July 2025
Focus
Focus
Enterprise DLP

July 2025

Table of Contents

July 2025

Review the new features introduced to Enterprise Data Loss Prevention (E-DLP) in July 2025.

New Region Support for EDM

July 17, 2025
Enterprise Data Loss Prevention (E-DLP) now supports multiple new regions outside of the United States for Exact Data Matching (EDM) data set uploads. This addresses the regulatory challenge of storing sensitive data within specific geographic boundaries. Previously, Palo Alto Networks stores all EDM data sets exclusively in the US West-2 storage bucket. While Palo Alto Networks ensured General Data Protection Regulation (GDPR) compliance by hashing and encrypting EDM data sets before upload to the Enterprise DLP EDM data set storage bucket, this still presents compliance obstacles for organizations operating under regional data sovereignty regulations. The support for new EDM regions requires EDM CLI app version 4.0 or later release.
With the new region for EDM data set uploads, you can now specify the specific geographic region where Enterprise DLP stores the EDM data set uploads. When uploading data sets through the EDM CLI app, you specify your preferred region when you configure the upload_config.properties file, or you can specify a region when uploading an EDM data set using Interactive mode.
Support for new regions for EDM data set uploads is valuable if your organization operates in regions with strict data protection laws, such as GDPR in Europe, where personal data must remain within approved jurisdictions. While enabling regional data storage, the feature also supports cross-boundary scanning when necessary, allowing your data security controls to function seamlessly across your entire organization while maintaining compliance with data residency requirements.
Additionally with the release of EDM CLI app version 4.0, Enterprise DLP no longer supports authentication and connectivity using an authentication token. EDM CLI app version 4.0 and later releases support EDM CLI app authentication and connectivity using only the Client ID and Client Secret.

Custom Routing for Email DLP

July 24, 2025
Data security administrators face a critical challenge when an organization runs complex email security architectures that extend beyond Microsoft and Google Cloud environments. Traditional Email DLP solutions force you to choose between comprehensive data protection and maintaining your existing multivendor security investments, leaving dangerous gaps where sensitive data can leak or spoofing attacks can succeed.
Custom Routing for Email DLP enables your data security administrators to integrate Email DLP into any email infrastructure. You can now deploy Enterprise Data Loss Prevention (E-DLP) scanning within SMTP relay chains that include third-party security products like Proofpoint or Mimecast, on-premises Exchange servers, or hybrid cloud environments. Custom routing enables your data security administrators to configure specific next-hop mail servers and custom ports for each domain in your organization, ensuring emails flow correctly through your established security chain while receiving comprehensive Enterprise DLP scanning. By using custom routing, you gain robust antispoofing protection through dual validation mechanisms. Email DLP can restrict email acceptance to authorized source IP addresses, supporting up to 20 IP addresses or subnets.
Comprehensive audit logging tracks all configuration changes, providing the compliance visibility you need for regulatory requirements. With custom routing, you can implement Email DLP without disrupting your existing email security investments or requiring extensive infrastructure changes, protecting sensitive data across your entire email ecosystem while maintaining the multilayered security approach your organization has already established.

Unified Incident Management and Response

July 28, 2025
Unified Incident Management and Response for Enterprise Data Loss Prevention (E-DLP) offers a powerful, unified solution for handling security incidents across your organization. This comprehensive management and response dashboard includes incidents generated from SaaS Security Inline, Endpoint DLP, Email DLP, Data Security, and Prisma Access Browser to provide your security administrators a centralized view of all incidents across your data security enforcement channels. You can efficiently filter, prioritize, and respond to threats using customizable dashboards and automated case management. The feature streamlines your investigation process, expedites response and remediation, and integrates with third-party notification and ticketing systems. The Unified Incident Management and Response offers improved incident handling times to quickly address data security incidents. Security administrators and SOC teams can assign, escalate, and collaborate on incidents effectively, with support for bulk incident response and automated prioritization. The detailed incident triage capabilities help you significantly reduce the mean time to detect and respond to threats. This eases the operational challenges of managing data security incidents in complex environments, maintain compliance, protect sensitive data, and continually enhance your security posture. The system's flexibility allows for future expansion to include additional modules, ensuring you stay ahead of evolving security threats.