New Features by Month - Enterprise DLP - October 2024

Security Operations Center (SOC) analysts and incident administrators require streamlined, automated workflows to effectively triage, review, and resolve data security risks. Enterprise Data Loss Prevention (E-DLP) now supports syslog forwarding to enable your data security administrators to integrate Enterprise DLP into your organization’s automatic incident integration within your established security operations platforms. Your data security administrator can create a Log Forwarding profile to automatically forward DLP incident syslogs to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or other automated ticketing systems.

Enterprise DLP syslog forwarding provides substantial flexibility for large organizations. Your data security administrators can configure a single Log Forwarding profile for multiple enforcement points, or conversely, create a different Log Forwarding profile for each channel. They can also associate the same enforcement channel with multiple Log Forwarding profiles.

Enterprise DLP forwards DLP incident syslogs over a UDP or TCP port and requires a persistent connection to the receiving endpoint (SIEM, SOAR, or ticketing system). While Enterprise DLP automatically continues forwarding incident syslogs after connectivity is restored, the system cannot forward any syslogs that were generated during the period of disconnection. This integration into established systems allows teams to quickly incorporate data security risks into their operational cadence.

Enterprise Data Loss Prevention (E-DLP) introduced new app support for the following:

• Large File Support

  Enterprise Data Loss Prevention (E-DLP) now supports large file inspection for Splunk.

• New GenAI Application Support

  Enterprise Data Loss Prevention (E-DLP) now supports the following new GenAI applications:

  • AI Chatting

  • Brandmark

  • Echowin

  • Frase

  • PlayHT

  • Quickchat

  • Regie AI

  • Simplified

  • Staccato

  • Typeface

• New Application Support

  Enterprise Data Loss Prevention (E-DLP) now supports Grammarly.

• Upload Inspection Support

  Enterprise Data Loss Prevention (E-DLP) now supports upload traffic inspection for Microsoft Excel Web.

To strengthen your organization's data security posture, data security administrators continuously iterate on data security policies to test and identify detection gaps in a controlled environment. Now, Enterprise Data Loss Prevention (E-DLP) enables your data security administrators to test the efficacy of your data profiles before adding them to your Security policy rule and pushing them to your production enforcement points. Testing allows your data security administrators to validate your data profiles against a file containing known sensitive data to ensure accurate detection by Enterprise DLP . Data Security administrators can run a test on a data profile currently being configured or on an existing data profile. The data profile test results show a high-level summary of the type of data profile you're testing, the number of instances of High, Medium, and Low confidence detections, and snippets of the sensitive data detected.

There are two types of test results Enterprise DLP can return:

• Matched Test Result — Enterprise DLP returns a Matched verdict and successfully detected sensitive data matching the sensitive data match criteria configured in the data profile. There are two types of matched test results:

  • Successful Test Result — Enterprise DLP successfully detected all sensitive match criteria configured in the data profile.

  • Partial Test Result — Enterprise DLP returns a Matched verdict and successfully detected some but not all sensitive match criteria configured in the data profile.

• No Match Test Result — Enterprise DLP returns a Not Matched verdict result because Enterprise DLP did not detect any sensitive data in the test file matching the sensitive data match criteria configured in the data profile.