Managing large volumes of Enterprise Data Loss Prevention (E-DLP) incidents across multiple channels can make it challenging to locate specific incidents that require immediate attention. Sifting through hundreds or thousands of incidents to find those matching complex criteria such as excluding specific asset types, filtering by multiple channels, or combining severity levels with file patterns consumes valuable time and delays your incident response.

You can now use advanced filtering to construct sophisticated queries using SQL-like filter syntax. The advanced filter mode provides intelligent autocomplete suggestions for filter keys, operators, and values, so you can build complex queries such as:

Asset != 'http-put-post' AND Severity IN ('Critical', 'High')

Asset CONTAINS('pdf', 'txt') AND Channel = 'NGFW'

Enterprise Data Loss Prevention (E-DLP) now supports the following new applications:

New App Support—April 28, 2026

New App Support—April 17, 2026

Large File Support—April 10, 2026

Enterprise Data Loss Prevention (E-DLP) now supports the following for predefined data patterns:

ML-Augmentation for Existing Predefined Data Patterns—April 28, 2026

ML-Augmentation for Existing Predefined Data Patterns—April 2, 2026

Exact Data Matching (EDM) forEnterprise Data Loss Prevention (E-DLP) is an advanced detection tool designed to monitor and protect structured sensitive data, such as Social Security numbers, medical record numbers, and bank account info. To support global enterprises and regional compliance requirements, Enterprise DLP has expanded its EDM data set formats to include Hebrew script support.

The detection engine supports the full Hebrew alphabet, including the distinct "final form" (Sofiot) characters used at the end of words. This capability enables the detection engine to identify and protect personally identifiable information (PII) written in Hebrew script, such as names and other identifiable data. Additionally, Enterprise DLP recognizes regional identifiers unique to the Israeli market, such as the New Israeli Shekel (ILS/NIS, ₪) in various symbol and code formats. Enterprise DLP also supports Israeli vehicle license plates in both 7-digit legacy (XX-XXX-XX) and current 8-digit (XXX-XX-XXX) formats. This expanded support is critical for organizations in sectors such as insurance, fleet management, and law enforcement that handle sensitive Israeli data and require consistent protection across email, web, and file transfers.

While this expanded support improves regional coverage, certain limitations apply to the current Hebrew script support. Date processing is restricted to Gregorian numeric formats; traditional Hebrew calendar months and years are not currently supported. Similarly, email address detection remains limited to Latin script, and regional identity identifiers continue to follow USA-specific formats.

Centralized Audit Logging addresses the critical need for complete visibility into administrative activities and configuration changes by comprehensively capturing all Create, Read, Update, and Delete (CRUD) operations within Enterprise Data Loss Prevention (E-DLP). This ensures that your data security administrators can track every action performed across Enterprise DLP on Strata Cloud Manager, APIs, and automated systems, providing the detailed audit trail necessary for compliance, security forensics, and operational accountability.

With Centralized Audit Logging, your data security administrators can monitor all administrative changes with rich metadata that includes user identity, timestamp, access channel, and specific actions performed. Enterprise DLP captures detailed information about asset exploration, incident management, profile configurations, pattern creation, and numerous other operational events without including sensitive data. Your data security administrators can export this data manually CSV format or use automated exports using API and syslog integration for ingestion into your existing SIEM or compliance platforms.

Centralized Audit Logging enables your data security administrators to easily demonstrate regulatory compliance, investigate security incidents, or maintain operational accountability within your organization. The robust search and filtering functionality enables them to quickly locate specific events by channel, action type, date, user, or object type, enabling efficient analysis of administrative activities. Enterprise DLP supports high-volume environments, handling up to 250,000 events per Enterprise DLP tenant per day.

Sophisticated threat actors often bypass traditional content-based data loss prevention (DLP) controls by embedding sensitive information within file names, exploiting a critical blind spot in data security. The Enterprise Data Loss Prevention (E-DLP) File Name Detection capability solves this security gap by extending Enterprise DLP detection capabilities directly to file names for sensitive patterns such as credit card numbers, Social Security numbers, and other personally identifiable information (PII).

By expanding detection to include both file contents and file names for custom data profiles, Enterprise DLP strengthens your organization's data security posture against sophisticated data exfiltration techniques. File Name Detection provides cumulative detection across both data locations, meaning any matches found in either the content or the file name contribute immediately to triggering your Security policy rule. This comprehensive approach, applied uniformly across inline Enterprise DLP, Email DLP, and Endpoint DLP, ensures that security teams maintain full visibility and control.

You can now detect and control files based on their true file type and size to protect intellectual property and enforce granular DLP policies across your organization. Malicious users can rename file extensions to disguise sensitive files such as CAD drawings, source code, or encrypted archives, and large files can require different policy treatment than smaller ones. The new File Size and File Type properties in Enterprise Data Loss Prevention (E-DLP) File Property data patterns solve these challenges by giving you signature-based file identification and size-aware policy enforcement.

The File Property data pattern now supports two new properties:

Both properties are available across all Enterprise DLP channels, including inline, Email DLP, Endpoint DLP, and SaaS API scanning.

Sensitive data can bypass your data loss prevention controls when embedded in file metadata fields such as document titles, author names, subjects, and comments. Without visibility into these areas, you risk data exfiltration through channels that traditional content scanning does not reach. Metadata Inspection for Enterprise Data Loss Prevention (E-DLP) closes this gap by extracting and scanning freeform text metadata fields against the data patterns configured in your data profiles.

You can select Metadata as an inspection scope in your data profiles to scan metadata fields alongside or independently of document content, watermarks, and file names. By extending pattern-based detection to metadata, you gain comprehensive coverage over sensitive data in areas that are often overlooked, helping you enforce consistent security policies and reduce exfiltration risk across your network.

Sensitive data often leaks inadvertently through an app URL when identifiers like employee IDs or financial details appear in query parameters. If you don't inspect your app traffic URL, it can persist in browser history or server logs and create significant compliance risks and unauthorized access points.

With Enterprise Data Loss Prevention (E-DLP) URL Inspection, you can now inspect outbound HTTP traffic for sensitive data. The feature specifically targets HTTP PUT and POST requests, extracting the full URL path and query parameters to detect sensitive data embedded directly within the app URL. By evaluating traffic against custom and predefined regex patterns, data dictionaries, and Exact Data Matching (EDM) datasets, you can identify and block requests that contain sensitive data. This granular visibility enables your security administrators to enforce strict data governance policies, ensuring that critical information does not leave your network through web requests.

Sensitive data can easily bypass traditional data loss prevention controls when hidden in non-content areas like file watermarks or metadata fields. If your security policies focus solely on the body text of documents, you risk leaving critical information exposed in headers, comments, or property fields. Watermark Inspection addresses this gap by allowing Enterprise Data Loss Prevention (E-DLP) extract and inspect text from native text-based watermarks and specific metadata fields and evaluate them against the data patterns configured in your data profiles.

The feature supports Microsoft Word, Excel, PowerPoint, and PDF formats, as well as Google Docs. It specifically targets elements like document titles, author fields, subjects, and comments. By expanding visibility into these previously uninspected areas, your administrators can apply comprehensive data protection controls and detect hidden leaks that would otherwise go unnoticed in your network.