Standard proximity limits often fail to detect sensitive data in complex documents where related fields are widely separated. If your environment relies on fixed distance constraints, you risk missing detections when data elements, like a name and a social security number, appear far apart within a file.

Customizable Proximity Distance for Exact Data Matching (EDM) addresses this limitation by allowing you to define the maximum character separation between matched data elements. You can now configure the proximity parameter from 25 to 5000 characters, enabling Enterprise Data Loss Prevention (E-DLP) to correlate spatially separated data points into a single, confirmed detection. This flexibility ensures your Enterprise DLP solution can adapt to diverse document formats. The default 100-character setting maintains a balance for general use cases, but you now have the administrative control to adjust this parameter to meet your specific data protection requirements.

Customizable Proximity Keyword Distance enables you to control the maximum character distance between sensitive data and proximity keywords required to trigger an Enterprise Data Loss Prevention (E-DLP) detection to up to 1,000 characters. By default, Enterprise DLP requires sensitive data to be within 200 characters of the proximity keyword which might be too restrictive for detecting valid matches or too permissive in other scenarios, potentially causing false positives.

When creating or editing a regular expression (regex) data pattern, you can specify exactly how close proximity keywords must be sensitive data to constitute an Enterprise DLP detection. For large files or traffic containing sensitive data where related proximity keywords might be separated by longer text blocks, you can increase the proximity distance to ensure proper detection. Conversely, for files or traffic where you need tighter control to reduce false positives, you can specify a smaller proximity distance to ensure only closely associated keywords trigger a match. Enterprise DLP always adheres to the proximity distance configured in the matched data pattern when a detection occurs. To support your compliance requirements, Enterprise DLP generates an audit log when a data security administrator edits an existing data pattern to modify the keyword proximity distance for a data pattern.

The ability to customize the proximity keyword distance provides you with greater flexibility and precision when deploying multiple data patterns. This helps your organization achieve the right balance between comprehensive data protection and operational efficiency.

To ensure efficient, scalable, and accurate data dictionary maintenance, Enterprise Data Loss Prevention (E-DLP) now includes comprehensive management capabilities for data dictionaries. Enterprise DLP now provides data security administrators the ability to view, edit, sort, and delete keywords across both custom data dictionaries directly within Enterprise DLP to reduce the management overheard. Additionally, you can download any data dictionary for rapid offline editing and keyword manipulation before quickly re-uploading the modified file. Furthermore, You can view all the keywords directly within Enterprise DLP and efficiently search keywords within all custom predefined data dictionaries. The ability to view, edit, sort, and delete keywords associated with a data dictionary provides efficient data dictionary management capabilities to help ensure effective Security policy rule tuning and rapid compliance updates.

Organizations face a critical challenge when security policy rules block legitimate business activities: manual exemption requests create delays and administrative burden for both users and IT teams. The End User Coaching Exemption Requests feature streamlines how your organization handles security policy exceptions. When users encounter policy blocks while performing legitimate business activities, they can request exemptions directly within Autonomous Digital Experience Management (ADEM) rather than submitting tickets to IT.

You can configure multiple end user notification templates to grant exemption requests based on different DLP rule. For example, you can configure a notification template to automatically grant exception approvals for routine or low risk incidents, manager review for context-dependent cases, or security administrator approval for sensitive and high risk incidents. Additionally, you can provide the opportunity for end users to provide justification for why an exemption should be granted in the first place.

By implementing End User Coaching Exemption Requests, you reduce administrative overhead, accelerate legitimate business processes, and maintain security control—enabling your organization to balance essential security protections with business productivity needs in a streamlined, auditable manner.

Enterprise Data Loss Prevention (E-DLP) introduced expanded Optical Character Recognition (OCR) image support:

Configuration errors during Enterprise Data Loss Prevention (E-DLP) policy updates pose risks, potentially leading to unintended security gaps or costly service disruptions. Enterprise DLP Configuration Export and Import addresses this challenge by providing a fast, reliable method for data pattern, data profile, and data dictionary configuration management. Enterprise DLP Configuration Export and Import enables your data security administrators to implement more rigorous change management processes for your data security policy.

For example, your data security administrators can use Enterprise DLP Configuration Export and Import to quickly validate data pattern, data dictionary, data profile changes in a non-production environment before deployment, ensuring consistency across your enforcement points. Conversely, they can export known good Enterprise DLP data pattern, data profile, and data dictionary configurations so they can import them back in the event of misconfiguration.

Enterprise DLP Configuration Export and Import is exclusively designed to manage the creation and updating of specific configuration elements, such as data patterns, data profiles, and data dictionaries within Enterprise DLP. When you import a configuration Enterprise DLP, only creates or updates data patterns, data dictionaries, or data profiles but does not delete.

Enterprise DLP generates an audit log capturing the details about the configuration export and import including the administrator that performed the operation, date the operation was performed, and time the operation was performed. These verifiable audit trails significantly strengthen your overall security posture, simplifying complex troubleshooting processes, and meeting stringent regulatory and internal governance compliance requirements.