Enterprise DLP
June 2025
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
June 2025
Review the new features introduced to Enterprise Data Loss Prevention (E-DLP) in June
2025.
New Features
| |
---|---|
Expanded Enterprise DLP Region Support
June 13, 2025
|
Enterprise Data Loss Prevention (E-DLP)
expanded support for
existing regions for services such as Evidence Storage and syslog
forwarding.
|
Forward Syslogs for Enterprise DLP Audit Logs
June 16, 2025
|
Enterprise Data Loss Prevention (E-DLP) provides a 90-day window for all audit logs generated your
security administrators make configuration changes. This can create challenges for
security teams requiring long-term audit log retention and analysis. Without a way
to preserve these critical events, organizations struggle to maintain comprehensive
audit trails necessary for compliance, forensic investigations, and regulatory
requirements. You can now create a Log Forwarding profile to
automatically forward all Enterprise DLP your audit logs solves to your
third-party security information and event management (SIEM), Security
Orchestration, and Response (SOAR), or other automated ticketing systems. This
enables your SOC Analysts and Incident admins to integrate Enterprise DLP into
established workflows to effectively triage, review, and resolve changes to your Enterprise DLP configuration changes that might have resulted in a data
security incident. You can configure a single Log Forwarding profile for multiple
enforcement points or you can create a different Log Forwarding profile for each.
You can associate the same enforcement channel with multiple Log Forwarding
profiles.
Enterprise DLP forwards audit syslogs over a UDP or TCP port, and requires a
persistent connection to your SIEM, SOAR, or ticketing system to forward audit
syslogs. Enterprise DLP can only forward audit syslogs while successfully
connected to your SIEM, SOAR, or ticketing system. Enterprise DLP automatically
continues forwarding your Enterprise DLP audit syslogs to your SIEM, SOAR, or
ticketing system after you restore connectivity. However, Enterprise DLP can't
forward any syslogs generated while Enterprise DLP and your SIEM, SOAR, or
ticketing system are disconnected.
New Region Support for EDM
June 30, 2025
|
Enterprise Data Loss Prevention (E-DLP) now supports multiple new regions outside of the United
States for Exact Data Matching (EDM) data set
uploads. This addresses the regulatory challenge of storing sensitive data within
specific geographic boundaries. Previously, Palo Alto Networks stores all EDM data
sets exclusively in the US West-2 storage bucket. While Palo Alto Networks ensured
General Data Protection Regulation (GDPR) compliance by hashing and encrypting EDM
data sets before upload to the Enterprise DLP EDM data set storage bucket, this
still presents compliance obstacles for organizations operating under regional data
sovereignty regulations. The support for new EDM regions requires EDM CLI app
version 4.0 or later release.
With the new region for EDM data set uploads, you can now specify the specific
geographic region where Enterprise DLP stores the EDM data set uploads. When
uploading data sets through the EDM CLI app, you specify your preferred region when
you configure the upload_config.properties file, or you
can specify a region when uploading an EDM data set using Interactive mode.
Support for new regions for EDM data set uploads is valuable if your organization
operates in regions with strict data protection laws, such as GDPR in Europe, where
personal data must remain within approved jurisdictions. While enabling regional
data storage, the feature also supports cross-boundary scanning when necessary,
allowing your data security controls to function seamlessly across your entire
organization while maintaining compliance with data residency requirements.
Additionally with the release of EDM CLI app version 4.0, Enterprise DLP no
longer supports authentication and connectivity using an authentication token. EDM
CLI app version 4.0 and later releases support EDM CLI app authentication and
connectivity using only the Client ID and Client
Secret.
Granular Data Profiles
June 23, 2025
|
Granular data profiles enhance your Enterprise Data Loss Prevention (E-DLP) detection capabilities by allowing you to apply
differentiated inline content inspection requirements and response actions within
the same Security policy rule. For example, you can use a single granular data
profile to block high-risk data patterns while alerting on lower-risk ones, set
varying log severities for different data profiles, and set specific file types for
each data profile included in the granular data profile.
Granular data profiles simplify policy rulebase management by consolidating multiple
rules into a single, more flexible Security policy rule. Furthermore, they reduce
false positive detections and allow your data security admins to achieve a more
nuanced approach to data protection that aligns closely with your organization's
risk management strategy while maintaining a lean and efficient Security policy
rulebase.
ICAP Forwarding for Enterprise DLP
June 6, 2025
|
Enterprise Data Loss Prevention (E-DLP) now supports configuring Internet Content Adaptation Protocol
(ICAP) forwarding to allow you to integrate your existing on-premise DLP
solutions with Enterprise Data Loss Prevention (E-DLP). This feature caters to organizations,
especially in sectors like finance, that need to maintain their legacy DLP systems
while embracing cloud security strategies. With ICAP support, you can configure Enterprise DLP to forward inspected files to your on-premise ICAP server for
further inspection, while still leveraging the advanced inline ML-based detections
offered by Enterprise DLP. This one-way integration ensures all files matching
your inline Enterprise DLP match criteria are transmitted to your configured
ICAP server, allowing your existing DLP solution to perform its analysis.
Concurrently, Enterprise DLP conducts its own inspection and policy
enforcement, providing comprehensive data protection. By configuring ICAP for Enterprise DLP, you can maintain compliance with specific regulations, smoothly
transition to cloud-based security, and compare detection results across both
systems. This approach allows you to confidently adopt SASE technologies while
preserving the value of your existing DLP investments, ultimately strengthening your
overall data protection strategy and facilitating a future migration to the
cloud-native Enterprise DLP.
Magic Link Activation for Enterprise DLP
June 5, 2025
|
Auth code-based activation for Enterprise Data Loss Prevention (E-DLP) creates significant
challenges in policy rule enforcement and synchronization consistency. Without
tenant service group (TSG) selection capability, enterprises can’t leverage existing
Enterprise DLP data patterns and profiles across their data security
enforcement points, resulting in fragmented policy rule enforcement.
You now activate the Enterprise Data Loss Prevention (E-DLP)
license for NGFW and VM-Series firewalls managed by
either Panorama or Strata Cloud Manager using a magic link rather than
using an auth code. The new magic link activation flow resolves these pain points by
allowing you to select a specific TSG during activation to enable a shared Enterprise DLP configuration between your NGFW, Prisma Access tenants, and VM-Series firewalls. This unified approach supports
multiple deployment scenarios, including single or multiple TSGs rolling up to one
CSP and hybrid environments with various enforcement points. Additionally, it gives
your data security admins the flexibility to disassociate and reassociate Enterprise DLP licenses between enforcement points as your needs change.