September 2025
Focus
Focus
Enterprise DLP

September 2025

Table of Contents

September 2025

Review the new features introduced to Enterprise Data Loss Prevention (E-DLP) in September 2025.

Audit Logging for Snippet Access

September 8, 2025
When your data security administrators review DLP incidents to review sensitive data snippets, Enterprise Data Loss Prevention (E-DLP) now generates an audit log to provide complete visibility into who accessed this information and when. This enables compliance monitoring and to adhere to data governance requirements when performing an audit.
Audit Logging for Snippet Access captures essential details including user identity, access timestamps, and the specific incident ID accessed. The audit logs exclude the actual snippet accessed to maintain data security while providing the accountability trail you need for compliance reporting.
Audit Logging for Snippet Access satisfies regulatory requirements that mandate tracking access to sensitive information. It demonstrates to auditors that your organization maintains proper data governance controls, and can detect unusual access patterns that might indicate insider threats or compromised accounts. The audit log generation occurs transparently without impacting your incident response workflow or requiring additional steps from your security analysts.
Organizations operating under strict compliance frameworks particularly benefit from this feature as it transforms incident response activities from potential compliance liabilities into documented evidence of responsible data handling. Your data security administrators gain the ability to produce detailed access reports for compliance audits, investigate potential data breaches involving snippet access, and establish clear accountability for sensitive data exposure during incident investigations. The automated nature of the logging ensures consistent record-keeping without relying on manual processes that are prone to gaps or errors in high-pressure incident response scenarios.

EDM Auto Provisioning

September 15, 2025
Enterprise Data Loss Prevention (E-DLP) now automatically provisions and enables Exact Data Matching (EDM) on your Enterprise DLP tenant when your data security administrator enables the service on Strata Cloud Manager. Automating EDM enablement for your Enterprise DLP tenant streamles the deployment process significantly and eliminates the workflow bottlenecks where you had to wait for manual enablement by Palo Alto Networks to help significantly reduce Enterprise DLP deployment times. The automated enablement process allows your data security administrators to rapidly deploy Enterprise DLP to protect specific sensitive data records such as customer databases, employee information, or proprietary datasets with pinpoint accuracy. Automating EDM enablement ensures that your data security administrators can quickly safeguard your organization from data exfiltration and that they can quickly respond to emerging data protection requirements while maintaining precise control over sensitive information without the operational overhead of manual provisioning workflows.

Improved Snippet and Reports Display

September 16, 2025
Improved Snippet and Report Display for Enterprise Data Loss Prevention (E-DLP) solves the critical challenge data security administrators face when identifying specific data patterns and data profiles that trigger DLP incidents. This enhancement reduces incident resolution times and eliminates the need for additional resources for manual investigation by clearly showing which data patterns and data profiles triggered each incident. With this improved visibility, data security administrators can effectively triage incidents, understand information Security policy rule violations, and efficiently educate users to prevent future violations.
When viewing incident details, you can now see all matched profiles in the report display, with a toggle to filter for only the profiles that triggered the incident. When you select a matched profile, the system shows you the specific data patterns that caused the match, along with their confidence levels and occurrence thresholds. This information remains available even when snippets are disabled, ensuring you always have the context needed to understand the incident. Additionally, the Unified Incident Manager view now enables filtering by triggered data patterns and data profiles, helping you identify trends and recurring issues.
This enhancement supports all supported Enterprise DLP enforcement channels. When examining the DLP incident snippet details, Enterprise DLP displays which data pattern triggered the incident and specific details about the data patterns such as the pattern type, the proximity keywords, and the number of occurrences for high confidence level. For regex patterns, Enterprise DLP displays occurrence counts for each confidence level and examine up to three snippets per confidence level, giving your data security administrators tangible examples of the policy rule violations.
By providing clear insight into which data patterns and data profiles triggered incidents, this feature significantly reduces the operational friction in your security operations center. Data security administrators can quickly understand policy rule violations, take appropriate remediation actions, and provide targeted user education, ultimately strengthening your organization's data security posture and reducing the risk of data exfiltration.

New App Support

Enterprise Data Loss Prevention (E-DLP) introduced new app support for the following:
New Feature
New GenAI App Support
September 23, 2025
Enterprise DLP now supports the following new GenAI app:
  • Perplexity
Expanded File Size Support for Existing Apps
September 23, 2025
Enterprise DLP now supports large file inspection for the following apps:
  • Apple iCloud Uploading
  • DocSend
  • Freshdesk
  • GitHub Uploading
  • Google Photos Uploading