October 2024
Focus
Focus
Enterprise DLP

October 2024

Table of Contents

October 2024

Review the new features introduces to Enterprise Data Loss Prevention (E-DLP) in October 2024.
New Features
Large file Support
Enterprise Data Loss Prevention (E-DLP) now supports large file inspection for the following application:
  • Splunk
New Application Support
Enterprise Data Loss Prevention (E-DLP) now supports the following new application:
  • Grammarly
New GenAI Application Support
Enterprise Data Loss Prevention (E-DLP) now supports the following new GenAI applications:
  • AI Chatting
  • Brandmark
  • Echowin
  • Frase
  • PlayHT
  • Quickchat
  • Regie AI
  • Simplified
  • Staccato
  • Typeface
Upload Inspection Support
Enterprise Data Loss Prevention (E-DLP) now supports upload traffic inspection for the following application:
  • Microsoft Excel Web

Test an Enterprise DLP Data Profile Using Dry Run Mode

Test the efficacy of your Enterprise Data Loss Prevention (E-DLP) data profiles before adding them to your Security policy rule and pushing them to your production NGFW and Prisma Access tenants. This allows you to validate your data profiles against a file containing known sensitive data to ensure accurate detection by Enterprise DLP. Testing and fine-tuning your data profile match criteria before pushing them to your production environment strengths your security posture by allowing you to continuously iterate on your data patterns and profiles to identify and address gaps in a controlled environment. You can run a test on a data profile currently being configured or on an existing data profile. The data profile test results show a high-level summary of the type of data profile you're testing, the number of instances of High, Medium, and Low confidence detections, and snippets of the sensitive data detected.
There are two types of test results Enterprise DLP can return:
  • Matched Test ResultEnterprise DLP returns a Matched verdict and successfully detected sensitive data matching the sensitive data match criteria configured in the data profile. There are two types of matched test results:
    • Successful Test ResultEnterprise DLP successfully detected all sensitive match criteria configured in the data profile.
    • Partial Test ResultEnterprise DLP returns a Matched verdict and successfully detected some but not all sensitive match criteria configured in the data profile.
  • No Match Test ResultEnterprise DLP returns a Not Matched verdict result because Enterprise DLP did not detect any sensitive data in the test file matching the sensitive data match criteria configured in the data profile.

Forward Syslogs for Enterprise DLP Incidents

Syslogs are a standard log transport mechanism that enables aggregation of log data from different network devices into a central repository for archiving, analysis, and reporting. You can now create a Log Forwarding profile to automatically forward Enterprise Data Loss Prevention (E-DLP) Data Security incident syslogs to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or other automated ticketing systems. This enables your SOC Analysts and Incident admins to integrate Enterprise DLP into established workflows to effectively triage, review, and resolve data security risks that occur in your organization. You can configure a single Log Forwarding profile for multiple enforcement points or you can create a different Log Forwarding profile for each. You can associate the same enforcement channel with multiple Log Forwarding profiles.
Enterprise DLP forwards DLP incident syslogs over a UDP or TCP port, and requires a persistent connection to your SIEM, SOAR, or ticketing system to forward DLP incident syslogs. Enterprise DLP can only forward DLP incident syslogs while successfully connected to your SIEM, SOAR, or ticketing system. Enterprise DLP automatically continues forwarding your Enterprise DLP incident syslogs to your SIEM, SOAR, or ticketing system after connectivity is restored. However, Enterprise DLP can't forward any syslogs generated while Enterprise DLP and your SIEM, SOAR, or ticketing system are disconnected.