Data loss is a critical concern during network outages or SIEM maintenance, as it can compromise security monitoring and strict compliance obligations. Enterprise Data Loss Prevention (E-DLP) now ensures the integrity and continuity of your audit trail by buffering critical incident and audit syslogs. Syslog Buffering and Resend guarantees that you never lose crucial incident and audit logs generated during periods of system disconnection.

When Enterprise DLP detects a Syslog connection failure to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or third-party automated ticketing system, it immediately begins storing logs in an encrypted, tamper-resistant local buffer. Once connectivity is restored, Enterprise DLP automatically begins forwarding the complete set of buffered syslogs to your external systems SIEM, SOAR, or third-party automated ticketing system.

Syslog Buffering and Resend is essential for data security administrators who must maintain strict compliance requirements and preserve complete audit trails for forensic investigations. Notifications regarding connection loss and restoration are provided directly through Enterprise DLP on Strata Cloud Manager, ensuring administrators are always aware of the system status. With Enterprise DLP, data security teams can rely on continuous security monitoring, even when facing external network disruptions or temporary server maintenance.

Enterprise Data Loss Prevention (E-DLP) Exception Rules enable your data security administrators to create targeted exemptions in a granular profile DLP rule. Exception rules enable data security administrators to define exceptions for specific users, groups, and destinations without modifying existing Security policy rules. In organizations where Data Security and Network Security teams operate separately, this feature enables Data Security teams to independently implement data protection policy rules without relying on Network Security teams for exceptions. Your data security administrators can configure these exception rules within a granular profile to override the default actions for specified data profiles when certain source and destination conditions are met.

When you need to create nuanced data protection policy rules, such as blocking source code from being sent to any destination except GitHub, or preventing financial data downloads from your ERP system by anyone outside the finance department, exception rules provide the flexibility to implement this activity. Each exception rule lets your data security administrator specify data profiles, traffic source (users or user groups), traffic destination (applications or URLs), and the action Enterprise DLP takes when inspected traffic meets the exception match criteria.

Your data security administrators can configure exception rules to override the default block or alert actions with alternative actions, including allowing the transfer without generating an incident. For each exception rule, your data security administrators can specify an override action and a log severity level. Exception rules for granular profiles help your data security administrators maintain strong data protection while accommodating legitimate business workflows that require exceptions to your general data Security policy rules.