New Features by Month - Enterprise DLP - June 2025

Enterprise Data Loss Prevention (E-DLP) expanded support for existing regions for services such as Evidence Storage and syslog forwarding.

• Switzerland—34.65.89.231

Enterprise Data Loss Prevention (E-DLP) now supports configuring Internet Content Adaptation Protocol (ICAP) forwarding to allow you to integrate your existing on-premise DLP solutions with Enterprise Data Loss Prevention (E-DLP) . This feature caters to organizations, especially in sectors like finance, that need to maintain their legacy DLP systems while embracing cloud security strategies. With ICAP support, you can configure Enterprise DLP to forward inspected files to your on-premise ICAP server for further inspection, while still leveraging the advanced inline ML-based detections offered by Enterprise DLP . This one-way integration ensures all files matching your inline Enterprise DLP match criteria are transmitted to your configured ICAP server, allowing your existing DLP solution to perform its analysis. Concurrently, Enterprise DLP conducts its own inspection and policy enforcement, providing comprehensive data protection. By configuring ICAP for Enterprise DLP, you can maintain compliance with specific regulations, smoothly transition to cloud-based security, and compare detection results across both systems. This approach allows you to confidently adopt SASE technologies while preserving the value of your existing DLP investments, ultimately strengthening your overall data protection strategy and facilitating a future migration to the cloud-native Enterprise DLP .

Auth code-based activation for Enterprise Data Loss Prevention (E-DLP) creates significant challenges in policy rule enforcement and synchronization consistency. Without tenant service group (TSG) selection capability, enterprises can’t leverage existing Enterprise DLP data patterns and profiles across their data security enforcement points, resulting in fragmented policy rule enforcement.

You now activate the Enterprise Data Loss Prevention (E-DLP) license for NGFW and VM-Series firewalls managed by either Panorama or Strata Cloud Manager using a magic link rather than using an auth code. The new magic link activation flow resolves these pain points by allowing you to select a specific TSG during activation to enable a shared Enterprise DLP configuration between your NGFW, Prisma Access tenants, and VM-Series firewalls. This unified approach supports multiple deployment scenarios, including single or multiple TSGs rolling up to one CSP and hybrid environments with various enforcement points. Additionally, it gives your data security admins the flexibility to disassociate and reassociate Enterprise DLP licenses between enforcement points as your needs change.