Review the new features introduces to Enterprise Data Loss Prevention (E-DLP) in October
2024.
New Features
Large file Support
Enterprise Data Loss Prevention (E-DLP) now supports large file inspection for the
following application:
Splunk
New Application Support
Enterprise Data Loss Prevention (E-DLP) now supports the following new application:
Grammarly
New GenAI Application Support
Enterprise Data Loss Prevention (E-DLP) now supports the following new GenAI
applications:
AI Chatting
Brandmark
Echowin
Frase
PlayHT
Quickchat
Regie AI
Simplified
Staccato
Typeface
Upload Inspection Support
Enterprise Data Loss Prevention (E-DLP) now supports upload traffic inspection for
the following application:
Microsoft Excel Web
Test an Enterprise DLP Data Profile Using Dry Run Mode
Test the efficacy of your Enterprise Data Loss Prevention (E-DLP) data profiles before adding them to your Security policy
rule and pushing them to your production NGFW and Prisma Access
tenants. This allows you to validate your data profiles against a file containing
known sensitive data to ensure accurate detection by Enterprise DLP. Testing
and fine-tuning your data profile match criteria before pushing them to your
production environment strengths your security posture by allowing you to
continuously iterate on your data patterns and profiles to identify and address gaps
in a controlled environment. You can run a test on a data profile currently being
configured or on an existing data profile. The data profile test results show a
high-level summary of the type of data profile you're testing, the number of
instances of High, Medium, and Low confidence detections, and snippets of the
sensitive data detected.
There are two types of test results Enterprise DLP can return:
Matched Test Result—Enterprise DLP returns a
Matched verdict and successfully detected
sensitive data matching the sensitive data match criteria configured in the
data profile. There are two types of matched test results:
Successful Test Result—Enterprise DLP successfully
detected all sensitive match criteria configured in the data
profile.
Partial Test Result—Enterprise DLP returns a
Matched verdict and successfully
detected some but not all sensitive match criteria configured in the
data profile.
No Match Test Result—Enterprise DLP returns a Not
Matched verdict result because Enterprise DLP did
not detect any sensitive data in the test file matching the sensitive data
match criteria configured in the data profile.
Forward Syslogs for Enterprise DLP Incidents
Syslogs are a standard log transport mechanism that enables aggregation of log data
from different network devices into a central repository for archiving, analysis,
and reporting. You can now create a Log Forwarding profile to automatically forward
Enterprise Data Loss Prevention (E-DLP) Data Security incident syslogs to your third-party
security information and event management (SIEM), Security Orchestration, and
Response (SOAR), or other automated ticketing systems. This enables your SOC
Analysts and Incident admins to integrate Enterprise DLP into established
workflows to effectively triage, review, and resolve data security risks that occur
in your organization. You can configure a single Log Forwarding profile for multiple
enforcement points or you can create a different Log Forwarding profile for each.
You can associate the same enforcement channel with multiple Log Forwarding
profiles.
Enterprise DLP forwards DLP incident syslogs over a UDP or TCP port, and
requires a persistent connection to your SIEM, SOAR, or ticketing system to forward
DLP incident syslogs. Enterprise DLP can only forward DLP incident syslogs
while successfully connected to your SIEM, SOAR, or ticketing system. Enterprise DLP automatically continues forwarding your Enterprise DLP
incident syslogs to your SIEM, SOAR, or ticketing system after connectivity is
restored. However, Enterprise DLP can't forward any syslogs generated while Enterprise DLP and your SIEM, SOAR, or ticketing system are disconnected.
