without the operational overhead of manual provisioning workflows.

Enterprise Data Loss Prevention (E-DLP) introduced new app support for the following:

• New GenAI App Support

  Enterprise DLP now supports the following new GenAI app:

  • Perplexity

• Expanded File Size Support for Existing Apps

  Enterprise DLP now supports large file inspection for the following apps:

  • Apple iCloud Uploading

  • DocSend

  • Freshdesk

  • GitHub Uploading

  • Google Photos Uploading

The Enterprise Data Loss Prevention (E-DLP) Unified Incident Manager now displays the proximity keywords that generated a high confidence traffic match. This feature provides the specific context your data security administrators need to understand a high confidence detection. Administrators can now see exactly which proximity keywords appeared near sensitive data matches that triggered the high-confidence detection.

Your data security administrators can now see exactly which proximity keywords appeared near sensitive data matches that triggered the high confidence detection. When data security administrators review DLP incidents, Enterprise DLP displays the proximity keywords directly within the Matches within Data Profiles . This enables your data security administrators to quickly and more effectively triage incidents since they can immediately understand why a detection is high confidence based on the surrounding proximity keywords. Instead of manually reviewing entire documents to determine what elevated the alert priority, data security administrators can quickly validate high-priority exposures where sensitive data appears alongside risk-indicating language. This capability helps data security administrators focus their data security response efforts on genuinely critical detections while reducing time spent investigating high-confidence alerts, ultimately improving your data security posture and accuracy.