>
    Manage: Enterprise DLP
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Strata Cloud Manager Administration
    4. Manage: Enterprise DLP
    Download PDF
    Strata Cloud Manager

    Manage: Enterprise DLP

    Table of Contents

    Manage: Enterprise DLP

    How to use
    Strata Cloud Manager
     to manage
    Enterprise Data Loss Prevention (E-DLP)
    .
    Where Can I Use This?
    What Do I Need?
    • NGFW (Managed by Panorama)
    • Prisma Access (Managed by Strata Cloud Manager)
    • SaaS Security
    • NGFW (Managed by Strata Cloud Manager)
    • Enterprise Data Loss Prevention (E-DLP)
       license
    • NGFW (Managed by Panorama)
      —Support and
      Panorama
       device management licenses
    • Prisma Access (Managed by Strata Cloud Manager)
      Prisma Access
       license
    • SaaS Security
      SaaS Security
       license
    • NGFW (Managed by Strata Cloud Manager)
      —Support and
      AIOps for NGFW Premium
       licenses
    Or any of the following licenses that include the
    Enterprise DLP
     license
    • Prisma Access
       CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X)
       license
    • Data Security
       license
    Enterprise Data Loss Prevention (E-DLP)
     protects sensitive information against unauthorized access, misuse, extraction, or sharing.
    Enterprise DLP
     on
    Strata Cloud Manager
     enables you to enforce your organization’s data security standards and prevent the loss of sensitive data across your NGFWs, and your Prisma Access mobile users and remote networks.

    Feature Highlights

    • The Enterprise Data Loss Prevention (E-DLP) Dashboard
      Go to
      Manage
      Configuration
      Data Loss Prevention
       to configure and manage
      Enterprise DLP
      .
      Your
      Enterprise DLP
       configuration is shared across the products where you’re using
      Enterprise DLP
      . So you might see settings here that were configured elsewhere, and some settings you can configure here can also be leveraged in other products.
    • Predefined + Custom
      Enterprise DLP
       Settings
      Enterprise DLP
       includes built-in settings that you can use to quickly start protecting your most sensitive content:
      You can also create custom data patterns and profiles directly on
      Strata Cloud Manager
      .
    • Investigation for DLP Incidents
      A DLP incident is generated when traffic matches a DLP data profile attached to a security policy rule on
      Strata Cloud Manager
      . On the DLP Incidents dashboard, you can view details for the traffic that triggered the incident, such as matched data patterns, the source and destination of the traffic, the file and file type.
    • Scanning for Images in Supported File Formats
      Strengthen your security posture to further prevent accidental data misuse, loss, or theft with Optical Character Recognition (OCR). OCR allows the DLP cloud service to scan supported file types with images containing sensitive information that match your
      Enterprise DLP
       filtering profiles.
    • Exact Data Matching (EDM)
      EDM is an advanced detection tool to monitor and protect sensitive data from exfiltration. Use EDM to detect sensitive and personally identifiable information (PII) such as social security numbers, Medical Record Numbers, bank account numbers, and credit card numbers, in a structured data source such as databases, directory servers, or structured data files (CSV and TSV), with high accuracy.
    • Custom Document Types
      Upload your custom documents that contain intellectual property or sensitive information to
      Enterprise Data Loss Prevention (E-DLP)
       to create custom document types. Your custom document types are used as match criteria in advanced data profile to detect and prevent exfiltration.
    • Email DLP
      Email DLP prevents exfiltration of emails containing sensitive information with AI/ML powered data detections. For example, Enterprise DLP can prevent exfiltration of sensitive data over an outbound email sent from a salesperson within your organization to their personal email.
    • Role-Based Access for
      Enterprise DLP
      You can enable role-based access to
      Enterprise DLP
       controls inside
      Strata Cloud Manager
      . This allows you to control which users have read and write access privileges to different parts of
      Enterprise DLP
      .

    Get Started

    1. Enable
      Enterprise DLP
       on
      Strata Cloud Manager
      .
      To set up
      Enterprise DLP
      , you need to create a decryption profile to allow the DLP cloud service to inspect traffic. Select
      Manage
      Configuration
      Security Services
      Decryption
       and:
      1. Select
        Manage
        Configuration
        NGFW and Prisma Access
        Security Services
        Decryption
         and
        Add Rule
        .
        The predefined decryption profile settings enable
        Enterprise DLP
         to inspect traffic. Modifying the predefined decryption profile settings isn't required unless you need to enable
        Strip ALPN
         (
        Advanced Settings
        SSL Forward Proxy
        ).
      2. Add the decryption profile to an
        SSL Forward Proxy
         decryption rule.
    2. (
      Optional
      ) Select
      Manage
      Configuration
      Data Loss Prevention
      Detection Methods
       and create a Data Pattern
      You can create custom
      Enterprise DLP
       data patterns to specify what content is sensitive and needs to be protected—this is the content you’re filtering. You can create a custom data pattern based on regular expressions or a data pattern based on file properties.
    3. Create a Data Profile
      Group data patterns that should be enforced the same way into a data profile. You can also use data profiles to specify additional match criteria and confidence levels for matching.
    4. Create a DLP Rule
      Specify the traffic and file types you want
      Enterprise DLP
       to protect. Set the action for
      Enterprise DLP
       to take when it detects a DLP incident.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.