Review the new features introduces to Enterprise Data Loss Prevention (E-DLP) in September
2024.
New Features
New Application Support
Enterprise Data Loss Prevention (E-DLP) now supports the following new applications:
AirTable
MailChimp
Microsoft OneDrive Web - Personal
New GenAI Application Support
Enterprise Data Loss Prevention (E-DLP) now supports the following new GenAI
applications:
Adrenaline AI
AI Story Generator
Aithor
AI Tubo
Artflow
Artiphoria
Brainly
Caktus
Candy AI
ChatFAI
DreamTavern
EduAide
Figma Figjam AI
Fliki
Leonardo AI
Microsoft Power Apps
Pi
Prome AI
Romantic AI
Zendesk AI
Expanded Upload Support for Existing Applications
Enterprise Data Loss Prevention (E-DLP) now supports upload inspection for the
following applications:
Linkedin Web
Microsoft Power BI Web
Reddit
Endpoint DLP
Endpoint DLP enables your Security
administrators to control the use of peripheral devices by enabling you to allow or
block their use, or to alert your Security administrators when a peripheral device
is connected to an endpoint in your network. To prevent exfiltration of sensitive
data to peripheral devices, use the Enterprise Data Loss Prevention (E-DLP) advanced detection
methods, as well as custom data profiles to define custom traffic match criteria or
use predefined ML-based and regex data profiles.
Install the Prisma Access Agent on the endpoints that you need to protect. The
agent will detect file movement between the endpoint and the peripheral device and
then evaluates and enforces your Endpoint DLP policy rules. When necessary, the Prisma Access Agent forwards the traffic to Enterprise DLP for inspection
and to render a verdict. Enterprise DLP then communicates the verdict to the
Prisma Access Agent which executes the action you configured in the
Endpoint DLP policy rule. Additionally, the Prisma Access Agent is responsible
for displaying a notification to the end user when they generate a DLP incident.
The following is an example of the process Enterprise DLP uses to inspect
endpoints. This process succeeds only if you installed the Prisma Access Agent
and that you already configured your Endpoint DLP policy rules.
A user in your organization connects a peripheral device to their laptop.
The user moves a file from their endpoint to the connected peripheral
device.
The Prisma Access Agent registers that the user attempted to move a
file from the endpoint to the peripheral device and evaluates your Endpoint
DLP policy rules.
No Policy Rule Match—If there is no Endpoint DLP policy
rule match identified, then the agent allows the peripheral
device to connect and the endpoint has full read and write
access privileges to the peripheral device.
Peripheral Control Policy Rule—If you created a peripheral
control policy rule to control access, then the agent executes
the allow or block action that you configured in the policy
rule.
For example, if the Endpoint DLP policy rule blocks the
connection to the peripheral device, then the agent revokes
write privileges to the peripheral device. In this case, the
endpoint can't upload files to the peripheral device.
Alternatively, if the Endpoint DLP policy rule allows the
connection to the peripheral device, then the agent grants the
endpoint write access privileges to the peripheral device. In
this case, the endpoint can upload files to the peripheral
device.
Data in Motion Policy Rule—The agent allows the connection
to the peripheral device. When the Prisma Access Agent
detects file movement from the endpoint to a peripheral device,
the file is forwarded to Enterprise DLP for inspection and
to render a verdict. The agent also forwards important file
metadata, such as the fileSHA,
which Enterprise DLP uses to identify each forwarded file.
Enterprise DLP then sends the verdict to the Prisma Access Agent and, if sensitive data is detected,
the agent takes the Endpoint DLP policy rule action. If Enterprise DLP detects that it's a file that has already
been inspected based on the
fileSHA, then Enterprise DLP
returns the existing verdict to the agent. Enterprise DLP
does not inspect the same file twice.
The Prisma Access Agent executes the Endpoint DLP policy rule action
that you configured in either the Peripheral Control or Data in Motion
policy rules.
Enterprise DLP generates a DLP incident when appropriate. Additionally,
if you configured End User Coaching, the Prisma Access Agent displays
a notification on the endpoint to alert the user.