June 2025
Focus
Focus
Enterprise DLP

June 2025

Table of Contents

June 2025

Review the new features introduced to Enterprise Data Loss Prevention (E-DLP) in June 2025.
New Features
Expanded Enterprise DLP Region Support
June 13, 2025
Enterprise Data Loss Prevention (E-DLP) expanded support for existing regions for services such as Evidence Storage and syslog forwarding.
  • Switzerland—34.65.89.231

Forward Syslogs for Enterprise DLP Audit Logs

June 16, 2025
Enterprise Data Loss Prevention (E-DLP) provides a 90-day window for all audit logs generated your security administrators make configuration changes. This can create challenges for security teams requiring long-term audit log retention and analysis. Without a way to preserve these critical events, organizations struggle to maintain comprehensive audit trails necessary for compliance, forensic investigations, and regulatory requirements. You can now create a Log Forwarding profile to automatically forward all Enterprise DLP your audit logs solves to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or other automated ticketing systems. This enables your SOC Analysts and Incident admins to integrate Enterprise DLP into established workflows to effectively triage, review, and resolve changes to your Enterprise DLP configuration changes that might have resulted in a data security incident. You can configure a single Log Forwarding profile for multiple enforcement points or you can create a different Log Forwarding profile for each. You can associate the same enforcement channel with multiple Log Forwarding profiles.
Enterprise DLP forwards audit syslogs over a UDP or TCP port, and requires a persistent connection to your SIEM, SOAR, or ticketing system to forward audit syslogs. Enterprise DLP can only forward audit syslogs while successfully connected to your SIEM, SOAR, or ticketing system. Enterprise DLP automatically continues forwarding your Enterprise DLP audit syslogs to your SIEM, SOAR, or ticketing system after you restore connectivity. However, Enterprise DLP can't forward any syslogs generated while Enterprise DLP and your SIEM, SOAR, or ticketing system are disconnected.

New Region Support for EDM

June 30, 2025
Enterprise Data Loss Prevention (E-DLP) now supports multiple new regions outside of the United States for Exact Data Matching (EDM) data set uploads. This addresses the regulatory challenge of storing sensitive data within specific geographic boundaries. Previously, Palo Alto Networks stores all EDM data sets exclusively in the US West-2 storage bucket. While Palo Alto Networks ensured General Data Protection Regulation (GDPR) compliance by hashing and encrypting EDM data sets before upload to the Enterprise DLP EDM data set storage bucket, this still presents compliance obstacles for organizations operating under regional data sovereignty regulations. The support for new EDM regions requires EDM CLI app version 4.0 or later release.
With the new region for EDM data set uploads, you can now specify the specific geographic region where Enterprise DLP stores the EDM data set uploads. When uploading data sets through the EDM CLI app, you specify your preferred region when you configure the upload_config.properties file, or you can specify a region when uploading an EDM data set using Interactive mode.
Support for new regions for EDM data set uploads is valuable if your organization operates in regions with strict data protection laws, such as GDPR in Europe, where personal data must remain within approved jurisdictions. While enabling regional data storage, the feature also supports cross-boundary scanning when necessary, allowing your data security controls to function seamlessly across your entire organization while maintaining compliance with data residency requirements.
Additionally with the release of EDM CLI app version 4.0, Enterprise DLP no longer supports authentication and connectivity using an authentication token. EDM CLI app version 4.0 and later releases support EDM CLI app authentication and connectivity using only the Client ID and Client Secret.

Granular Data Profiles

June 23, 2025
Granular data profiles enhance your Enterprise Data Loss Prevention (E-DLP) detection capabilities by allowing you to apply differentiated inline content inspection requirements and response actions within the same Security policy rule. For example, you can use a single granular data profile to block high-risk data patterns while alerting on lower-risk ones, set varying log severities for different data profiles, and set specific file types for each data profile included in the granular data profile.
Granular data profiles simplify policy rulebase management by consolidating multiple rules into a single, more flexible Security policy rule. Furthermore, they reduce false positive detections and allow your data security admins to achieve a more nuanced approach to data protection that aligns closely with your organization's risk management strategy while maintaining a lean and efficient Security policy rulebase.

ICAP Forwarding for Enterprise DLP

June 6, 2025
Enterprise Data Loss Prevention (E-DLP) now supports configuring Internet Content Adaptation Protocol (ICAP) forwarding to allow you to integrate your existing on-premise DLP solutions with Enterprise Data Loss Prevention (E-DLP). This feature caters to organizations, especially in sectors like finance, that need to maintain their legacy DLP systems while embracing cloud security strategies. With ICAP support, you can configure Enterprise DLP to forward inspected files to your on-premise ICAP server for further inspection, while still leveraging the advanced inline ML-based detections offered by Enterprise DLP. This one-way integration ensures all files matching your inline Enterprise DLP match criteria are transmitted to your configured ICAP server, allowing your existing DLP solution to perform its analysis. Concurrently, Enterprise DLP conducts its own inspection and policy enforcement, providing comprehensive data protection. By configuring ICAP for Enterprise DLP, you can maintain compliance with specific regulations, smoothly transition to cloud-based security, and compare detection results across both systems. This approach allows you to confidently adopt SASE technologies while preserving the value of your existing DLP investments, ultimately strengthening your overall data protection strategy and facilitating a future migration to the cloud-native Enterprise DLP.

Magic Link Activation for Enterprise DLP

June 5, 2025
Auth code-based activation for Enterprise Data Loss Prevention (E-DLP) creates significant challenges in policy rule enforcement and synchronization consistency. Without tenant service group (TSG) selection capability, enterprises can’t leverage existing Enterprise DLP data patterns and profiles across their data security enforcement points, resulting in fragmented policy rule enforcement.
You now activate the Enterprise Data Loss Prevention (E-DLP) license for NGFW and VM-Series firewalls managed by either Panorama or Strata Cloud Manager using a magic link rather than using an auth code. The new magic link activation flow resolves these pain points by allowing you to select a specific TSG during activation to enable a shared Enterprise DLP configuration between your NGFW, Prisma Access tenants, and VM-Series firewalls. This unified approach supports multiple deployment scenarios, including single or multiple TSGs rolling up to one CSP and hybrid environments with various enforcement points. Additionally, it gives your data security admins the flexibility to disassociate and reassociate Enterprise DLP licenses between enforcement points as your needs change.