Enterprise DLP
Features
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
Features
Supported Enterprise Data Loss Prevention (E-DLP) features.
Review the list of supported Enterprise Data Loss Prevention (E-DLP) features.
Some Enterprise DLP features supported on NGFW (Managed by Panorama) and Prisma Access (Managed by Panorama) require access to Strata Cloud Manager to enable and configure.
See the supported data profile actions for Enterprise DLP
for more information on which data profile actions are supported.
|
Feature
|
Description
| Panorama | Strata Cloud Manager |
|---|---|---|---|
|
Custom data profile that can include all functionality of classic data patterns, and advanced detection methods such as
Exact Data Matching (EDM) or custom document types.
|
√
Configured on Strata Cloud Manager
|
√
| |
|
Audit logs for a comprehensive history of the changes that occurred across Enterprise DLP. They maintain a history of when data patterns and data profiles are created, updated, or
deleted.
|
√
Configured on Strata Cloud Manager
|
√
| |
|
Custom data profile that can include any combination of predefined, regular
expression (regex), or file property data patterns.
|
√
|
√
| |
|
The Data Asset Explorer provides comprehensive visibility into all sensitive files,
messages, and non-file based traffic, referred to as assets, detected by Enterprise DLP across your data security enforcement channels.
|
√
Viewed on Strata Cloud Manager
|
√
| |
|
Provides quantifiable metrics to measure the overall data risk for your
organization and gives administrators the ability to analyze and take preventative
action to strengthen your data risk security posture using the Data Risk
Dashboard.
| — |
√
| |
|
Enterprise DLP performs inline inspection of outbound emails to prevent
exfiltration of emails containing sensitive information using AI/ML powered data
detections.
|
—
|
√
| |
|
Use Endpoint DLP to prevent exfiltration of sensitive data to peripheral devices
such as USB devices, printers, and network shares, or to control access to them.
| — |
√
| |
|
Integrate Enterprise DLP with Cortex XSOAR to use Enterprise DLP
End User Alerting, granting your team members the ability to self-service temporary
exemptions for file uploads that match your data profiles.
|
√
Configured on Strata Cloud Manager
|
√
| |
|
End User Coaching allows you to display notifications to end users in the Access Experience User Interface (UI) when
they generate an Enterprise DLP or Endpoint DLP incident.
|
—
|
√
| |
| Enterprise DLP Migrator |
Use the Enterprise Data Loss Prevention (E-DLP) Migrator to migrate your Symantec DLP policy rules
and convert them into SaaS Security policy rules. This allows you to
quickly transition to Palo Alto Networks Enterprise DLP without the need to
manually recreate all your Security policy rules designed to prevent exfiltration of
sensitive data.
| — |
√
|
|
Connect an AWS storage bucket, Azure storage bucket, or SFTP server to Enterprise DLP to automatically store files scanned by tEnterprise DLP that
match your data profiles. After Enterprise DLP successfully stores a file, you
can download the file for further investigation.
|
√
Configured on Strata Cloud Manager
|
√
| |
|
Granular data profiles enhance your Enterprise Data Loss Prevention (E-DLP) detection capabilities
by allowing you to apply differentiated inline content inspection requirements and
response actions within the same Security policy rule. For example, you can use a
single granular data profile to block high-risk data patterns while alerting on
lower-risk ones, set varying log severities for different data profiles, and
selecting specific file types for each data profile included the granular data
profile.
|
√
Configured on Strata Cloud Manager
|
√
| |
|
Configure Internet Content Adaptation Protocol (ICAP) forwarding to integrate your
existing on-premises third party DLP solutions with Enterprise Data Loss Prevention (E-DLP).
|
√
Configured on Strata Cloud Manager
|
√
| |
|
Monitor sharing of sensitive passwords over chat-based applications. Enterprise DLP uses contextual messages to understand instances where a password
might have been shared. When Enterprise DLP detects that a password was shared,
a DLP Incident is generated that displays a snippet of the response containing the
password.
| — |
√
| |
|
Custom data profile that contains multiple nested data profiles that allows you to
consolidate the match criteria to prevent exfiltration of sensitive data to a single
data profile that can be used in a single Security policy rule.
|
√
Configured on Strata Cloud Manager
|
√
| |
| Configure Enterprise DLP data profiles to inspect non-file based traffic to prevent exfiltration of sensitive data through collaboration applications, web forms, Cloud applications, and social media. |
√
|
√
| |
|
Report false positive detections to Palo Alto Networks to improve Enterprise DLP detection accuracy for yourself and other Enterprise DLP
users. You report false positive detections against the DLP Incident where the false
positive detection occurred.
|
√
Configured on Strata Cloud Manager
|
√
| |
| Create a Log Forwarding profile to automatically forward Enterprise Data Loss Prevention (E-DLP) incident and audit syslogs to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or other automated ticketing systems. This enables your SOC Analysts and Incident admins to effectively triage, review, and resolve data security risks that occur in your organization. |
—
|
√
| |
|
Test the efficacy of your Enterprise Data Loss Prevention (E-DLP) data profiles before adding them
to your Security policy rule and pushing to your production NGFW and
Prisma Access tenants. This allows you to validate your data profiles against
a file containing known sensitive data to ensure accurate detection by Enterprise DLP.
|
√
Configured on Strata Cloud Manager
|
√
|